Find your solution!

SantinoBee · 07-Nov-2009, 06:18 PM #1

Hi, My google searching is all wrong!!

When I search and click something it takes me to a series of *wrong* pages.. more search pages, websites etc. If I go back and click the link, then the wrong page, back repeat, back repeat, then I get the right page.
This is my hijack this log, I hope someone can tell me what the problem is.. or WHERE the problem is!

Thanks.
____________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:43 PM, on 07/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Webshots\webshots.scr
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Prevx\prevx.exe
C:\Users\SantinoBee\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?ui=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 11878 bytes

SantinoBee · 26-Nov-2009, 02:20 PM #2

Any help? Please... I don't know what to do with this, it's driving me nuts.

NeonFx · 26-Nov-2009, 03:10 PM #3

Hello there

Welcome to the TSG Forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

The fixes are specific to your problem and should only be used on this machine.
Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Step 1

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - Desktop Components
- Reg - Disabled MS Config Items
- Reg - NetSvcs
- Reg - Shell Spawning
- Reg - Uninstall List
- File - Lop Check
- File - Purity Scan
- Evnt - EvtViewer (last 10)
Please copy the following into the Custom Scans box at the bottom

Code:

%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\si3112.sys /s /md5
%SYSTEMDRIVE%\viadsk.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys  /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5

Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)

Step 2

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.
In the Write to log box select All items.
Place a checkmark next to Hidden Objects Only
Click on the Create Log button on the bottom right.
After a few seconds a new Window should appear.
Make sure Scan all drives is selected and click on the Start button.
(Unless you have a floppy drive. In this case, please use "Scan Root Drive Only" and press Start)
When it is complete a new Window will appear to indicate that the scan is finished.
The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

SantinoBee · 26-Nov-2009, 06:00 PM #4

[code]
OTS logfile created on: 26/11/2009 6:40:03 PM - Run 1
OTS by OldTimer - Version 3.1.7.0 Folder = C:\Users\SantinoBee\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16473)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

501.56 Mb Total Physical Memory | 177.51 Mb Available Physical Memory | 35.39% Memory free
1.90 Gb Paging File | 0.66 Gb Available in Paging File | 34.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33.51 Gb Total Space | 5.23 Gb Free Space | 15.61% Space Free | Partition Type: NTFS
Drive D: | 33.21 Gb Total Space | 12.81 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: SantinoBee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\SantinoBee\Desktop\OTS.exe -> [2009/11/26 16:17:57 | 00,526,848 | ---- | M] (OldTimer Tools)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/08/07 11:39:18 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
wmiprvse.exe -> C:\Windows\System32\wbem\WmiPrvSE.exe -> [2009/05/29 14:02:18 | 00,247,296 | ---- | M] (Microsoft Corporation)
tmrubottedtray.exe -> C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe -> [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.)
webshots.scr -> C:\Program Files\Webshots\Webshots.scr -> [2008/03/24 16:48:52 | 03,310,928 | ---- | M] (Webshots.com)
pifsvc.exe -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2007/06/13 09:44:11 | 00,625,152 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2007/04/11 15:21:15 | 01,006,264 | ---- | M] (Microsoft Corporation)
ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation)
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2007/01/05 13:04:10 | 00,554,616 | ---- | M] (Symantec Corporation)
epowersvc.exe -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2006/12/01 12:34:16 | 00,131,072 | ---- | M] (acer)
elockserv.exe -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/11/30 21:39:10 | 00,024,576 | ---- | M] (Acer Inc.)
mobilityservice.exe -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 15:57:54 | 00,107,008 | ---- | M] ()
appsvc32.exe -> C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -> [2006/11/20 23:43:42 | 00,046,736 | ---- | M] (Symantec Corporation)
enet service.exe -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/11/20 23:43:08 | 00,118,784 | ---- | M] (Acer Inc.)
clcapsvc.exe -> C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [2006/11/18 08:58:00 | 00,254,050 | ---- | M] ()
clsched.exe -> C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [2006/11/18 08:58:00 | 00,114,784 | ---- | M] ()
pcmservice.exe -> C:\Program Files\Acer\Acer Arcade\PCMService.exe -> [2006/11/18 08:57:34 | 00,151,552 | ---- | M] (CyberLink Corp.)
clmlserver.exe -> C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> [2006/11/18 08:56:50 | 01,073,152 | ---- | M] (Cyberlink)
edsloader.exe -> C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> [2006/11/17 10:26:58 | 00,453,120 | ---- | M] (HiTRUST)
erecoveryservice.exe -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/11/16 18:35:18 | 00,045,056 | ---- | M] (Acer Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2006/11/16 01:45:30 | 00,815,104 | ---- | M] (Synaptics, Inc.)
capuserv.exe -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2006/11/13 02:13:10 | 00,024,576 | ---- | M] ()
hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2006/11/05 20:05:32 | 00,106,496 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2006/11/05 20:02:18 | 00,081,920 | ---- | M] (Intel Corporation)
sdclt.exe -> C:\Windows\System32\sdclt.exe -> [2006/11/02 07:35:02 | 01,192,960 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 07:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2006/11/02 07:34:59 | 00,201,728 | ---- | M] (Microsoft Corporation)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2006/11/02 04:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2006/11/02 04:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation)
audiodg.exe -> C:\Windows\System32\audiodg.exe -> [2006/11/02 04:44:50 | 00,088,064 | ---- | M] (Microsoft Corporation)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 00:10:12 | 00,009,216 | ---- | M] (Agere Systems)
calmain.exe -> C:\Program Files\Canon\CAL\CALMAIN.exe -> [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.)
richvideo.exe -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2005/01/21 06:37:16 | 00,143,360 | ---- | M] ()

