TechSpot

[A] Help with Sirefef.r & Sirefef.ah

Inactive
By eldude_182
Aug 1, 2012
  1. I have a windows vista 32 bit system here are my results:

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 02-08-2012 01:22:47
    Running from G:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-02-11] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-02-11] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-02-11] (Intel Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Jenny\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
    HKU\Jenny\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 200.107.239.2

    ================================ Services (Whitelisted) ==================

    2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] ()
    2 BBSvc; C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [193816 2012-02-13] (Microsoft Corporation.)
    3 BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [240408 2012-02-13] (Microsoft Corporation.)
    2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [506416 2008-01-02] (Egis Incorporated)
    2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
    2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
    2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
    2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
    2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [110592 2007-11-27] ()
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
    3 PCTSFileEnum; C:\Program Files\PC Tools\DMScanning\PCTSFiles.exe [89048 2012-06-22] (PC Tools)
    2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [266343 2007-12-04] ()
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-07] (Skype Technologies)
    2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
    2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
    3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]

    ========================== Drivers (Whitelisted) =============

    3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd)
    2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
    0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
    0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
    1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
    3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
    3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516032 2009-01-09] (C-Media Electronics Inc)
    3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
    2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
    2012-07-29 20:24 - 2012-07-30 15:25 - 00000000 ____D C:\FRST
    2012-07-29 19:04 - 2012-07-29 19:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Users\Jenny\AppData\Local\VS Revo Group
    2012-07-29 18:48 - 2012-07-29 18:48 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-07-29 18:48 - 2009-12-30 03:21 - 00027192 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
    2012-07-29 18:44 - 2012-07-29 18:45 - 00000000 ____D C:\Users\Jenny\Downloads\Revo.Uninstaller.Pro.v2.5.8.0.Cracked-F4CG
    2012-07-29 18:19 - 2012-07-29 18:21 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-07-29 18:19 - 2012-07-29 18:19 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TuneUp Software
    2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
    2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
    2012-07-29 17:33 - 2012-07-29 17:33 - 00000000 ____D C:\Program Files\uTorrent
    2012-07-29 17:32 - 2012-07-29 18:56 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\uTorrent
    2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
    2012-07-29 16:52 - 2012-06-22 03:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-07-29 16:52 - 2012-06-22 03:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-07-29 16:52 - 2012-06-22 03:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-07-29 16:52 - 2012-06-22 03:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
    2012-07-29 16:52 - 2012-06-22 03:38 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-07-29 16:52 - 2012-06-22 02:43 - 00003488 ____A C:\Windows\UDB.zip
    2012-07-29 16:52 - 2012-06-22 02:43 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-07-29 16:52 - 2012-06-22 02:43 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-07-29 16:52 - 2012-06-22 02:43 - 00000131 ____A C:\Windows\IDB.zip
    2012-07-29 16:51 - 2012-06-22 07:29 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
    2012-07-29 16:51 - 2012-06-22 07:29 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
    2012-07-29 16:50 - 2012-06-22 07:35 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
    2012-07-29 16:50 - 2012-06-22 07:33 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
    2012-07-29 16:27 - 2012-07-29 18:54 - 00000000 ____D C:\Program Files\PC Tools
    2012-07-29 16:27 - 2012-07-29 16:52 - 00000000 ____D C:\Program Files\Common Files\PC Tools
    2012-07-29 16:27 - 2012-06-22 07:34 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
    2012-07-29 16:27 - 2012-04-23 04:36 - 00383368 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
    2012-07-29 16:27 - 2012-04-23 04:36 - 00162584 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
    2012-07-29 16:27 - 2012-02-28 03:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
    2012-07-29 16:27 - 2012-02-28 03:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
    2012-07-29 16:26 - 2012-07-29 16:50 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-07-29 16:26 - 2012-07-29 16:26 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\TestApp
    2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
    2012-07-29 15:42 - 2012-07-29 15:42 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-07-29 15:39 - 2012-07-29 15:42 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
    2012-07-29 15:18 - 2012-07-29 19:05 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-07-29 15:17 - 2012-07-29 15:18 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
    2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
    2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
    2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
    2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
    2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
    2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
    2012-07-26 15:52 - 2012-07-26 15:56 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
    2012-07-26 15:52 - 2012-07-26 15:56 - 00016384 ____A C:\Users\Jenny\zmgf.exe
    2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
    2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
    2012-07-21 14:16 - 2012-07-21 14:17 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
    2012-07-21 14:08 - 2012-07-29 19:17 - 00000000 ____D C:\Users\Jenny\AppData\Local\PokerStars.NET
    2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
    2012-07-21 14:07 - 2012-07-21 14:09 - 00000000 ____D C:\Program Files\PokerStars.NET
    2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
    2012-07-09 07:41 - 2012-07-09 07:41 - 00000000 ____D C:\Users\Jenny\AppData\Local\Downloaded Installations

