Reply to thread

Message: <blockquote data-quote="Ceiron9" data-source="post: 114886" data-attributes="member: 7213">Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 22 days old)Ran by SYSTEM at 04-04-2013 06:48:42Running from F:\Windows Vista (TM) Home Premium  Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-10-31] (Realtek Semiconductor)HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-06-18] (Google)HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [690720 2008-12-18] (Acer Incorporated)HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2008-10-27] (EgisTec Inc.)HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)HKLM\...\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [28672 2008-04-25] ()HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] ()HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13601312 2008-11-21] (NVIDIA Corporation)HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-11-21] (NVIDIA Corporation)HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-08] (Synaptics, Inc.)HKLM\...\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav.exe" -run [1163264 2008-05-30] (AuthenTec, Inc.)HKLM\...\Run: [VitaKeyPdtWzd] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3679744 2008-10-16] (Egis Technology Inc.)HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [870920 2009-01-08] (Dritek System Inc.)HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-17] (Sun Microsystems, Inc.)HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-19] (Apple Inc.)HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-31] (Realtek Semiconductor Corp.)HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-21] (Adobe Systems Incorporated)HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2054360 2009-09-10] (ESET)HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-14] (PC Tools)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1890744 2012-09-02] (Bandoo Media, inc)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)HKU\Roger\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\Roger\...\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan [x]HKU\Roger\...\Run: [settdebugx.exe] C:\Users\Roger\AppData\Local\Temp\settdebugx.exe [x]HKU\Roger\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED [x]HKU\Roger\...\Run: [Facebook Update] "C:\Users\Roger\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]HKU\Roger\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [x]HKU\Roger\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\Roger\...\Winlogon: [Shell] explorer.exe,C:\Users\Roger\AppData\Roaming\skype.dat [94208 2011-11-18] ()AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLIMEO: [Debugger] svchost.exeLsa: [Notification Packages] C:\Program Files\Acer\Acer Bio Protection\PwdFilterStartup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnkShortcutTarget: HP SimpleSave Monitor.lnk ->  (No File)==================== Services (Whitelisted) ===================2 BackupService; C:\Users\Roger\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-06-30] (ArcSoft, Inc.)2 BUNAgentSvc; "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [20680 2009-09-10] (ESET)2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [735960 2009-09-10] (ESET)2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [653856 2008-12-18] (Acer Incorporated)3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-18] (Google)2 gupdate1ca2176e45779a0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-08-20] (Google Inc.)2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-10-16] ()2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-12-06] ()2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-27] (PC Tools)2 RichVideo; "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" [272024 2007-01-08] ()2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [x]2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [x]==================== Drivers (Whitelisted) ====================0 AlfaFF; C:\Windows\System32\drivers\AlfaFF.sys [42608 2008-10-16] (Alfa Corporation)3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2008-05-30] (AuthenTec, Inc.)1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [116008 2009-09-10] (ESET)1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [108792 2009-09-10] (ESET)2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [135048 2009-09-10] (ESET)3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33096 2009-06-18] (ESET)2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-09-10] (ESET)2 int15; \??\C:\Windows\system32\drivers\int15.sys [69632 2008-10-16] ()2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [x]1 H8SRTd.sys; C:\Windows\system32\drivers\H8SRTxcgisnrpes.sys [x]3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]3 massfilter; C:\Windows\System32\drivers\massfilter.sys [x]3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [x]3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [x]3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-04-04 06:48 - 2013-04-04 06:48 - 00000000 ___DC C:\FRST2013-04-02 12:20 - 2013-04-03 12:44 - 00000004 ___AC C:\Users\Roger\AppData\Roaming\skype.ini2013-03-14 09:09 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys2013-03-13 10:10 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-03-13 10:10 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-03-13 10:10 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-03-13 10:10 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-03-13 10:10 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-03-13 10:10 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-03-13 10:10 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-03-13 10:10 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-03-13 10:10 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-03-13 10:10 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-03-13 10:10 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-03-13 10:10 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-03-13 