[Modules - Safe List]
ots.exe -> C:\Users\SantinoBee\Desktop\OTS.exe -> [2009/11/26 16:17:57 | 00,526,848 | ---- | M] (OldTimer Tools)
msvcr80.dll -> C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_no ne_d08d7bba442a9b36\msvcr80.dll -> [2009/03/07 13:32:55 | 00,635,904 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_no ne_d08d7bba442a9b36\msvcp80.dll -> [2009/03/07 13:32:55 | 00,558,080 | ---- | M] (Microsoft Corporation)
sysenv.dll -> C:\Windows\System32\sysenv.dll -> [2006/11/16 21:10:14 | 00,286,720 | ---- | M] (HiTRUST)
msnchathook.dll -> C:\Windows\System32\MSNChatHook.dll -> [2006/11/16 15:19:10 | 00,037,376 | ---- | M] ()
showerrmsg.dll -> C:\Windows\System32\ShowErrMsg.dll -> [2006/11/16 15:18:50 | 00,063,488 | ---- | M] ()
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/07 13:33:44 | 00,069,632 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/06/19 20:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 20:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/06/16 11:30:32 | 00,137,200 | ---- | M] (Google)
(LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Stopped] -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation)
(Symantec Core LC) Symantec Core LC [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2008/01/21 23:23:16 | 01,252,232 | ---- | M] ()
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [On_Demand | Stopped] -> C:\Program Files\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2007/04/11 15:21:15 | 00,265,912 | ---- | M] (Microsoft Corporation)
(SoundMovieServer) SoundMovieServer [On_Demand | Stopped] -> C:\Windows\System32\snmvtsvc.exe -> [2007/03/23 18:34:40 | 00,184,320 | ---- | M] (SoundMovieServer)
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation)
(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation)
(ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2007/01/09 21:59:32 | 00,108,648 | ---- | M] (Symantec Corporation)
(LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -> [2007/01/05 13:04:10 | 02,918,008 | ---- | M] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2007/01/05 13:04:10 | 00,554,616 | ---- | M] (Symantec Corporation)
(WMIService) ePower Service [Auto | Running] -> C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -> [2006/12/01 12:34:16 | 00,131,072 | ---- | M] (acer)
(eLockService) eLock Service [Auto | Running] -> C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -> [2006/11/30 21:39:10 | 00,024,576 | ---- | M] (Acer Inc.)
(MobilityService) MobilityService [Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2006/11/24 15:57:54 | 00,107,008 | ---- | M] ()
(SymAppCore) Symantec AppCore Service [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -> [2006/11/20 23:43:42 | 00,046,736 | ---- | M] (Symantec Corporation)
(eNet Service) eNet Service [Auto | Running] -> C:\Acer\Empowering Technology\eNet\eNet Service.exe -> [2006/11/20 23:43:08 | 00,118,784 | ---- | M] (Acer Inc.)
(comHost) COM Host [On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -> [2006/11/20 23:42:52 | 00,049,296 | ---- | M] (Symantec Corporation)
(ISPwdSvc) Symantec IS Password Validation [On_Demand | Stopped] -> C:\Program Files\Norton Internet Security\isPwdSvc.exe -> [2006/11/20 23:42:12 | 00,080,552 | ---- | M] (Symantec Corporation)
(CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running] -> C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -> [2006/11/18 08:58:00 | 00,254,050 | ---- | M] ()
(CLSched) CyberLink Task Scheduler (CTS) [Auto | Running] -> C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -> [2006/11/18 08:58:00 | 00,114,784 | ---- | M] ()
(CyberLink Media Library Service) CyberLink Media Library Service [Auto | Running] -> C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -> [2006/11/18 08:56:50 | 01,073,152 | ---- | M] (Cyberlink)
(eRecoveryService) eRecovery Service [Auto | Running] -> C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> [2006/11/16 18:35:18 | 00,045,056 | ---- | M] (Acer Inc.)
(eSettingsService) eSettings Service [Auto | Running] -> C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -> [2006/11/13 02:13:10 | 00,024,576 | ---- | M] ()
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2006/11/02 07:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/10/19 16:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 00:10:12 | 00,009,216 | ---- | M] (Agere Systems)
(CCALib8) Canon Camera Access Library 8 [Auto | Running] -> C:\Program Files\Canon\CAL\CALMAIN.exe -> [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Auto | Running] -> C:\Program Files\CyberLink\Shared Files\RichVideo.exe -> [2005/01/21 06:37:16 | 00,143,360 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\athr.sys -> [2008/05/07 09:55:22 | 00,767,488 | ---- | M] (Atheros Communications, Inc.)
(IDSvix86) Symantec Intrusion Prevention Driver [Kernel | System | Running] -> C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070628.003\IDSvix86. sys -> [2007/05/30 16:53:21 | 00,212,280 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2007/04/05 14:36:28 | 00,115,000 | ---- | M] (Symantec Corporation)
(MovRVDrv32) MovRVDrv32 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\MovRVDrv32.sys -> [2007/04/03 15:56:28 | 00,002,688 | ---- | M] (Windows (R) 2000 DDK provider)
(MovRSDrv32) MovRSDrv32 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\MovRSDrv32.sys -> [2007/04/03 15:55:54 | 00,022,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\srtspl.sys -> [2007/03/27 16:11:42 | 00,276,792 | ---- | M] (Symantec Corporation)
(SRTSP) SRTSP [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\srtsp.sys -> [2007/03/27 16:11:42 | 00,247,608 | ---- | M] (Symantec Corporation)
(SRTSPX) SRTSPX [Kernel | System | Running] -> C:\Windows\System32\drivers\srtspx.sys -> [2007/03/27 16:11:42 | 00,025,400 | ---- | M] (Symantec Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2007/02/01 01:21:02 | 00,417,592 | ---- | M] (Symantec Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NTIDrvr.sys -> [2006/12/05 00:08:45 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2006/12/01 00:38:00 | 01,655,464 | ---- | M] (Realtek Semiconductor Corp.)
(SYMTDI) SYMTDI [Kernel | System | Running] -> C:\Windows\System32\Drivers\SYMTDI.SYS -> [2006/11/20 23:45:52 | 00,185,744 | ---- | M] (Symantec Corporation)
(SYMNDISV) SYMNDISV [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMNDISV.SYS -> [2006/11/20 23:45:52 | 00,037,008 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMREDRV.SYS -> [2006/11/20 23:45:52 | 00,026,384 | ---- | M] (Symantec Corporation)
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMFW.SYS -> [2006/11/20 23:45:50 | 00,144,784 | ---- | M] (Symantec Corporation)
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMIDS.SYS -> [2006/11/20 23:45:50 | 00,038,928 | ---- | M] (Symantec Corporation)
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\SYMDNS.SYS -> [2006/11/20 23:45:50 | 00,011,792 | ---- | M] (Symantec Corporation)
({2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}) {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD} [Kernel | Auto | Running] -> C:\Program Files\Acer\Acer Arcade\000.fcl -> [2006/11/18 08:57:32 | 00,006,656 | ---- | M] (Cyberlink Corp.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2006/11/16 01:45:28 | 00,179,896 | ---- | M] (Synaptics, Inc.)
(PSDNServ) PSDNSERVER [Kernel | Boot | Running] -> C:\Windows\system32\drivers\PSDNServ.sys -> [2006/11/10 17:21:16 | 00,007,936 | ---- | M] (HiTRUST)
(PSDFilter) PSDFilter [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\psdfilter.sys -> [2006/11/10 17:10:50 | 00,010,624 | ---- | M] (HiTRUST)
(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\yk60x86.sys -> [2006/11/08 20:52:32 | 00,194,560 | ---- | M] (Marvell)
(psdvdisk) psdvdisk [Kernel | Boot | Running] -> C:\Windows\system32\drivers\psdvdisk.sys -> [2006/11/08 18:11:30 | 00,053,760 | ---- | M] (HiTRUST)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\igdkmd32.sys -> [2006/11/05 21:29:14 | 01,473,024 | ---- | M] (Intel Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/10/04 22:39:40 | 01,161,152 | ---- | M] (Agere Systems)
(UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/08/28 05:30:04 | 00,013,952 | ---- | M] ()
(tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tifm21.sys -> [2006/07/06 00:44:00 | 00,168,448 | ---- | M] (Texas Instruments)
(sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\sscdbus.sys -> [2005/08/17 06:45:00 | 00,058,352 | ---- | M] (MCCI)
(int15) int15 [Kernel | Auto | Running] -> C:\Acer\Empowering Technology\eRecovery\int15.sys -> [2005/01/13 16:46:16 | 00,069,632 | ---- | M] ()
(QCDonner) Logitech QuickCam Express(PID_0840) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\lvcd.sys -> [2004/04/26 23:31:04 | 00,474,304 | ---- | M] (Logitech Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://en.us.acer.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.us.acer.yahoo.com ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"Default_Secondary_Page_URL" -> http://global.acer.com [binary data] ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"SEARCH PAGE" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={se...utf-8&fr=b1ie7 ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"Start Page" -> https://mail.google.com/mail/?ui=1 ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: Main\\"StartPageCache" -> 1 ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/11/07 14:56:02 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\hosts ->

SantinoBee · 26-Nov-2009, 06:01 PM #5

Reset Hosts
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKLM] -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Error: Value error.] -> [2006/11/20 23:45:08 | 00,096,984 | R--- | M] (Symantec Corporation)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKLM] -> C:\Windows\System32\ActiveToolBand.dll [ShowBarObj Class] -> [2006/11/16 15:20:26 | 00,299,008 | ---- | M] (HiTRUST)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 15:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> [2008/06/16 11:30:56 | 00,654,320 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/08/07 11:39:16 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2006/11/16 15:18:36 | 00,151,552 | ---- | M] (HiTRUST)
"{90222687-F593-4738-B738-FBEE9C7B26DF}" [HKLM] -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> [2006/11/20 23:45:10 | 00,565,960 | R--- | M] (Symantec Corporation)
"{C17590D2-ECB4-4b15-8820-F58798DCC118}" [HKLM] -> C:\Program Files\Webshots\WSToolbar4IE.dll [Webshots Toolbar] -> [2008/03/24 16:48:00 | 00,176,128 | ---- | M] (Webshots.com)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> C:\Windows\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> [2006/11/16 15:18:36 | 00,151,552 | ---- | M] (HiTRUST)
WebBrowser\\"{472734EA-242A-422B-ADF8-83D1E48CC825}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C17590D2-ECB4-4B15-8820-F58798DCC118}" [HKLM] -> C:\Program Files\Webshots\WSToolbar4IE.dll [Webshots Toolbar] -> [2008/03/24 16:48:00 | 00,176,128 | ---- | M] (Webshots.com)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acer Assist Launcher" -> C:\Program Files\Acer Assist\launcher.exe [C:\Program Files\Acer Assist\launcher.exe] -> [2006/12/04 16:05:16 | 01,261,568 | ---- | M] ()
"Acer Product Registration" -> C:\Program Files\Acer Registration\ACE1.exe ["C:\Program Files\Acer Registration\ACE1.exe" /startup] -> [2006/12/13 13:55:32 | 03,166,208 | ---- | M] (Leader Technologies)
"ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2007/01/09 21:59:52 | 00,115,816 | ---- | M] (Symantec Corporation)
"eDataSecurity Loader" -> C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe] -> [2006/11/17 10:26:58 | 00,453,120 | ---- | M] (HiTRUST)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2006/11/05 20:05:32 | 00,106,496 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2006/11/05 20:02:32 | 00,098,304 | ---- | M] (Intel Corporation)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2006/11/22 02:29:00 | 07,757,824 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\Windows\System32\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2006/11/22 02:29:00 | 00,081,920 | ---- | M] (NVIDIA Corporation)
"NvSvc" -> C:\Windows\System32\nvsvc.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> [2006/11/22 02:29:00 | 00,090,191 | ---- | M] (NVIDIA Corporation)
"osCheck" -> C:\Program Files\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> [2006/11/20 23:42:16 | 00,022,696 | ---- | M] (Symantec Corporation)
"PCMService" -> C:\Program Files\Acer\Acer Arcade\PCMService.exe ["C:\Program Files\Acer\Acer Arcade\PCMService.exe"] -> [2006/11/18 08:57:34 | 00,151,552 | ---- | M] (CyberLink Corp.)
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2006/11/05 20:02:18 | 00,081,920 | ---- | M] (Intel Corporation)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/08/07 11:39:18 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"Symantec PIF AlertEng" -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> [2008/01/29 16:38:31 | 00,583,048 | ---- | M] (Symantec Corporation)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/11/16 01:45:30 | 00,815,104 | ---- | M] (Synaptics, Inc.)
"TMRUBottedTray" -> C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe ["C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"] -> [2008/11/06 11:33:56 | 00,288,088 | ---- | M] (Trend Micro Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2007/04/11 15:21:15 | 01,006,264 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/03/31 06:47:19 | 01,232,896 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 07:34:06 | 02,159,104 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/03/31 06:47:19 | 01,232,896 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2006/11/02 07:34:06 | 02,159,104 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> [2005/08/11 17:30:30 | 00,249,856 | ---- | M] (Macrovision Corporation)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2008/06/16 11:30:56 | 00,068,856 | ---- | M] (Google Inc.)
"updateMgr" -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9] -> [2006/03/30 15:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syste m\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Webshots Photo Search -> C:\Program Files\Webshots\WSToolbar4IE.dll [res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM] -> [2008/03/24 16:48:00 | 00,176,128 | ---- | M] (Webshots.com)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPre fix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