    ============ 3 Months Modified Files ========================

    2012-08-01 16:56 - 2012-08-01 16:56 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vnjxqmas.sys
    2012-08-01 16:56 - 2011-07-28 12:41 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-01 16:55 - 2006-11-02 07:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-01 16:55 - 2006-11-02 06:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-01 16:54 - 2008-01-20 20:47 - 01407852 ____A C:\Windows\PFRO.log
    2012-08-01 16:53 - 2006-11-02 07:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-30 15:52 - 2006-11-02 06:47 - 00303536 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-29 21:06 - 2012-05-06 14:30 - 00000680 ____A C:\Users\Jenny\AppData\Local\d3d9caps.dat
    2012-07-29 20:58 - 2008-01-21 01:23 - 01506514 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-29 20:45 - 2008-07-14 12:36 - 01274328 ____A C:\Windows\WindowsUpdate.log
    2012-07-29 19:05 - 2012-07-29 15:18 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-07-29 19:00 - 2012-06-14 07:13 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-29 17:41 - 2012-07-29 17:41 - 00006655 ____A C:\Users\Jenny\Downloads\Read Me.txt
    2012-07-29 17:41 - 2012-07-29 17:41 - 00000179 ____A C:\Users\Jenny\Downloads\license.txt
    2012-07-29 17:31 - 2012-07-29 17:31 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Jenny\Downloads\uTorrent.exe
    2012-07-29 16:04 - 2012-07-29 16:04 - 00001818 ____A C:\Users\Jenny\Documents\antivirus.txt
    2012-07-29 15:42 - 2012-07-29 15:39 - 27959216 ____A (TuneUp Software) C:\Users\Jenny\Downloads\TuneUpUtilities2012_es-ES.exe
    2012-07-29 15:18 - 2012-07-29 15:17 - 10300288 ____A (Microsoft Corporation) C:\Users\Jenny\Downloads\mseinstall.exe
    2012-07-26 15:59 - 2012-07-26 15:59 - 00217088 __RSH (gv) C:\Users\Jenny\koiumi.exe
    2012-07-26 15:59 - 2012-07-26 15:59 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\jiarem.com
    2012-07-26 15:56 - 2012-07-26 15:56 - 00193024 ____A C:\Users\Jenny\1mgf.exe
    2012-07-26 15:56 - 2012-07-26 15:56 - 00086016 __RSH (rousedness) C:\Users\Jenny\jmbav.exe
    2012-07-26 15:56 - 2012-07-26 15:56 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\hiizuz.com
    2012-07-26 15:56 - 2012-07-26 15:52 - 00086016 ____A (rousedness) C:\Users\Jenny\start1.exe
    2012-07-26 15:56 - 2012-07-26 15:52 - 00016384 ____A C:\Users\Jenny\zmgf.exe
    2012-07-26 15:53 - 2012-07-26 15:53 - 00086016 __RSH (rousedness) C:\Users\Jenny\niedep.exe
    2012-07-26 15:52 - 2012-07-26 15:52 - 00086016 __RSH (rousedness) C:\Users\Jenny\heateh.exe
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\weohox.com
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\puipeb.com
    2012-07-26 15:52 - 2012-07-26 15:52 - 00053248 ____A (Nonsyllabic) C:\Users\Jenny\kbiw.com
    2012-07-25 07:29 - 2006-11-02 06:52 - 00192559 ____A C:\Windows\setupact.log
    2012-07-21 14:22 - 2012-07-21 14:22 - 19119176 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM.exe
    2012-07-21 14:17 - 2012-07-21 14:16 - 19119168 ____A (PokerStars) C:\Users\Jenny\Downloads\PokerStarsInstallPM (1).exe
    2012-07-21 14:08 - 2012-07-21 14:08 - 00000894 ____A C:\Users\Public\Desktop\PokerStars.net.lnk
    2012-07-21 04:58 - 2012-07-21 04:58 - 00000288 ____A C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
    2012-07-12 10:03 - 2012-06-14 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-12 10:03 - 2012-06-14 07:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-06-22 07:35 - 2012-07-29 16:50 - 00070568 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
    2012-06-22 07:34 - 2012-07-29 16:27 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
    2012-06-22 07:33 - 2012-07-29 16:50 - 00017880 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
    2012-06-22 07:29 - 2012-07-29 16:51 - 00254944 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
    2012-06-22 07:29 - 2012-07-29 16:51 - 00107896 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
    2012-06-22 03:39 - 2012-07-29 16:52 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
    2012-06-22 03:39 - 2012-07-29 16:52 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
    2012-06-22 03:39 - 2012-07-29 16:52 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
    2012-06-22 03:39 - 2012-07-29 16:52 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
    2012-06-22 03:38 - 2012-07-29 16:52 - 00767960 ____A C:\Windows\BDTSupport.dll
    2012-06-22 02:43 - 2012-07-29 16:52 - 00003488 ____A C:\Windows\UDB.zip
    2012-06-22 02:43 - 2012-07-29 16:52 - 00000882 ____A C:\Windows\RegSDImport.xml
    2012-06-22 02:43 - 2012-07-29 16:52 - 00000879 ____A C:\Windows\RegISSImport.xml
    2012-06-22 02:43 - 2012-07-29 16:52 - 00000131 ____A C:\Windows\IDB.zip
    2012-06-14 08:20 - 2012-06-14 08:20 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-14 08:13 - 2012-06-14 08:13 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Jenny\Downloads\SkypeSetup.exe
    2012-06-06 05:00 - 2012-06-06 05:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2012-06-06 04:57 - 2012-06-06 04:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
    2012-06-05 23:28 - 2012-06-05 23:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-06-05 23:28 - 2012-06-05 23:28 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-06-05 23:28 - 2012-06-05 23:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\advpack.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-06-05 23:28 - 2012-06-05 23:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-06-05 23:28 - 2012-06-05 23:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-06-05 23:28 - 2012-06-05 23:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-06-05 23:28 - 2012-06-05 19:22 - 00009855 ____A C:\Windows\IE9_main.log
    2012-06-05 23:28 - 2006-11-02 00:32 - 00008798 ____A C:\Windows\System32\icrav03.rat
    2012-06-05 23:28 - 2006-11-02 00:32 - 00001988 ____A C:\Windows\System32\ticrf.rat
    2012-06-05 23:27 - 2012-06-05 23:27 - 00979456 ____A (Microsoft Corporation) C:\Windows\System32\MFH264Dec.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 02873344 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 01554432 ____A (Microsoft Corporation) C:\Windows\System32\xpsservices.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 01075712 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 01029120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00847360 ____A (Microsoft Corporation) C:\Windows\System32\OpcServices.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00667648 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
    2012-06-05 23:26 - 2012-06-05 23:26 - 00638336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2012-06-05 23:26 - 2012-06-05 23:26 - 00586240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00486400 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00357376 ____A (Microsoft Corporation) C:\Windows\System32\MFHEAACdec.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00302592 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4src.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00261632 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\winspool.drv
    2012-06-05 23:26 - 2012-06-05 23:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00189952 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2012-06-05 23:26 - 2012-06-05 23:26 - 00026112 ____A (Microsoft Corporation) C:\Windows\System32\printfilterpipelineprxy.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00974848 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00519680 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00369664 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00321024 ____A (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00252928 ____A (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
    2012-06-05 23:25 - 2012-06-05 23:25 - 00195584 ____A (Microsoft Corporation) C:\Windows\System32\dxdiagn.dll
    2012-06-05 23:25 - 2012-06-05 23:25 - 00189440 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
    2012-06-05 22:17 - 2012-06-05 22:17 - 00000445 ____A C:\Windows\SynInst.log
    2012-05-31 04:25 - 2012-06-05 17:48 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-29 10:52 - 2012-05-29 10:52 - 01695705 ____A C:\Users\Jenny\Downloads\work contracts.zip
    2012-05-06 14:47 - 2012-05-06 14:47 - 00000552 ____A C:\Users\Jenny\AppData\Local\d3d8caps.dat