09:04 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-03-13 09:04 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-03-13 09:03 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-03-13 09:03 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-03-11 08:06 - 2013-03-11 08:06 - 00018821 ____A C:\Users\Roger\Downloads\Jamies CV (2).docm==================== One Month Modified Files and Folders ========2013-04-04 06:48 - 2013-04-04 06:48 - 00000000 ___DC C:\FRST2013-04-03 12:44 - 2013-04-02 12:20 - 00000004 ___AC C:\Users\Roger\AppData\Roaming\skype.ini2013-04-03 12:35 - 2012-04-03 02:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-04-03 12:32 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-04-03 12:32 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-04-03 12:31 - 2009-08-20 20:10 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-04-03 12:31 - 2009-01-14 09:52 - 00000147 ____A C:\Windows\System32\agent.log2013-04-03 12:30 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-04-03 12:00 - 2009-06-28 20:15 - 00000012 ____A C:\Windows\bthservsdp.dat2013-04-03 12:00 - 2009-02-28 05:30 - 01086585 ____A C:\Windows\WindowsUpdate.log2013-04-03 12:00 - 2006-11-02 05:01 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-04-03 11:16 - 2009-08-20 20:10 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-04-03 10:37 - 2011-11-10 22:18 - 00000254 ____A C:\Windows\Tasks\RMSchedule.job2013-04-03 10:30 - 2011-12-24 00:49 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2308826561-886900448-1440512738-1000UA.job2013-04-02 22:29 - 2013-01-10 09:00 - 00000680 ___AC C:\Users\Roger\AppData\Local\d3d9caps.dat2013-04-02 13:20 - 2011-12-24 00:49 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2308826561-886900448-1440512738-1000Core.job2013-04-02 11:44 - 2011-04-05 04:19 - 00000000 ____D C:\Users\Roger\AppData\Roaming\vlc2013-04-01 03:39 - 2009-08-20 01:16 - 00000000 ____D C:\Users\Roger\AppData\Roaming\Skype2013-03-24 03:03 - 2012-06-12 22:48 - 00000000 ____D C:\Users\Roger\AppData\Roaming\dvdcss2013-03-18 06:54 - 2006-11-02 04:52 - 00112314 ____A C:\Windows\setupact.log2013-03-13 10:34 - 2010-10-31 23:40 - 00000000 ___DC C:\Program Files\Microsoft Silverlight2013-03-13 10:23 - 2006-11-02 02:24 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-03-12 11:35 - 2012-04-03 02:37 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-03-12 11:35 - 2012-04-03 02:37 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-03-11 08:06 - 2013-03-11 08:06 - 00018821 ____A C:\Users\Roger\Downloads\Jamies CV (2).docm==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2012-12-11 23:01] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  ============================================= Memory info =========================== Percentage of memory in use: 17%Total physical RAM: 1789.68 MBAvailable physical RAM: 1484.3 MBTotal Pagefile: 1733.57 MBAvailable Pagefile: 1601.49 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1966.31 MB==================== Partitions =============================1 Drive c: (ACER) (Fixed) (Total:144.05 GB) (Free:0.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]2 Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:116.52 GB) NTFS3 Drive e: (TAMARA_DREWE) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF4 Drive f: (ALEXDARBON) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT325 Drive x: (PQSERVICE) (Fixed) (Total:10 GB) (Free:0.97 GB) NTFS  Disk ###  Status      Size     Free     Dyn  Gpt  --------  ----------  -------  -------  ---  ---  Disk 0    Online       298 GB      0 B           Disk 1    Online      3819 MB      0 B         Partitions of Disk 0:===============  Partition ###  Type              Size     Offset  -------------  ----------------  -------  -------  Partition 1    OEM                 10 GB    32 KB  Partition 2    Primary            144 GB    10 GB  Partition 3    Primary            144 GB   154 GB=========================================================Disk: 0Partition 1Type  : 27Hidden: YesActive: No  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 4     X   PQSERVICE    NTFS   Partition     10 GB  Healthy    Hidden  =========================================================Disk: 0Partition 2Type  : 07Hidden: NoActive: Yes  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 1     C   ACER         NTFS   Partition    144 GB  Healthy            =========================================================Disk: 0Partition 3Type  : 07Hidden: NoActive: No  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 2     D   DATA         NTFS   Partition    144 GB  Healthy            =========================================================Partitions of Disk 1:===============  Partition ###  Type              Size     Offset  -------------  ----------------  -------  -------  Partition 1    Primary           3812 MB    32 KB=========================================================Disk: 1Partition 1Type  : 0BHidden: NoActive: Yes  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info  ----------  ---  -----------  -----  ----------  -------  ---------  --------* Volume 3     F   ALEXDARBON   FAT32  Removable   3812 MB  Healthy            ======================================================================================= MBR Partition Table ================================================Partitions of Disk 0:===============Disk ID: 3EACA526Partition 1:=========Hex: 0001010027FEFFFF3F0000005B244001Active: NOType: 27Size: 10 GBPartition 2:=========Hex: 8000C1FF07FEFFFF9A24400174780112Active: YESType: 07 (NTFS)Size: 144 GBPartition 3:=========Hex: 0000C1FF07FEFFFF0E9D4113B3390112Active: NOType: 07 (NTFS)Size: 144 GB==============================Partitions of Disk 1:===============Disk ID: C47F60A1Partition 1:=========Hex: 800101000BFE7FE53F00000066227700Active: YESType: 0BSize: 4 GBLast Boot: 2013-04-03 12:37==================== End Of Log ============================</blockquote>

Verification

Top