SantinoBee · 26-Nov-2009, 06:02 PM #6

Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\] > -> HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-3387613539-523817860-136717515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.2.1 24.200.241.37 24.201.245.77 24.200.243.189 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapt ers\ ->
{87232C37-EDB3-41C8-B311-36250DBD0124}\\DhcpNameServer -> 192.168.2.1 24.200.241.37 24.201.245.77 24.200.243.189 (Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller) ->
{FCF137FD-20A8-4C1B-A28F-DFD020BD086C}\\DhcpNameServer -> 192.168.2.1 24.200.241.37 24.201.245.77 24.200.243.189 (Atheros AR5005G Wireless Network Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2006/11/05 20:00:48 | 00,212,992 | ---- | M] (Intel Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 16:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
FastUserSwitchingCompatibility -> [] ->
Ias -> [] ->
Irmon -> [] ->
Nla -> [] ->
Ntmssvc -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
SRService -> [] ->
Wmi -> [] ->
WmdmPmSp -> [] ->
LogonHours -> [] ->
PCAudit -> [] ->
helpsvc -> [] ->
uploadmgr -> [] ->
*MultiFile Done* -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
chm.file [open] -> "%SystemRoot%\hh.exe" %1 ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 04:44:59 | 00,211,968 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* ->
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 04:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 00,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome -> [2007/06/13 09:44:11 | 00,625,152 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2007/06/13 09:44:11 | 00,625,152 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> File not found
https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> File not found
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2006/11/02 04:45:14 | 00,011,776 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 04:44:42 | 00,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 04:44:59 | 00,320,000 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> [2007/05/14 17:23:58 | 01,137,664 | ---- | M] (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> [2007/05/14 17:23:58 | 01,137,664 | ---- | M] (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" -> [2007/05/14 17:23:58 | 01,137,664 | ---- | M] (Nullsoft)
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/05/29 15:50:32 | 02,923,520 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 -> [2007/06/13 09:44:11 | 00,625,152 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2007/06/13 09:44:11 | 00,625,152 | ---- | M] (Microsoft Corporation)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0409969E-BEFB-44D3-90B9-63BE50FBAE5E} -> TIPCI
{11316260-6666-467B-AC34-183FCB5D4335} -> Acer Mobility Center Plug-In
{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3} -> Acer eLock Management
{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} -> NTI CD & DVD-Maker
{184E7118-0295-43C4-B72C-1D54AA75AAF7} -> Windows Live Mail
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{2637C347-9DAD-11D6-9EA2-00055D0CA761} -> Acer Arcade
{26A24AE4-039D-4CA4-87B4-2F83216015FF} -> Java(TM) 6 Update 15
{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} -> SymNet
{2EA870FA-585F-4187-903D-CB9FFD21E2E0} -> DHTML Editing Component
{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} -> ccCommon
{48185814-A224-447A-81DA-71BD20580E1B} -> Norton Internet Security
{4843B611-8FCB-4428-8C23-31D0A5EAE164} -> Norton Confidential Browser Component
{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0} -> ArcSoft PhotoStudio 5.5
{508CE775-4BA4-4748-82DF-FE28DA9F03B0} -> Windows Live Messenger
{58E5844B-7CE2-413D-83D1-99294BF6C74F} -> Acer ePower Management
{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} -> Norton Internet Security
{67ADE9AF-5CD9-4089-8825-55DE4B366799} -> NTI Backup NOW! 4.7
{6AB65503-3D7E-4CCC-BA14-159DE1DCE11B} -> Symantec Real Time Storage Protection Component
{77772678-817F-4401-9301-ED1D01A8DA56} -> SPBBC 32bit
{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC} -> Acer ScreenSaver
{830D8CBD-C668-49e2-A969-C2C2106332E0} -> Norton AntiVirus
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{90850409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Word Viewer 2003
{9422C8EA-B0C6-4197-B8FC-DC797658CA00} -> Windows Live Sign-in Assistant
{94389919-B0AA-4882-9BE8-9F0B004ECA35} -> Acer Tour
{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} -> Norton Protection Center
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable
{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} -> Windows Live installer
{AB6097D9-D722-4987-BD9E-A076E2848EE2} -> Acer Empowering Technology
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9
{AEEAE013-92F1-4515-B278-139F1A692A35} -> Acer eDataSecurity Management
{B7C61755-DB48-4003-948F-3D34DB8EAF69} -> MSRedist
{BF839132-BD43-4056-ACBF-4377F4A88E2A} -> Acer ePresentation Management
{C06554A1-2C1E-4D20-B613-EE62C79927CC} -> Acer eNet Management
{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} -> WinZip 11.1
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{CE65A9A0-9686-45C6-9098-3C9543A412F0} -> Acer eSettings Management
{D353CC51-430D-4C6F-9B7E-52003DA1E05A} -> Norton Confidential Web Protection Component
{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} -> LiveUpdate Notice (Symantec Corporation)
{E1180142-3B31-4DCC-9D27-7AC2D37662BF} -> LightScribe 1.4.124.1
{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} -> Norton Internet