    ZeroAccess:
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\00000004.@
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L\201d3dde

    ZeroAccess:
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\@
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\L
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\n
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c}\U

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 18%
    Total physical RAM: 2037.68 MB
    Available physical RAM: 1660.12 MB
    Total Pagefile: 1850.34 MB
    Available Pagefile: 1712.9 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1980.93 MB

    ======================= Partitions =========================

    1 Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:20.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.43 GB) NTFS
    3 Drive e: (MultiBoot) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
    4 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.05 GB) NTFS
    5 Drive g: () (Removable) (Total:7.39 GB) (Free:7.39 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Disk 1 Online 7584 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 10 GB 32 KB
    Partition 2 Primary 70 GB 10 GB
    Partition 3 Primary 70 GB 80 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F PQSERVICE NTFS Partition 10 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 70 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 70 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7584 MB 40 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G FAT32 Removable 7584 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-29 19:06

    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-02 01:24:02
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2011-07-28 12:41] - [2009-04-11 00:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 20:24] - [2008-01-20 20:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2011-07-28 12:41] - [2012-08-01 16:56] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

    === End Of Search ===
     
  2. Broni

    Broni Malware Annihilator Posts: 47,707   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  3. eldude_182

    eldude_182 TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-02 22:09:40 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\Drivers\vnjxqmas.sys moved successfully.
    C:\Windows\Installer\{3624a3a5-981d-04b1-98b0-f76430e75c5c} moved successfully.
    C:\Users\Jenny\AppData\Local\{3624a3a5-981d-04b1-98b0-f76430e75c5c} moved successfully.
    Could not move C:\Windows\assembly\GAC\Desktop.ini.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  4. eldude_182

    eldude_182 TS Rookie Topic Starter

    ComboFix 12-07-31.03 - Jenny 02/08/2012 22:54:58.1.2 - x86
    Running from: F:\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jenny\1mgf.exe
    c:\users\Jenny\AppData\Roaming\.#
    c:\users\Jenny\AppData\Roaming\.#\MBX@1078@1C92990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1078@1C929C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1078@1C929F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@10D4@262990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@10D4@2629C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@10D4@2629F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1130@1AD2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1130@1AD29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1130@1AD29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@11F8@1B82990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@11F8@1B829C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@11F8@1B829F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@120C@1852990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@120C@18529C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@120C@18529F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@123C@1C42990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@123C@1C429C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@123C@1C429F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1324@17F2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1324@17F29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1324@17F29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@134C@1762990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@134C@17629C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@134C@17629F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1394@1BF2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1394@1BF29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1394@1BF29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@13B4@3F2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@13B4@3F29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@13B4@3F29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1400@1D52990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1400@1D529C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1400@1D529F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1500@1C2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1500@1C29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1500@1C29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1504@1CB2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1504@1CB29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1504@1CB29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1568@3D2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1568@3D29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1568@3D29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1570@9B2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1570@9B29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1570@9B29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1574@1702990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1574@17029C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1574@17029F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@15C4@1DA2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@15C4@1DA29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@15C4@1DA29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1668@18A2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1668@18A29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1668@18A29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16B8@1B12990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16B8@1B129C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16B8@1B129F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16D4@1BA2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16D4@1BA29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16D4@1BA29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16FC@1C72990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16FC@1C729C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@16FC@1C729F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1704@1CD2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1704@1CD29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1704@1CD29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@178C@242990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@178C@2429C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@178C@2429F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@17D0@1B02990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@17D0@1B029C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@17D0@1B029F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1FC@1702990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1FC@17029C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@1FC@17029F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@410@1BA2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@410@1BA29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@410@1BA29F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@574@292990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@574@2929C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@574@2929F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@99C@1772990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@99C@17729C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@99C@17729F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@BBC@1C12990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@BBC@1C129C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@BBC@1C129F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@E20@1C02990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@E20@1C029C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@E20@1C029F0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@F30@6F2990.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@F30@6F29C0.###
    c:\users\Jenny\AppData\Roaming\.#\MBX@F30@6F29F0.###
    c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
    c:\users\Jenny\heateh.exe
    c:\users\Jenny\hiizuz.com
    c:\users\Jenny\jiarem.com
    c:\users\Jenny\jmbav.exe
    c:\users\Jenny\kbiw.com
    c:\users\Jenny\koiumi.exe
    c:\users\Jenny\niedep.exe
    c:\users\Jenny\puipeb.com
    c:\users\Jenny\start1.exe
    c:\users\Jenny\weohox.com
    c:\users\Jenny\zmgf.exe
    c:\windows\System32\Desktop_.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 21:06 . 2012-08-02 21:0656200----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9723192C-5F0E-486B-9B0F-9089C0D62AC1}\offreg.dll
    2012-08-02 21:04 . 2012-08-02 21:07--------d-----w-c:\users\Jenny\AppData\Local\temp
    2012-08-02 20:23 . 2012-08-02 20:23--------d--h--w-c:\windows\PIF
    2012-07-30 02:24 . 2012-07-30 21:25--------d-----w-C:\FRST
    2012-07-30 01:20 . 2012-02-09 12:17713784----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB596885-9313-44E5-BDD3-C103B9DCFD65}\gapaengine.dll
    2012-07-30 01:19 . 2012-07-16 00:416891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9723192C-5F0E-486B-9B0F-9089C0D62AC1}\mpengine.dll
    2012-07-30 01:04 . 2012-07-30 01:05--------d-----w-c:\program files\Microsoft Security Client
    2012-07-30 00:48 . 2012-07-30 00:48--------d-----w-c:\users\Jenny\AppData\Local\VS Revo Group
    2012-07-30 00:48 . 2009-12-30 09:2127192----a-w-c:\windows\system32\drivers\revoflt.sys
    2012-07-30 00:48 . 2012-07-30 00:48--------d-----w-c:\program files\VS Revo Group
    2012-07-30 00:19 . 2012-07-30 00:19--------d-----w-c:\users\Jenny\AppData\Roaming\TuneUp Software
    2012-07-30 00:19 . 2012-07-30 00:21--------d-----w-c:\programdata\TuneUp Software
    2012-07-29 23:33 . 2012-07-29 23:33--------d-----w-c:\program files\uTorrent
    2012-07-29 23:32 . 2012-07-30 00:56--------d-----w-c:\users\Jenny\AppData\Roaming\uTorrent
    2012-07-29 22:52 . 2012-06-22 09:3970768----a-w-c:\windows\system32\drivers\PCTBD.sys
    2012-07-29 22:27 . 2012-06-22 13:34203120----a-w-c:\windows\system32\drivers\PCTSD.sys
    2012-07-29 22:27 . 2012-07-30 00:54--------d-----w-c:\program files\PC Tools
    2012-07-29 22:26 . 2012-07-29 22:50--------d-----w-c:\programdata\PC Tools
    2012-07-29 22:26 . 2012-07-29 22:26--------d-----w-c:\users\Jenny\AppData\Roaming\TestApp
    2012-07-29 21:42 . 2012-07-29 21:42--------d-sh--w-c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2012-07-29 21:42 . 2012-07-29 21:42--------d--h--w-c:\programdata\Common Files
    2012-07-21 20:08 . 2012-07-30 01:17--------d-----w-c:\users\Jenny\AppData\Local\PokerStars.NET
    2012-07-21 20:07 . 2012-07-21 20:09--------d-----w-c:\program files\PokerStars.NET
    2012-07-09 13:41 . 2012-07-09 13:41--------d-----w-c:\users\Jenny\AppData\Local\Downloaded Installations