SantinoBee · 26-Nov-2009, 06:02 PM #7

Security
{E5EE9939-259F-4DE2-8023-5C49E16A4F43} -> Norton Internet Security
{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} -> AppCore
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F4DB525F-A986-4249-B98B-42A8066251CA} -> AV
Acer Assist -> Acer Assist
Acer Registration -> Acer Registration
Advanced WMA Workshop_is1 -> Advanced WMA Workshop version 2.3
Agere Systems Soft Modem -> Agere Systems HDA Modem
Borland Database Engine -> Borland Database Engine
CAL -> Canon Camera Access Library
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX
CSCLIB -> Canon Camera Support Core Library
DPP -> Canon Utilities Digital Photo Professional 2.1
EOS Utility -> Canon Utilities EOS Utility
GridVista -> Acer GridVista
HDMI -> Intel(R) Graphics Media Accelerator Driver
HijackThis -> HijackThis 2.0.2
InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E} -> Texas Instruments PCIxx21/x515/xx12 drivers.
InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} -> NTI CD & DVD-Maker
LiveUpdate -> LiveUpdate 3.2 (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
NSS -> Norton Security Scan
PhotoStitch -> Canon Utilities PhotoStitch
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX
ShockwaveFlash -> Adobe Flash Player 9 ActiveX
ST6UNST #1 -> Hormonal Forecaster v 5.2
ST6UNST #2 -> Formitecho Information Technology Diary
SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} -> Norton Internet Security (Symantec Corporation)
SynTPDeinstKey -> Synaptics Pointing Device Driver
Webshots Desktop_is1 -> Webshots Desktop
Webshots Toolbar -> Webshots Toolbar
WinAce Archiver -> WinAce Archiver
Winamp -> Winamp (remove only)
WinZip Self-Extractor -> WinZip Self-Extractor
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 03/09/2008 8:58:49 AM Computer Name = Acer | Source = Automatic LiveUpdate Scheduler | ID = 101 -> Description = Information Level: error Initialization of the COM subsystem failed. Error code: 0x8007041D
Application [ Error ] 03/09/2008 11:29:46 PM Computer Name = Acer | Source = ESENT | ID = 482 -> Description = Catalog Database (1344) Catalog Database: An attempt to write to the file "C:\Windows\system32\CatRoot2\edb.log" at offset 40448 (0x0000000000009e00) for 512 (0x00000200) bytes failed after 0 seconds with system error 1453 (0x000005ad): "Insufficient quota to complete the requested service. ". The write operation will fail with error -1011 (0xfffffc0d). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Application [ Error ] 03/09/2008 11:29:46 PM Computer Name = Acer | Source = ESENT | ID = 417 -> Description = Catalog Database (1344) Catalog Database: Unable to write to section 3 while flushing logfile C:\Windows\system32\CatRoot2\edb.log. Error -1011 (0xfffffc0d).
Application [ Error ] 03/09/2008 11:29:46 PM Computer Name = Acer | Source = ESENT | ID = 492 -> Description = Catalog Database (1344) Catalog Database: The logfile sequence in "C:\Windows\system32\CatRoot2\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.
Application [ Error ] 03/09/2008 11:29:47 PM Computer Name = Acer | Source = ESENT | ID = 104 -> Description = Catalog Database (1344) Catalog Database: The database engine stopped the instance (0) with error (-510).
Application [ Error ] 03/09/2008 11:29:47 PM Computer Name = Acer | Source = VSS | ID = 12344 -> Description =
Application [ Error ] 03/09/2008 11:29:47 PM Computer Name = Acer | Source = VSS | ID = 12296 -> Description =
Application [ Error ] 03/09/2008 11:29:47 PM Computer Name = Acer | Source = VSS | ID = 8193 -> Description =
Application [ Error ] 03/09/2008 11:29:48 PM Computer Name = Acer | Source = System Restore | ID = 8193 -> Description =
Application [ Error ] 03/09/2008 11:29:49 PM Computer Name = Acer | Source = System Restore | ID = 8210 -> Description =
System [ Error ] 25/11/2009 12:46:34 AM Computer Name = Acer | Source = Service Control Manager | ID = 7026 -> Description =
System [ Error ] 25/11/2009 12:18:36 PM Computer Name = Acer | Source = DCOM | ID = 10010 -> Description =
System [ Error ] 25/11/2009 12:19:11 PM Computer Name = Acer | Source = DCOM | ID = 10005 -> Description =
System [ Error ] 25/11/2009 12:19:12 PM Computer Name = Acer | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 25/11/2009 12:19:12 PM Computer Name = Acer | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 26/11/2009 11:02:14 AM Computer Name = Acer | Source = Service Control Manager | ID = 7009 -> Description =
System [ Error ] 26/11/2009 11:02:17 AM Computer Name = Acer | Source = Service Control Manager | ID = 7000 -> Description =
System [ Error ] 26/11/2009 11:03:21 AM Computer Name = Acer | Source = Service Control Manager | ID = 7011 -> Description =
System [ Error ] 26/11/2009 11:03:29 AM Computer Name = Acer | Source = Service Control Manager | ID = 7011 -> Description =
System [ Error ] 26/11/2009 11:03:30 AM Computer Name = Acer | Source = DCOM | ID = 10010 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\SantinoBee\Desktop\OTS.exe -> [2009/11/26 16:17:04 | 00,526,848 | ---- | C] (OldTimer Tools)
NSS -> C:\Windows\System32\drivers\NSS -> [2009/11/21 11:58:43 | 00,000,000 | ---D | C]
Norton Security Scan -> C:\Program Files\Norton Security Scan -> [2009/11/21 11:58:43 | 00,000,000 | ---D | C]
Norton -> C:\ProgramData\Norton -> [2009/11/21 11:58:43 | 00,000,000 | ---D | C]
0203000.02C -> C:\Windows\System32\drivers\NSS\0203000.02C -> [2009/11/21 11:58:43 | 00,000,000 | ---D | C]
NortonInstaller -> C:\ProgramData\NortonInstaller -> [2009/11/21 11:57:25 | 00,000,000 | ---D | C]
NortonInstaller -> C:\Program Files\NortonInstaller -> [2009/11/21 11:57:25 | 00,000,000 | ---D | C]
Threat Expert -> C:\Users\SantinoBee\AppData\Local\Threat Expert -> [2009/11/07 18:00:20 | 00,000,000 | ---D | C]
TEMP -> C:\ProgramData\TEMP -> [2009/11/07 17:50:21 | 00,000,000 | ---D | C]
sdsetup_aff.exe -> C:\Users\SantinoBee\sdsetup_aff.exe -> [2009/11/07 17:22:07 | 34,102,344 | ---- | C] (PC Tools )
IconCache.db -> C:\Users\SantinoBee\AppData\Local\IconCache.db -> [2009/11/06 11:28:47 | 01,930,110 | -H-- | C] ()
Malwarebytes -> C:\Users\SantinoBee\AppData\Roaming\Malwarebytes -> [2009/11/04 10:17:12 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/11/04 10:17:00 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/11/04 10:17:00 | 00,000,000 | ---D | C]
{52d26648-4259-4655-835c-c0526aad4521} -> C:\Users\SantinoBee\{52d26648-4259-4655-835c-c0526aad4521} -> [2009/11/03 14:13:05 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/11/03 14:12:35 | 00,000,000 | ---D | C]
InstallShield -> C:\Users\SantinoBee\AppData\Roaming\InstallShield -> [2009/11/03 14:10:40 | 00,000,000 | ---D | C]
RUBotted.exe -> C:\Users\SantinoBee\RUBotted.exe -> [2009/11/03 14:07:43 | 06,509,608 | ---- | C] (Macrovision Corporation)
cwshredder.exe -> C:\Users\SantinoBee\cwshredder.exe -> [2009/11/03 14:06:47 | 00,532,480 | ---- | C] (Trend Micro Incorporated)
backups -> C:\Users\SantinoBee\Desktop\backups -> [2009/11/03 14:05:11 | 00,000,000 | ---D | C]
HijackThis.exe -> C:\Users\SantinoBee\Desktop\HijackThis.exe -> [2009/11/03 13:57:59 | 00,401,720 | ---- | C] (Trend Micro Inc.)
New Folder (3) -> C:\Users\SantinoBee\Desktop\New Folder (3) -> [2009/11/01 18:20:54 | 00,000,000 | ---D | C]
New Folder (2) -> C:\Users\SantinoBee\Desktop\New Folder (2) -> [2009/11/01 18:18:19 | 00,000,000 | ---D | C]
Interop.Shell32.dll -> C:\Windows\System32\Interop.Shell32.dll -> [2006/12/05 00:15:13 | 00,053,248 | ---- | C] ( )
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
1 C:\Users\SantinoBee\*.tmp files -> C:\Users\SantinoBee\*.tmp ->