    2012-07-08 01:20 . 2012-07-08 01:20489232----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 16:03 . 2012-06-14 13:1370344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 16:03 . 2012-06-14 13:13426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-06-29 08:44 . 2012-07-20 23:516891424------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4F8E6A5-BD36-42BA-A168-50E66DFA8F82}\mpengine.dll
    2012-06-22 08:43 . 2012-07-29 22:523488----a-w-c:\windows\UDB.zip
    2012-06-22 08:43 . 2012-07-29 22:52131----a-w-c:\windows\IDB.zip
    2012-06-06 05:28 . 2012-06-06 05:28161792----a-w-c:\windows\system32\msls31.dll
    2012-06-06 05:28 . 2012-06-06 05:2886528----a-w-c:\windows\system32\iesysprep.dll
    2012-06-06 05:28 . 2012-06-06 05:2876800----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2012-06-06 05:28 . 2012-06-06 05:2874752----a-w-c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-06 05:28 . 2012-06-06 05:2863488----a-w-c:\windows\system32\tdc.ocx
    2012-06-06 05:28 . 2012-06-06 05:2848640----a-w-c:\windows\system32\mshtmler.dll
    2012-06-06 05:28 . 2012-06-06 05:28367104----a-w-c:\windows\system32\html.iec
    2012-06-06 05:28 . 2012-06-06 05:2874752----a-w-c:\windows\system32\iesetup.dll
    2012-06-06 05:28 . 2012-06-06 05:2823552----a-w-c:\windows\system32\licmgr10.dll
    2012-06-06 05:28 . 2012-06-06 05:28420864----a-w-c:\windows\system32\vbscript.dll
    2012-06-06 05:28 . 2012-06-06 05:28152064----a-w-c:\windows\system32\wextract.exe
    2012-06-06 05:28 . 2012-06-06 05:28150528----a-w-c:\windows\system32\iexpress.exe
    2012-06-06 05:28 . 2012-06-06 05:28142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-06 05:28 . 2012-06-06 05:2835840----a-w-c:\windows\system32\imgutil.dll
    2012-06-06 05:28 . 2012-06-06 05:2811776----a-w-c:\windows\system32\mshta.exe
    2012-06-06 05:28 . 2012-06-06 05:28110592----a-w-c:\windows\system32\IEAdvpack.dll
    2012-06-06 05:28 . 2012-06-06 05:28101888----a-w-c:\windows\system32\admparse.dll
    2012-06-06 05:27 . 2012-06-06 05:27979456----a-w-c:\windows\system32\MFH264Dec.dll
    2012-06-06 05:26 . 2012-06-06 05:2698816----a-w-c:\windows\system32\mfps.dll
    2012-06-06 05:26 . 2012-06-06 05:26357376----a-w-c:\windows\system32\MFHEAACdec.dll
    2012-06-06 05:26 . 2012-06-06 05:26302592----a-w-c:\windows\system32\mfmp4src.dll
    2012-06-06 05:26 . 2012-06-06 05:262873344----a-w-c:\windows\system32\mf.dll
    2012-06-06 05:26 . 2012-06-06 05:26261632----a-w-c:\windows\system32\mfreadwrite.dll
    2012-06-06 05:26 . 2012-06-06 05:26586240----a-w-c:\windows\system32\stobject.dll
    2012-06-06 05:26 . 2012-06-06 05:26209920----a-w-c:\windows\system32\mfplat.dll
    2012-06-06 05:26 . 2012-06-06 05:26135680----a-w-c:\windows\system32\XpsRasterService.dll
    2012-06-06 05:26 . 2012-06-06 05:26638336----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2012-06-06 05:26 . 2012-06-06 05:26486400----a-w-c:\windows\system32\d3d10level9.dll
    2012-06-06 05:26 . 2012-06-06 05:26478720----a-w-c:\windows\system32\dxgi.dll
    2012-06-06 05:26 . 2012-06-06 05:2637376----a-w-c:\windows\system32\cdd.dll
    2012-06-06 05:26 . 2012-06-06 05:26258048----a-w-c:\windows\system32\winspool.drv
    2012-06-06 05:26 . 2012-06-06 05:26189952----a-w-c:\windows\system32\d3d10core.dll
    2012-06-06 05:26 . 2012-06-06 05:261029120----a-w-c:\windows\system32\d3d10.dll
    2012-06-06 05:26 . 2012-06-06 05:26847360----a-w-c:\windows\system32\OpcServices.dll
    2012-06-06 05:26 . 2012-06-06 05:26667648----a-w-c:\windows\system32\printfilterpipelinesvc.exe
    2012-06-06 05:26 . 2012-06-06 05:2626112----a-w-c:\windows\system32\printfilterpipelineprxy.dll
    2012-06-06 05:26 . 2012-06-06 05:261554432----a-w-c:\windows\system32\xpsservices.dll
    2012-06-06 05:25 . 2012-06-06 05:254096----a-w-c:\windows\system32\drivers\es-ES\dxgkrnl.sys.mui
    2012-06-06 05:25 . 2012-06-06 05:25369664----a-w-c:\windows\system32\WMPhoto.dll
    2012-06-06 05:25 . 2012-06-06 05:25252928----a-w-c:\windows\system32\dxdiag.exe
    2012-06-06 05:25 . 2012-06-06 05:25195584----a-w-c:\windows\system32\dxdiagn.dll
    2012-06-06 05:25 . 2012-06-06 05:25974848----a-w-c:\windows\system32\WindowsCodecs.dll
    2012-06-06 05:25 . 2012-06-06 05:25519680----a-w-c:\windows\system32\d3d11.dll
    2012-06-06 05:25 . 2012-06-06 05:25321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
    2012-06-06 05:25 . 2012-06-06 05:25189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
    2012-05-31 10:25 . 2012-06-05 23:48237072------w-c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-06 19:331519304----a-w-c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-01-03 01:0039472----a-w-c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Jenny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
    path=c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
    backup=c:\windows\pss\Orion.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Jenny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
    path=c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
    backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-11-19 22:171261568----a-w-c:\program files\Acer\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-11-26 18:213387392----a-w-c:\program files\Acer\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-03-08 03:3840048----a-w-c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2012-06-06 19:331564872----a-w-c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost]
    2008-01-21 02:25192000----a-w-c:\windows\System32\p2phost.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
    2007-10-10 05:411286144----a-w-c:\acer\Empowering Technology\eAudio\eAudio.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2008-01-03 00:55521776----a-w-c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-02-11 18:13166424----a-w-c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2007-10-03 14:44178712----a-w-c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-02-11 18:13141848----a-w-c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-05-16 23:58213936----a-w-c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java Update Manager]
    2010-09-19 14:3348128--sh--r-c:\users\Public\HEX-5823-6893-6818\jutched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2008-01-02 13:17707080----a-w-c:\progra~1\LAUNCH~1\QtZgAcer.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-02-11 18:13133656----a-w-c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
    2008-01-22 09:14200704------w-c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
    2007-10-23 09:56200704----a-w-c:\windows\PLFSetI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2007-05-28 08:294472832----a-w-c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:281233920----a-w-c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-05-28 12:391826816----a-w-c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:231008184----a-w-c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "eRecoveryService"=
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 16:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.hn/
    mStart Page = hxxp://es.us.acer.yahoo.com
    IE: Adición a la lista de impresión de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Impresión a alta velocidad de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    IE: Impresión de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    IE: Vista previa de Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 208.67.220.220 200.107.239.2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-sdAuxService
    SafeBoot-sdCoreService
    MSConfigStartUp-audizard - c:\users\Jenny\AppData\Local\Temp\NAPSgini.dll
    MSConfigStartUp-Cm106Sound - cm106.cpl
    MSConfigStartUp-heateh - c:\users\Jenny\heateh.exe
    MSConfigStartUp-jmbav - c:\users\Jenny\jmbav.exe
    MSConfigStartUp-koiumi - c:\users\Jenny\koiumi.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-niedep - c:\users\Jenny\niedep.exe
    MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
    MSConfigStartUp-SynTPStart - c:\program files\Synaptics\SynTP\SynTPStart.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3032)
    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\agrsmsvc.exe
    c:\acer\ALaunch\ALaunchSvc.exe
    c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
    c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\windows\system32\WUDFHost.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\ehome\ehmsas.exe
    c:\windows\System32\rundll32.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 23:12:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 21:12
    .
    Pre-Run: 22,536,380,416 bytes libres
    Post-Run: 22,380,969,984 bytes libres
    .
    - - End Of File - - E1DE8785E8F62D4DD296CE9F00054CBC
     