[Files/Folders - Modified Within 30 Days]
tdlclk.dll -> C:\Windows\System32\tdlclk.dll -> [2009/11/26 18:44:24 | 00,012,800 | ---- | M] ()
ntuser.dat -> C:\Users\SantinoBee\ntuser.dat -> [2009/11/26 18:39:56 | 02,621,440 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/26 18:01:03 | 00,005,184 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/11/26 18:01:03 | 00,005,184 | -H-- | M] ()
tdlcmd.dll -> C:\Windows\System32\tdlcmd.dll -> [2009/11/26 17:01:55 | 00,023,552 | ---- | M] ()
SysProt.zip -> C:\Users\SantinoBee\Desktop\SysProt.zip -> [2009/11/26 16:18:51 | 00,355,033 | ---- | M] ()
OTS.exe -> C:\Users\SantinoBee\Desktop\OTS.exe -> [2009/11/26 16:17:57 | 00,526,848 | ---- | M] (OldTimer Tools)
hfcrgrt.ini -> C:\hfcrgrt.ini -> [2009/11/26 15:22:06 | 00,000,000 | ---- | M] ()
sqmnoopt17.sqm -> C:\sqmnoopt17.sqm -> [2009/11/26 12:43:35 | 00,000,244 | -H-- | M] ()
sqmdata17.sqm -> C:\sqmdata17.sqm -> [2009/11/26 12:43:35 | 00,000,232 | -H-- | M] ()
sqmnoopt16.sqm -> C:\sqmnoopt16.sqm -> [2009/11/26 12:43:30 | 00,000,244 | -H-- | M] ()
sqmdata16.sqm -> C:\sqmdata16.sqm -> [2009/11/26 12:43:30 | 00,000,232 | -H-- | M] ()
sqmnoopt15.sqm -> C:\sqmnoopt15.sqm -> [2009/11/26 12:42:42 | 00,000,244 | -H-- | M] ()
sqmdata15.sqm -> C:\sqmdata15.sqm -> [2009/11/26 12:42:42 | 00,000,232 | -H-- | M] ()
sqmnoopt14.sqm -> C:\sqmnoopt14.sqm -> [2009/11/26 12:42:28 | 00,000,244 | -H-- | M] ()
sqmdata14.sqm -> C:\sqmdata14.sqm -> [2009/11/26 12:42:28 | 00,000,232 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/11/26 10:00:57 | 00,067,584 | --S- | M] ()
User_Feed_Synchronization-{3011DB25-C3EA-4785-A960-8DEE6C5D0FFD}.job -> C:\Windows\tasks\User_Feed_Synchronization-{3011DB25-C3EA-4785-A960-8DEE6C5D0FFD}.job -> [2009/11/25 16:16:23 | 00,000,428 | -H-- | M] ()
Norton Security Scan for SantinoBee.job -> C:\Windows\tasks\Norton Security Scan for SantinoBee.job -> [2009/11/25 15:00:08 | 00,000,484 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/11/25 11:19:06 | 00,716,948 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/11/25 11:19:06 | 00,623,342 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/11/25 11:19:06 | 00,108,526 | ---- | M] ()
Ikeext.etl -> C:\Windows\System32\Ikeext.etl -> [2009/11/24 23:45:06 | 00,008,192 | ---- | M] ()
AcRdB7_0_9.ini -> C:\Users\Public\Documents\AcRdB7_0_9.ini -> [2009/11/24 23:43:57 | 00,001,284 | ---- | M] ()
AcRdB7_0_9.sta -> C:\Users\Public\Documents\AcRdB7_0_9.sta -> [2009/11/24 23:43:57 | 00,000,082 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/11/24 23:43:22 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/24 23:43:06 | 52,656,9472 | -HS- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2009/11/24 23:41:25 | 00,000,012 | ---- | M] ()
IconCache.db -> C:\Users\SantinoBee\AppData\Local\IconCache.db -> [2009/11/24 23:40:44 | 01,930,110 | -H-- | M] ()
The Shopping Cart WFMED, Discount Medical Supplies at Factory Direct Prices! alcohol swabs, bulb syringe, irrigation syringe, plastic tweezers.url -> C:\Users\SantinoBee\Desktop\The Shopping Cart WFMED, Discount Medical Supplies at Factory Direct Prices! alcohol swabs, bulb syringe, irrigation syringe, plastic tweezers.url -> [2009/11/24 12:31:47 | 00,000,139 | ---- | M] ()
sqmnoopt13.sqm -> C:\sqmnoopt13.sqm -> [2009/11/23 21:07:37 | 00,000,244 | -H-- | M] ()
sqmdata13.sqm -> C:\sqmdata13.sqm -> [2009/11/23 21:07:37 | 00,000,232 | -H-- | M] ()
sqmnoopt12.sqm -> C:\sqmnoopt12.sqm -> [2009/11/23 18:41:05 | 00,000,244 | -H-- | M] ()
sqmdata12.sqm -> C:\sqmdata12.sqm -> [2009/11/23 18:41:05 | 00,000,232 | -H-- | M] ()
sqmnoopt11.sqm -> C:\sqmnoopt11.sqm -> [2009/11/23 18:39:28 | 00,000,244 | -H-- | M] ()
sqmdata11.sqm -> C:\sqmdata11.sqm -> [2009/11/23 18:39:28 | 00,000,232 | -H-- | M] ()
sqmnoopt10.sqm -> C:\sqmnoopt10.sqm -> [2009/11/23 18:39:20 | 00,000,244 | -H-- | M] ()

SantinoBee · 26-Nov-2009, 06:02 PM #8

sqmdata10.sqm -> C:\sqmdata10.sqm -> [2009/11/23 18:39:20 | 00,000,232 | -H-- | M] ()
sqmnoopt09.sqm -> C:\sqmnoopt09.sqm -> [2009/11/23 18:39:06 | 00,000,244 | -H-- | M] ()
sqmdata09.sqm -> C:\sqmdata09.sqm -> [2009/11/23 18:39:06 | 00,000,232 | -H-- | M] ()
sqmdata08.sqm -> C:\sqmdata08.sqm -> [2009/11/23 18:37:58 | 00,000,232 | -H-- | M] ()
sqmnoopt08.sqm -> C:\sqmnoopt08.sqm -> [2009/11/23 18:37:57 | 00,000,244 | -H-- | M] ()
Ecology of apple snails (Ampullariidae)..url -> C:\Users\SantinoBee\Desktop\Ecology of apple snails (Ampullariidae)..url -> [2009/11/22 12:32:50 | 00,000,195 | ---- | M] ()
sqmnoopt07.sqm -> C:\sqmnoopt07.sqm -> [2009/11/21 20:02:25 | 00,000,244 | -H-- | M] ()
sqmdata07.sqm -> C:\sqmdata07.sqm -> [2009/11/21 20:02:25 | 00,000,232 | -H-- | M] ()
sqmnoopt06.sqm -> C:\sqmnoopt06.sqm -> [2009/11/21 19:56:26 | 00,000,244 | -H-- | M] ()
sqmdata06.sqm -> C:\sqmdata06.sqm -> [2009/11/21 19:56:26 | 00,000,232 | -H-- | M] ()
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2009/11/21 11:59:10 | 00,001,141 | ---- | M] ()
isolate.ini -> C:\Windows\System32\drivers\NSS\0203000.02C\isolate.ini -> [2009/11/21 11:58:43 | 00,000,172 | ---- | M] ()
Tech Performance Bra Top - Puma Online Shop.url -> C:\Users\SantinoBee\Desktop\Tech Performance Bra Top - Puma Online Shop.url -> [2009/11/19 10:36:58 | 00,000,323 | ---- | M] ()
2013 Oracle by David Carson and Nina Sammons.url -> C:\Users\SantinoBee\Desktop\2013 Oracle by David Carson and Nina Sammons.url -> [2009/11/19 10:25:39 | 00,000,115 | ---- | M] ()
Etsy Fun things -advice about working from home.url -> C:\Users\SantinoBee\Desktop\Etsy Fun things -advice about working from home.url -> [2009/11/19 10:24:12 | 00,000,213 | ---- | M] ()
HijackThis - Shortcut (6).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (6).lnk -> [2009/11/16 08:09:46 | 00,000,511 | ---- | M] ()
Swanson Cherry Nut Bread - Swanson Health Products.url -> C:\Users\SantinoBee\Desktop\Swanson Cherry Nut Bread - Swanson Health Products.url -> [2009/11/15 00:11:08 | 00,000,245 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/11/11 14:34:25 | 00,292,448 | ---- | M] ()
wininit.ini -> C:\Windows\wininit.ini -> [2009/11/07 18:06:34 | 00,000,053 | ---- | M] ()
HijackThis - Shortcut (5).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (5).lnk -> [2009/11/07 17:51:40 | 00,000,511 | ---- | M] ()
HijackThis - Shortcut (4).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (4).lnk -> [2009/11/07 17:23:33 | 00,000,511 | ---- | M] ()
sdsetup_aff.exe -> C:\Users\SantinoBee\sdsetup_aff.exe -> [2009/11/07 17:23:24 | 34,102,344 | ---- | M] (PC Tools )
HijackThis - Shortcut (3).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (3).lnk -> [2009/11/07 17:23:15 | 00,000,511 | ---- | M] ()
n7985_1.jpg -> C:\Users\SantinoBee\Desktop\n7985_1.jpg -> [2009/11/05 10:34:43 | 00,034,072 | ---- | M] ()
n7985_2.jpg -> C:\Users\SantinoBee\Desktop\n7985_2.jpg -> [2009/11/05 10:34:37 | 00,036,593 | ---- | M] ()
HijackThis - Shortcut (2).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (2).lnk -> [2009/11/03 14:10:23 | 00,000,511 | ---- | M] ()
HijackThis - Shortcut.lnk -> C:\Users\SantinoBee\HijackThis - Shortcut.lnk -> [2009/11/03 14:10:21 | 00,000,511 | ---- | M] ()
RUBotted.exe -> C:\Users\SantinoBee\RUBotted.exe -> [2009/11/03 14:07:56 | 06,509,608 | ---- | M] (Macrovision Corporation)
cwshredder.exe -> C:\Users\SantinoBee\cwshredder.exe -> [2009/11/03 14:07:16 | 00,532,480 | ---- | M] (Trend Micro Incorporated)
HijackThis.exe -> C:\Users\SantinoBee\Desktop\HijackThis.exe -> [2009/11/03 13:59:14 | 00,401,720 | ---- | M] (Trend Micro Inc.)
Protectaid Contraceptive Sponge Protectaid.ca.url -> C:\Users\SantinoBee\Desktop\Protectaid Contraceptive Sponge Protectaid.ca.url -> [2009/11/02 22:42:07 | 00,000,126 | ---- | M] ()
barriermethods.com contraception with no hormon caused sideeffects because hormonfree diaphragm, cervical caps, lea contraceptivum, female condom ( femidom ).url -> C:\Users\SantinoBee\Desktop\barriermethods.com contraception with no hormon caused sideeffects because hormonfree diaphragm, cervical caps, lea contraceptivum, female condom ( femidom ).url -> [2009/11/02 22:41:54 | 00,000,183 | ---- | M] ()
ReProtect Inc. - Product Information.url -> C:\Users\SantinoBee\Desktop\ReProtect Inc. - Product Information.url -> [2009/11/02 22:41:38 | 00,000,128 | ---- | M] ()
MpSigStub.exe -> C:\Windows\System32\MpSigStub.exe -> [2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation)
Winvdrvr.dll -> C:\Winvdrvr.dll -> [2009/11/02 17:28:28 | 00,000,014 | ---- | M] ()
Setup1.exe -> C:\Windows\Setup1.exe -> [2009/11/02 17:27:09 | 00,286,720 | ---- | M] (Microsoft Corporation)
111.jpg -> C:\Users\SantinoBee\Desktop\111.jpg -> [2009/11/01 17:18:30 | 01,135,855 | ---- | M] ()
104 C:\Users\SantinoBee\AppData\Local\Temp\*.tmp files -> C:\Users\SantinoBee\AppData\Local\Temp\*.tmp ->
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
1 C:\Users\SantinoBee\AppData\Local\Temp\is-5AL65.tmp\_isetup\*.tmp files -> C:\Users\SantinoBee\AppData\Local\Temp\is-5AL65.tmp\_isetup\*.tmp ->
1 C:\Users\SantinoBee\*.tmp files -> C:\Users\SantinoBee\*.tmp ->

[Files - No Company Name]
SysProt.zip -> C:\Users\SantinoBee\Desktop\SysProt.zip -> [2009/11/26 16:18:30 | 00,355,033 | ---- | C] ()
sqmnoopt17.sqm -> C:\sqmnoopt17.sqm -> [2009/11/26 12:43:35 | 00,000,244 | -H-- | C] ()
sqmdata17.sqm -> C:\sqmdata17.sqm -> [2009/11/26 12:43:35 | 00,000,232 | -H-- | C] ()
sqmnoopt16.sqm -> C:\sqmnoopt16.sqm -> [2009/11/26 12:43:30 | 00,000,244 | -H-- | C] ()
sqmdata16.sqm -> C:\sqmdata16.sqm -> [2009/11/26 12:43:30 | 00,000,232 | -H-- | C] ()
sqmnoopt15.sqm -> C:\sqmnoopt15.sqm -> [2009/11/26 12:42:42 | 00,000,244 | -H-- | C] ()
sqmdata15.sqm -> C:\sqmdata15.sqm -> [2009/11/26 12:42:42 | 00,000,232 | -H-- | C] ()
sqmnoopt14.sqm -> C:\sqmnoopt14.sqm -> [2009/11/26 12:42:28 | 00,000,244 | -H-- | C] ()
sqmdata14.sqm -> C:\sqmdata14.sqm -> [2009/11/26 12:42:28 | 00,000,232 | -H-- | C] ()
tdlcmd.dll -> C:\Windows\System32\tdlcmd.dll -> [2009/11/24 23:48:25 | 00,023,552 | ---- | C] ()
tdlclk.dll -> C:\Windows\System32\tdlclk.dll -> [2009/11/24 23:48:21 | 00,012,800 | ---- | C] ()
The Shopping Cart WFMED, Discount Medical Supplies at Factory Direct Prices! alcohol swabs, bulb syringe, irrigation syringe, plastic tweezers.url -> C:\Users\SantinoBee\Desktop\The Shopping Cart WFMED, Discount Medical Supplies at Factory Direct Prices! alcohol swabs, bulb syringe, irrigation syringe, plastic tweezers.url -> [2009/11/24 12:31:47 | 00,000,139 | ---- | C] ()
sqmnoopt13.sqm -> C:\sqmnoopt13.sqm -> [2009/11/23 21:07:37 | 00,000,244 | -H-- | C] ()
sqmdata13.sqm -> C:\sqmdata13.sqm -> [2009/11/23 21:07:37 | 00,000,232 | -H-- | C] ()
sqmnoopt12.sqm -> C:\sqmnoopt12.sqm -> [2009/11/23 18:41:05 | 00,000,244 | -H-- | C] ()
sqmdata12.sqm -> C:\sqmdata12.sqm -> [2009/11/23 18:41:05 | 00,000,232 | -H-- | C] ()
sqmnoopt11.sqm -> C:\sqmnoopt11.sqm -> [2009/11/23 18:39:28 | 00,000,244 | -H-- | C] ()
sqmdata11.sqm -> C:\sqmdata11.sqm -> [2009/11/23 18:39:28 | 00,000,232 | -H-- | C] ()
sqmnoopt10.sqm -> C:\sqmnoopt10.sqm -> [2009/11/23 18:39:20 | 00,000,244 | -H-- | C] ()
sqmdata10.sqm -> C:\sqmdata10.sqm -> [2009/11/23 18:39:20 | 00,000,232 | -H-- | C] ()
sqmnoopt09.sqm -> C:\sqmnoopt09.sqm -> [2009/11/23 18:39:06 | 00,000,244 | -H-- | C] ()
sqmdata09.sqm -> C:\sqmdata09.sqm -> [2009/11/23 18:39:06 | 00,000,232 | -H-- | C] ()
sqmdata08.sqm -> C:\sqmdata08.sqm -> [2009/11/23 18:37:58 | 00,000,232 | -H-- | C] ()
sqmnoopt08.sqm -> C:\sqmnoopt08.sqm -> [2009/11/23 18:37:57 | 00,000,244 | -H-- | C] ()
sqmnoopt07.sqm -> C:\sqmnoopt07.sqm -> [2009/11/21 20:02:25 | 00,000,244 | -H-- | C] ()
sqmdata07.sqm -> C:\sqmdata07.sqm -> [2009/11/21 20:02:25 | 00,000,232 | -H-- | C] ()
sqmnoopt06.sqm -> C:\sqmnoopt06.sqm -> [2009/11/21 19:56:26 | 00,000,244 | -H-- | C] ()
sqmdata06.sqm -> C:\sqmdata06.sqm -> [2009/11/21 19:56:26 | 00,000,232 | -H-- | C] ()
Norton Security Scan for SantinoBee.job -> C:\Windows\tasks\Norton Security Scan for SantinoBee.job -> [2009/11/21 11:59:22 | 00,000,484 | ---- | C] ()
Norton Security Scan.lnk -> C:\Users\Public\Desktop\Norton Security Scan.lnk -> [2009/11/21 11:59:10 | 00,001,141 | ---- | C] ()
isolate.ini -> C:\Windows\System32\drivers\NSS\0203000.02C\isolate.ini -> [2009/11/21 11:58:43 | 00,000,172 | ---- | C] ()
Ecology of apple snails (Ampullariidae)..url -> C:\Users\SantinoBee\Desktop\Ecology of apple snails (Ampullariidae)..url -> [2009/11/21 10:18:56 | 00,000,195 | ---- | C] ()
Tech Performance Bra Top - Puma Online Shop.url -> C:\Users\SantinoBee\Desktop\Tech Performance Bra Top - Puma Online Shop.url -> [2009/11/19 10:36:54 | 00,000,323 | ---- | C] ()
2013 Oracle by David Carson and Nina Sammons.url -> C:\Users\SantinoBee\Desktop\2013 Oracle by David Carson and Nina Sammons.url -> [2009/11/19 10:25:39 | 00,000,115 | ---- | C] ()
Etsy Fun things -advice about working from home.url -> C:\Users\SantinoBee\Desktop\Etsy Fun things -advice about working from home.url -> [2009/11/19 10:24:10 | 00,000,213 | ---- | C] ()
HijackThis - Shortcut (6).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (6).lnk -> [2009/11/16 08:09:46 | 00,000,511 | ---- | C] ()
Swanson Cherry Nut Bread - Swanson Health Products.url -> C:\Users\SantinoBee\Desktop\Swanson Cherry Nut Bread - Swanson Health Products.url -> [2009/11/15 00:11:06 | 00,000,245 | ---- | C] ()
wininit.ini -> C:\Windows\wininit.ini -> [2009/11/07 18:06:34 | 00,000,053 | ---- | C] ()
HijackThis - Shortcut (5).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (5).lnk -> [2009/11/07 17:51:40 | 00,000,511 | ---- | C] ()
HijackThis - Shortcut (4).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (4).lnk -> [2009/11/07 17:23:33 | 00,000,511 | ---- | C] ()
HijackThis - Shortcut (3).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (3).lnk -> [2009/11/07 17:23:15 | 00,000,511 | ---- | C] ()
IconCache.db -> C:\Users\SantinoBee\AppData\Local\IconCache.db -> [2009/11/06 11:28:47 | 01,930,110 | -H-- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/11/06 10:28:30 | 52,656,9472 | -HS- | C] ()
n7985_1.jpg -> C:\Users\SantinoBee\Desktop\n7985_1.jpg -> [2009/11/05 11:06:29 | 00,034,072 | ---- | C] ()
n7985_2.jpg -> C:\Users\SantinoBee\Desktop\n7985_2.jpg -> [2009/11/05 11:06:18 | 00,036,593 | ---- | C] ()
HijackThis - Shortcut (2).lnk -> C:\Users\SantinoBee\HijackThis - Shortcut (2).lnk -> [2009/11/03 14:10:23 | 00,000,511 | ---- | C] ()
HijackThis - Shortcut.lnk -> C:\Users\SantinoBee\HijackThis - Shortcut.lnk -> [2009/11/03 14:10:21 | 00,000,511 | ---- | C] ()
Protectaid Contraceptive Sponge Protectaid.ca.url -> C:\Users\SantinoBee\Desktop\Protectaid Contraceptive Sponge Protectaid.ca.url -> [2009/11/02 22:42:07 | 00,000,126 | ---- | C] ()
barriermethods.com contraception with no hormon caused sideeffects because hormonfree diaphragm, cervical caps, lea contraceptivum, female condom ( femidom ).url -> C:\Users\SantinoBee\Desktop\barriermethods.com contraception with no hormon caused sideeffects because hormonfree diaphragm, cervical caps, lea contraceptivum, female condom ( femidom ).url -> [2009/11/02 22:41:53 | 00,000,183 | ---- | C] ()
ReProtect Inc. - Product Information.url -> C:\Users\SantinoBee\Desktop\ReProtect Inc. - Product Information.url -> [2009/11/02 22:41:38 | 00,000,128 | ---- | C] ()
Winvdrvr.dll -> C:\Winvdrvr.dll -> [2009/11/02 17:28:28 | 00,000,014 | ---- | C] ()
111.jpg -> C:\Users\SantinoBee\Desktop\111.jpg -> [2009/11/01 17:18:30 | 01,135,855 | ---- | C] ()
HFCdtASP.dll -> C:\Windows\System32\HFCdtASP.dll -> [2009/02/25 23:38:27 | 00,188,416 | ---- | C] ()
tifmicon.dll -> C:\Windows\System32\tifmicon.dll -> [2007/04/02 02:14:26 | 00,172,032 | ---- | C] ()
igfxCoIn_v1114.dll -> C:\Windows\System32\igfxCoIn_v1114.dll -> [2007/04/02 02:14:07 | 00,204,800 | ---- | C] ()
hccutils.dll -> C:\Windows\System32\hccutils.dll -> [2007/04/02 02:14:06 | 00,077,824 | ---- | C] ()
igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2007/04/02 02:14:06 | 00,061,440 | ---- | C] ()
oemdspif.dll -> C:\Windows\System32\oemdspif.dll -> [2007/04/02 02:14:06 | 00,053,248 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2007/04/02 02:14:02 | 01,060,424 | ---- | C] ()
int15_64.sys -> C:\Windows\System32\drivers\int15_64.sys -> [2007/03/27 23:51:50 | 00,015,656 | ---- | C] ()
int15.sys -> C:\Windows\System32\drivers\int15.sys -> [2007/03/27 23:51:49 | 00,069,632 | ---- | C] ()
NATTraversal.dll -> C:\Windows\System32\NATTraversal.dll -> [2007/03/27 23:41:03 | 00,065,536 | ---- | C] ()
Acer.ini -> C:\Windows\Acer.ini -> [2007/03/27 23:27:24 | 00,000,037 | ---- | C] ()
CLEANUP.INI -> C:\Windows\CLEANUP.INI -> [2006/12/24 01:33:26 | 00,000,092 | ---- | C] ()
NTIBUN4.dll -> C:\Windows\System32\NTIBUN4.dll -> [2006/12/05 00:36:51 | 00,001,024 | RH-- | C] ()
0x0409.ini -> C:\Windows\0x0409.ini -> [2006/12/05 00:22:06 | 00,005,495 | R--- | C] ()
Setup.ini -> C:\Windows\Setup.ini -> [2006/12/05 00:17:42 | 00,001,202 | ---- | C] ()
AEITAddInRdr.dll -> C:\Windows\AEITAddInRdr.dll -> [2006/12/05 00:17:38 | 00,323,584 | ---- | C] ()
Abcpy.ini -> C:\Windows\Abcpy.ini -> [2006/12/05 00:17:38 | 00,001,730 | ---- | C] ()
ScrollBarLib.dll -> C:\Windows\System32\ScrollBarLib.dll -> [2006/12/05 00:15:17 | 00,331,776 | ---- | C] ()
UBHelper.sys -> C:\Windows\System32\drivers\UBHelper.sys -> [2006/12/05 00:09:55 | 00,013,952 | ---- | C] ()
Alaunch.ini -> C:\Windows\Alaunch.ini -> [2006/12/04 22:33:13 | 00,000,101 | ---- | C] ()
NotesExtmngr.dll -> C:\Windows\System32\NotesExtmngr.dll -> [2006/11/16 15:20:38 | 00,266,240 | ---- | C] ()
NotesActnMenu.dll -> C:\Windows\System32\NotesActnMenu.dll -> [2006/11/16 15:20:20 | 00,200,704 | ---- | C] ()
MSNSpook.dll -> C:\Windows\System32\MSNSpook.dll -> [2006/11/16 15:20:10 | 00,086,016 | ---- | C] ()
MSNChatHook.dll -> C:\Windows\System32\MSNChatHook.dll -> [2006/11/16 15:19:10 | 00,037,376 | ---- | C] ()
BatchCrypto.dll -> C:\Windows\System32\BatchCrypto.dll -> [2006/11/16 15:19:04 | 00,123,904 | ---- | C] ()
APISlice.dll -> C:\Windows\System32\APISlice.dll -> [2006/11/16 15:18:58 | 00,073,728 | ---- | C] ()
ShowErrMsg.dll -> C:\Windows\System32\ShowErrMsg.dll -> [2006/11/16 15:18:50 | 00,063,488 | ---- | C] ()
MailFormat_U.dll -> C:\Windows\System32\MailFormat_U.dll -> [2006/11/16 15:18:06 | 00,022,016 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2006/11/02 05:33:01 | 00,716,948 | ---- | C] ()
msdfmap.ini -> C:\Windows\msdfmap.ini -> [2006/11/02 05:24:31 | 00,001,405 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:23:31 | 00,000,219 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:23:31 | 00,000,144 | ---- | C] ()
tcpmon.ini -> C:\Windows\System32\tcpmon.ini -> [2006/11/02 03:23:38 | 00,055,858 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 00,013,750 | ---- | C] ()
country.sys -> C:\Windows\System32\country.sys -> [2006/11/02 02:09:45 | 00,027,097 | ---- | C] ()
KEY01.SYS -> C:\Windows\System32\KEY01.SYS -> [2006/11/02 02:09:44 | 00,042,809 | ---- | C] ()
KEYBOARD.SYS -> C:\Windows\System32\KEYBOARD.SYS -> [2006/11/02 02:09:44 | 00,042,537 | ---- | C] ()
ANSI.SYS -> C:\Windows\System32\ANSI.SYS -> [2006/11/02 02:09:42 | 00,009,029 | ---- | C] ()
HIMEM.SYS -> C:\Windows\System32\HIMEM.SYS -> [2006/11/02 02:09:41 | 00,004,768 | ---- | C] ()
NTDOS412.SYS -> C:\Windows\System32\NTDOS412.SYS -> [2006/11/02 02:09:40 | 00,029,274 | ---- | C] ()
NTDOS411.SYS -> C:\Windows\System32\NTDOS411.SYS -> [2006/11/02 02:09:38 | 00,029,370 | ---- | C] ()
NTDOS404.SYS -> C:\Windows\System32\NTDOS404.SYS -> [2006/11/02 02:09:35 | 00,029,146 | ---- | C] ()
NTDOS804.SYS -> C:\Windows\System32\NTDOS804.SYS -> [2006/11/02 02:09:31 | 00,029,146 | ---- | C] ()
NTDOS.SYS -> C:\Windows\System32\NTDOS.SYS -> [2006/11/02 02:09:29 | 00,027,866 | ---- | C] ()
NTIO412.SYS -> C:\Windows\System32\NTIO412.SYS -> [2006/11/02 02:09:26 | 00,035,536 | ---- | C] ()
NTIO411.SYS -> C:\Windows\System32\NTIO411.SYS -> [2006/11/02 02:09:24 | 00,035,776 | ---- | C] ()
NTIO404.SYS -> C:\Windows\System32\NTIO404.SYS -> [2006/11/02 02:09:23 | 00,034,672 | ---- | C] ()
NTIO804.SYS -> C:\Windows\System32\NTIO804.SYS -> [2006/11/02 02:09:22 | 00,034,672 | ---- | C] ()
NTIO.SYS -> C:\Windows\System32\NTIO.SYS -> [2006/11/02 02:09:20 | 00,033,952 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\System32\msjetoledb40.dll -> [2006/11/02 01:47:51 | 00,364,544 | ---- | C] ()
win87em.dll -> C:\Windows\System32\win87em.dll -> [2006/11/02 01:25:08 | 00,013,312 | ---- | C] ()
HFCNTS.dll -> C:\Windows\System32\HFCNTS.dll -> [2005/08/18 21:34:09 | 00,073,728 | ---- | C] ()
lvcoinst.ini -> C:\Windows\System32\lvcoinst.ini -> [2004/03/26 09:56:40 | 00,017,191 | ---- | C] ()
multiplex_vcd.dll -> C:\Windows\System32\multiplex_vcd.dll -> [2001/12/26 18:12:30 | 00,065,536 | ---- | C] ()
Hmpg12.dll -> C:\Windows\System32\Hmpg12.dll -> [2001/09/04 01:46:38 | 00,110,592 | ---- | C] ()
HMPV2_ENC.dll -> C:\Windows\System32\HMPV2_ENC.dll -> [2001/07/30 18:33:56 | 00,118,784 | ---- | C] ()
HMPV2_ENC_MMX.dll -> C:\Windows\System32\HMPV2_ENC_MMX.dll -> [2001/07/24 00:04:36 | 00,118,784 | ---- | C] ()