  5. Broni

    Broni Malware Annihilator Posts: 47,707   +268

    Looks good :)

    How is computer doing?

    ================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. eldude_182

    eldude_182 TS Rookie Topic Starter

    So far So good:cool:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Versión de la Base de Datos: v2012.08.03.09
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Jenny :: JENNY1 [administrador]
    04/08/2012 12:10:07 a.m.
    mbam-log-2012-08-04 (00-10-07).txt
    Tipos de Análisis: Análisis Rápido
    Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opciones de análisis desactivados: P2P
    Objetos examinados: 182697
    Tiempo transcurrido: 7 minuto(s), 22 segundo(s)
    Procesos en Memoria Detectados: 0
    (No se han detectado elementos maliciosos)
    Módulos de Memoria Detectados: 0
    (No se han detectado elementos maliciosos)
    Claves del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Valores del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Elementos de Datos del Registro Detectados: 0
    (No se han detectado elementos maliciosos)
    Carpetas Detectadas: 0
    (No se han detectado elementos maliciosos)
    Archivos Detectados: 0
    (No se han detectado elementos maliciosos)
    fin)
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------
    OTL logfile created on: 04/08/2012 12:21:33 a.m. - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jenny\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.72% Memory free
    4.21 Gb Paging File | 2.80 Gb Available in Paging File | 66.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.77 Gb Total Space | 20.98 Gb Free Space | 30.08% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 69.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 7.37 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

    Computer Name: JENNY1 | User Name: Jenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/03 15:43:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    PRC - [2012/06/06 07:28:07 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Internet Explorer\iexplore.exe
    PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Archivos de programa\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/01/03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
    PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2006/04/18 19:04:14 | 000,034,304 | ---- | M] () -- C:\Archivos de programa\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    MOD - [2006/04/18 19:04:02 | 000,064,000 | ---- | M] () -- C:\Archivos de programa\Canon\Easy-WebPrint\EWPCore.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
    SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
    SRV - [2012/08/04 00:09:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/22 15:34:12 | 000,089,048 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Archivos de programa\PC Tools\DMScanning\PCTSFiles.exe -- (PCTSFileEnum)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Archivos de programa\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Archivos de programa\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Archivos de programa\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
    SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2008/01/21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
    SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/06/22 15:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/06/22 11:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
    DRV - [2012/04/23 12:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/02/28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
    DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/01/09 10:03:44 | 001,516,032 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
    DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
    DRV - [2008/01/04 17:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Archivos de programa\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
    DRV - [2007/11/07 19:15:44 | 000,012,928 | ---- | M] (Padix Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DynCal.sys -- (DynCal)
    DRV - [2007/10/31 20:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007/08/08 21:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
    DRV - [2007/06/12 11:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV - [2007/03/28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
    DRV - [2007/03/09 23:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.us.acer.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hn/
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\SearchScopes\{43AE93E3-3082-4597-8BF5-722B6E7F6AB3}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=F6808093-2D50-45BA-A869-EF7FE3D6376B
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://espanol.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
    IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\


    O1 HOSTS File: ([2012/08/02 23:06:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Archivos de programa\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Archivos de programa\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Archivos de programa\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Adición a la lista de impresión de Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Impresión a alta velocidad de Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Impresión de Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O8 - Extra context menu item: Vista previa de Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF59A50A-C266-4A58-B5EC-BA10B0F18545}: DhcpNameServer = 192.168.43.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/04 00:00:01 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
    [2012/08/03 23:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/03 23:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/03 23:59:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/03 23:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/03 23:47:48 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/03 23:47:48 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    [2012/08/02 23:12:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/02 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
    [2012/08/02 23:06:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/02 22:52:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/02 22:52:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/02 22:52:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/02 22:51:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/02 22:51:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/02 22:23:27 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
    [2012/07/30 04:24:52 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/30 03:12:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/30 03:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/30 02:48:56 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\VS Revo Group
    [2012/07/30 02:48:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2012/07/30 02:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2012/07/30 02:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/07/30 02:19:18 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TuneUp Software
    [2012/07/30 02:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2012/07/30 01:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2012/07/30 01:32:41 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\uTorrent
    [2012/07/30 00:52:22 | 000,070,768 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
    [2012/07/30 00:52:21 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2012/07/30 00:52:21 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2012/07/30 00:52:21 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2012/07/30 00:51:01 | 000,254,944 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2012/07/30 00:51:01 | 000,107,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2012/07/30 00:50:59 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
    [2012/07/30 00:50:57 | 000,070,568 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2012/07/30 00:27:29 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
    [2012/07/30 00:27:29 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
    [2012/07/30 00:27:28 | 000,383,368 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2012/07/30 00:27:28 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2012/07/30 00:27:27 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012/07/30 00:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/07/30 00:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012/07/30 00:26:27 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\TestApp
    [2012/07/30 00:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/07/29 23:42:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    [2012/07/29 23:42:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/07/21 22:08:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\PokerStars.NET
    [2012/07/21 22:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
    [2012/07/21 22:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
    [2012/07/09 15:41:33 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Downloaded Installations

    ========== Files - Modified Within 30 Days ==========

    [2012/08/04 00:09:05 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/04 00:08:54 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/04 00:08:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/08/03 23:59:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/03 23:49:33 | 000,678,936 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2012/08/03 23:49:33 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/03 23:49:33 | 000,134,270 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2012/08/03 23:49:33 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/03 23:25:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/03 23:25:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/03 23:25:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/03 23:25:07 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/03 15:43:32 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
    [2012/08/03 15:41:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/02 23:06:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/02 22:49:12 | 000,303,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/08/02 14:10:38 | 004,721,834 | ---- | M] () -- C:\Users\Jenny\Desktop\ComboFix.exe
    [2012/07/30 05:06:13 | 000,000,680 | ---- | M] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
    [2012/07/30 03:05:18 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/21 22:08:30 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
    [2012/07/21 12:58:03 | 000,000,288 | ---- | M] () -- C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
    [2012/07/07 02:23:16 | 005,464,182 | ---- | M] () -- C:\Users\Jenny\Desktop\02-Justin Bieber - Somebody To Love.mp3

    ========== Files Created - No Company Name ==========

    [2012/08/03 23:59:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/02 22:52:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/02 22:52:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/02 22:52:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/02 22:52:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/02 22:52:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/02 22:48:54 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/02 22:27:12 | 004,721,834 | ---- | C] () -- C:\Users\Jenny\Desktop\ComboFix.exe
    [2012/07/30 03:05:06 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/30 00:52:22 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2012/07/30 00:52:21 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
    [2012/07/30 00:52:21 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2012/07/30 00:52:21 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2012/07/30 00:52:21 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2012/07/29 23:18:19 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/21 22:08:30 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
    [2012/07/21 12:58:03 | 000,000,288 | ---- | C] () -- C:\Users\Jenny\Desktop\Terry Habdas Facebook.url
    [2012/05/06 22:47:54 | 000,000,552 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d8caps.dat
    [2012/05/06 22:30:04 | 000,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
    [2011/12/08 20:04:05 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2011/12/08 20:04:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2011/12/08 19:46:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\PressCancel.exe
    [2011/07/28 20:42:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/07/28 20:42:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/09/19 01:18:16 | 000,143,360 | R--- | C] () -- C:\Windows\Vmix106.dll
    [2010/09/19 01:18:10 | 000,000,420 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
    [2010/09/19 01:18:09 | 000,544,768 | R--- | C] () -- C:\Windows\System32\Cmeau106.exe
    [2010/09/19 01:17:24 | 000,000,092 | ---- | C] () -- C:\Windows\Cm106.ini.imi
    [2010/09/19 01:17:23 | 000,002,391 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
    [2010/09/18 20:22:59 | 000,299,008 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
    [2010/09/18 15:57:37 | 000,001,512 | ---- | C] () -- C:\Windows\checkip.dat
    [2010/09/18 15:55:31 | 000,000,201 | ---- | C] () -- C:\Windows\GPRS.ini
    [2010/09/18 15:55:31 | 000,000,034 | ---- | C] () -- C:\Windows\PHSMODEM.ini
    [2010/05/13 17:31:17 | 000,026,340 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
    [2009/08/05 15:03:53 | 000,028,160 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/31 18:42:37 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\wklnhst.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9F683177
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9E22BBE8
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:193426B4
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4F636E25
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:131C0EE9
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8AB6C1D7
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FC420CE6
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4BB26BE9
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:861A898F
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C95B63DA
    < End of report >
     
  7. eldude_182

    eldude_182 TS Rookie Topic Starter

  8. eldude_182

    eldude_182 TS Rookie Topic Starter

    OTL Extras logfile created on: 04/08/2012 12:21:33 a.m. - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jenny\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000480A | Country: Honduras | Language: ESH | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.72% Memory free
    4.21 Gb Paging File | 2.80 Gb Available in Paging File | 66.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.77 Gb Total Space | 20.98 Gb Free Space | 30.08% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 69.43 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 7.37 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