[File - Lop Check]
Microsoft -> C:\Users\Default\AppData\Roaming\Microsoft -> [2006/11/02 06:18:34 | 00,000,000 | --SD | M]
Microsoft -> C:\Users\Default User\AppData\Roaming\Microsoft -> [2006/11/02 06:18:34 | 00,000,000 | --SD | M]
Acer -> C:\Users\SantinoBee\AppData\Roaming\Acer -> [2007/04/01 22:29:53 | 00,000,000 | ---D | M]
Adobe -> C:\Users\SantinoBee\AppData\Roaming\Adobe -> [2007/05/11 16:13:15 | 00,000,000 | ---D | M]
AdobeUM -> C:\Users\SantinoBee\AppData\Roaming\AdobeUM -> [2007/03/31 22:38:08 | 00,000,000 | ---D | M]
ArcSoft -> C:\Users\SantinoBee\AppData\Roaming\ArcSoft -> [2007/04/01 22:29:53 | 00,000,000 | ---D | M]
Canon -> C:\Users\SantinoBee\AppData\Roaming\Canon -> [2007/09/14 23:55:55 | 00,000,000 | ---D | M]
CyberLink -> C:\Users\SantinoBee\AppData\Roaming\CyberLink -> [2007/04/01 22:29:54 | 00,000,000 | ---D | M]
Google -> C:\Users\SantinoBee\AppData\Roaming\Google -> [2007/04/01 22:29:54 | 00,000,000 | ---D | M]
Identities -> C:\Users\SantinoBee\AppData\Roaming\Identities -> [2007/04/02 10:18:51 | 00,000,000 | ---D | M]
InstallShield -> C:\Users\SantinoBee\AppData\Roaming\InstallShield -> [2009/11/03 14:10:40 | 00,000,000 | ---D | M]
Leadertech -> C:\Users\SantinoBee\AppData\Roaming\Leadertech -> [2007/04/01 22:29:54 | 00,000,000 | ---D | M]
Macromedia -> C:\Users\SantinoBee\AppData\Roaming\Macromedia -> [2007/04/01 22:29:54 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\SantinoBee\AppData\Roaming\Malwarebytes -> [2009/11/04 10:17:12 | 00,000,000 | ---D | M]
Microsoft -> C:\Users\SantinoBee\AppData\Roaming\Microsoft -> [2008/07/22 12:51:47 | 00,000,000 | --SD | M]
PC Tools -> C:\Users\SantinoBee\AppData\Roaming\PC Tools -> [2008/02/20 13:53:42 | 00,000,000 | ---D | M]
PeerNetworking -> C:\Users\SantinoBee\AppData\Roaming\PeerNetworking -> [2007/05/10 17:34:05 | 00,000,000 | ---D | M]
Snapfish -> C:\Users\SantinoBee\AppData\Roaming\Snapfish -> [2007/07/27 17:08:21 | 00,000,000 | ---D | M]
UserTile.png -> C:\Users\SantinoBee\AppData\Roaming\UserTile.png -> [2007/05/10 17:34:08 | 00,024,064 | ---- | M] ()
Webshots -> C:\Users\SantinoBee\AppData\Roaming\Webshots -> [2008/04/29 23:59:27 | 00,000,000 | ---D | M]
Winamp -> C:\Users\SantinoBee\AppData\Roaming\Winamp -> [2008/11/14 13:43:17 | 00,000,000 | ---D | M]
Norton Security Scan for SantinoBee.job -> C:\Windows\Tasks\Norton Security Scan for SantinoBee.job -> [2009/11/25 15:00:08 | 00,000,484 | ---- | M] ()
SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2009/11/24 23:43:22 | 00,000,006 | -H-- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2009/11/24 23:41:34 | 00,032,550 | ---- | M] ()
User_Feed_Synchronization-{3011DB25-C3EA-4785-A960-8DEE6C5D0FFD}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{3011DB25-C3EA-4785-A960-8DEE6C5D0FFD}.job -> [2009/11/25 16:16:23 | 00,000,428 | -H-- | M] ()

[File - Purity Scan]

[Custom Scans]
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x 86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f1 2\scecli.dll -> [2008/01/19 02:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\System32\scecli.dll -> [2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3 e\scecli.dll -> [2006/11/02 04:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x 86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\System32\netlogon.dll -> [2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 04:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x 86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor. sys -> [2008/01/19 02:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.s ys -> [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
atapi.sys : MD5=224505155EC3E36D7A1F36E446F04C2A -> C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x 86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sy s -> [2007/10/23 22:56:19 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -> C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x 86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sy s -> [2007/10/23 23:11:26 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x 86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sy s -> [2008/01/19 02:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : Unable to obtain MD5 -> C:\Windows\System32\drivers\atapi.sys -> [2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a 442479c42c\atapi.sys -> [2008/03/31 06:50:41 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78 a93da31a8b\atapi.sys -> [2008/03/31 06:50:40 | 00,021,560 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\si3112.sys /s /md5 >
< %SYSTEMDRIVE%\viadsk.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x 86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440 .sys -> [2008/01/19 02:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\drivers\AGP440.sys -> [2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440. sys -> [2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation)
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

[HardLinks - Junction Points - Mount Points - Symbolic Links]
capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink

[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP

FC5A2B2
< End of report >
[/code]

SantinoBee · 26-Nov-2009, 06:03 PM #9

That's that part.
Thanks so much for tyring to help me out!!
I don't have the $$ to get antivirus stuff or enough ram to run them!!
LOL

NeonFx · 26-Nov-2009, 11:05 PM **#10**

Don't worry, I'll give you some advice later for free AV programs you can try.

Could you attach the results instead of copy and pasting them here?

To attach them all you have to do is click on the blue Reply button or on the Go Advanced button and then use the "Manage Attachments" button to browse for the files.

Let me know when you have the other results. You don't need to wait for me to say it's ok to move on to the other steps

I can already see the cause of your problems though.

SantinoBee · 27-Nov-2009, 11:54 AM **#11**

I'll try to do that later.
I can't unzip anything. My thing always freezes, winzip. I haven't been able to unzip anything bigger than picture files.
This Vista rubbish won't run anything. If I update it I can't use the internet.
It's connected wifi, but the page cannot be displayed... even with the firewall off, or with letting the program through... I can't use firefox either..

frustrating.
It won't do a lot of things, even when I first got it.

SantinoBee · 27-Nov-2009, 11:55 AM **#12**

I'll have to run the thing again, I didn't save the text.
I might have time later.
Thanks.

SantinoBee · 27-Nov-2009, 11:56 AM **#13**

Also I can't update google earth, I can't use msn, or get updates for antivirus stuff...

NeonFx · 27-Nov-2009, 01:02 PM **#14**

It worked great the first time I got it. I guess it has a lot to do with whether or not the system was designed for it or not.

The results don't have to be saved. They are automatically saved in the same folder where you ran the program from.

Let's use this instead of SysProt:

Download the GMER Rootkit Scanner.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

SantinoBee · 28-Nov-2009, 11:49 AM **#15**

This computer came with Vista when I bought it.
Also I can't get my updates for the flash player, ever... and I can't do Java things... I have it, it's enabled, and all the right permissions... but Java doesn't work with it.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)