    Computer Name: JENNY1 | User Name: Jenny | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{02026CA6-38D8-464B-B0F5-443132C44BC9}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{3652D72A-AFF3-4D2E-8328-244AF6BD0893}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.3.1.109_Foxconn Installation Program
    "{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
    "{3521F008-6491-4FB4-A71E-89BD7B4B5B81}" = GPRS Modem Driver
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
    "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Support.com Toolbar
    "{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.170.25.19_Foxconn Installation Program
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
    "{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
    "{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
    "{DBB7F606-0C13-4182-AD7F-427A4773580E}" = VibrateGameDeviceDriver
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "Academy of Magic" = GameHouse Games Collection: Academy of Magic
    "Acer Assist" = Acer Assist
    "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
    "Acer Registration" = Acer Registration
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
    "Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
    "Alien Sky" = GameHouse Games Collection: Alien Sky
    "Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
    "Aloha TriPeaks" = GameHouse Games Collection: Aloha TriPeaks
    "Ancient Tri-Jong" = GameHouse Games Collection: Ancient Tri-Jong
    "Ancient Tripeaks" = GameHouse Games Collection: Ancient Tripeaks
    "Astrobatics" = GameHouse Games Collection: Astrobatics
    "Atlantis" = GameHouse Games Collection: Atlantis
    "Atomaders" = GameHouse Games Collection: Atomaders
    "Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
    "Bewitched" = GameHouse Games Collection: Bewitched
    "Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
    "Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
    "Bounce Out Blitz" = GameHouse Games Collection: Bounce Out Blitz
    "Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
    "Chainz" = GameHouse Games Collection: Chainz
    "Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
    "Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
    "Charm Tale" = GameHouse Games Collection: Charm Tale
    "Chicktionary" = GameHouse Games Collection: Chicktionary
    "Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
    "C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
    "Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
    "Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
    "Crystal Path" = GameHouse Games Collection: Crystal Path
    "Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
    "Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
    "Diner Dash" = GameHouse Games Collection: Diner Dash
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-WebPrint" = Easy-WebPrint
    "Feeding Frenzy" = GameHouse Games Collection: Feeding Frenzy
    "Fiber Twig" = GameHouse Games Collection: Fiber Twig
    "Five Card Deluxe" = GameHouse Games Collection: Five Card Deluxe
    "Flip Words" = GameHouse Games Collection: Flip Words
    "Flying Leo" = GameHouse Games Collection: Flying Leo
    "Fortune Tiles Gold" = GameHouse Games Collection: Fortune Tiles Gold
    "Fresco Wizard" = GameHouse Games Collection: Fresco Wizard
    "GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
    "Gearz" = GameHouse Games Collection: Gearz
    "Granny in Paradise" = GameHouse Games Collection: Granny in Paradise
    "GridVista" = Acer GridVista
    "Gutterball" = GameHouse Games Collection: Gutterball
    "Gutterball 2" = GameHouse Games Collection: Gutterball 2
    "Hamsterball" = GameHouse Games Collection: Hamsterball
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Hello!" = GameHouse Games Collection: Hello!
    "Holiday Express" = GameHouse Games Collection: Holiday Express
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Iggle Pop!" = GameHouse Games Collection: Iggle Pop!
    "Incadia" = GameHouse Games Collection: Incadia
    "Incredible Ink" = GameHouse Games Collection: Incredible Ink
    "Insaniquarium Deluxe" = GameHouse Games Collection: Insaniquarium Deluxe
    "Inspector Parker" = GameHouse Games Collection: Inspector Parker
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
    "Invadazoid" = GameHouse Games Collection: Invadazoid
    "Jewel Quest" = GameHouse Games Collection: Jewel Quest
    "Lemonade Tycoon" = GameHouse Games Collection: Lemonade Tycoon
    "Luxor" = GameHouse Games Collection: Luxor
    "Mad Caps" = GameHouse Games Collection: Mad Caps
    "Magic Ball 2" = GameHouse Games Collection: Magic Ball 2
    "Magic Ball 2 - New Worlds" = GameHouse Games Collection: Magic Ball 2 - New Worlds
    "Magic Ball Deluxe" = GameHouse Games Collection: Magic Ball
    "Magic Inlay" = GameHouse Games Collection: Magic Inlay
    "Magic Vines" = GameHouse Games Collection: Magic Vines
    "Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
    "Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
    "Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
    "Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
    "Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.62.0.1300
    "Maui Wowee" = GameHouse Games Collection: Maui Wowee
    "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
    "Microsoft Security Client" = Microsoft Security Essentials
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
    "Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
    "Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
    "Platypus" = GameHouse Games Collection: Platypus
    "Poker Superstars" = GameHouse Games Collection: Poker Superstars
    "PokerStars.net" = PokerStars.net
    "Puzzle Express" = GameHouse Games Collection: Puzzle Express
    "Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
    "Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
    "QBz" = GameHouse Games Collection: QBz
    "Reader's Digest Super Word Power" = GameHouse Games Collection: Reader's Digest Super Word Power
    "Revo Uninstaller Pro_is1" = Revo Uninstaller Pro 2.5.8
    "Ricochet" = GameHouse Games Collection: Ricochet
    "Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
    "Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
    "Roller Rush" = GameHouse Games Collection: Roller Rush
    "Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
    "SCRABBLE" = GameHouse Games Collection: SCRABBLE
    "Shape Shifter" = GameHouse Games Collection: Shape Shifter
    "Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
    "Spelvin" = GameHouse Games Collection: Spelvin
    "Splash" = GameHouse Games Collection: Splash
    "Spring Sprang Sprung" = GameHouse Games Collection: Spring Sprang Sprung
    "Super 5-Line Slots" = GameHouse Games Collection: Super 5-Line Slots
    "Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
    "Super Bounce Out!" = GameHouse Games Collection: Super Bounce Out!
    "Super Candy Cruncher" = GameHouse Games Collection: Super Candy Cruncher
    "Super Collapse!" = GameHouse Games Collection: Super Collapse!
    "Super Collapse! II" = GameHouse Games Collection: Super Collapse! II
    "Super Collapse! II Platinum" = GameHouse Games Collection: Super Collapse! II Platinum
    "Super Fruit Frolic" = GameHouse Games Collection: Super Fruit Frolic
    "Super GameHouse Solitaire Vol. 1" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
    "Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
    "Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
    "Super Gem Drop" = GameHouse Games Collection: Super Gem Drop
    "Super Glinx!" = GameHouse Games Collection: Super Glinx!
    "Super Letter Linker" = GameHouse Games Collection: Super Letter Linker
    "Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
    "Super Nisqually" = GameHouse Games Collection: Super Nisqually
    "Super PileUp!" = GameHouse Games Collection: Super PileUp!
    "Super Pool" = GameHouse Games Collection: Super Pool
    "Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
    "Super Rumble Cube" = GameHouse Games Collection: Super Rumble Cube
    "Super SpongeBob Collapse!" = GameHouse Games Collection: Super SpongeBob Collapse!
    "Super TextTwist" = GameHouse Games Collection: Super TextTwist
    "Super WHATword" = GameHouse Games Collection: Super WHATword
    "Super Wild Wild Words" = GameHouse Games Collection: Super Wild Wild Words
    "Tap a Jam" = GameHouse Games Collection: Tap a Jam
    "Ten Pin Championship Bowling Pro" = GameHouse Games Collection: Ten Pin Championship Bowling Pro
    "Tennis Titans" = GameHouse Games Collection: Tennis Titans
    "Tradewinds 2" = GameHouse Games Collection: Tradewinds 2
    "Trivia Machine" = GameHouse Games Collection: Trivia Machine
    "Tropical Swaps" = GameHouse Games Collection: Tropical Swaps
    "Tumblebugs" = GameHouse Games Collection: Tumblebugs
    "Turtle Bay" = GameHouse Games Collection: Turtle Bay
    "Twistingo" = GameHouse Games Collection: Twistingo
    "Ultimate Dominoes" = GameHouse Games Collection: Ultimate Dominoes
    "uTorrent" = µTorrent
    "Varmintz Deluxe" = GameHouse Games Collection: Varmintz Deluxe
    "Walls of Jericho, The" = GameHouse Games Collection: Walls of Jericho, The
    "Wheel of Fortune" = GameHouse Games Collection: Wheel of Fortune
    "Word Jolt" = GameHouse Games Collection: Word Jolt
    "Word Slinger" = GameHouse Games Collection: Word Slinger
    "WordJong To Go" = GameHouse Games Collection: WordJong To Go
    "Yahoo! Companion" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager
    "Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 30/07/2012 05:53:23 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 01/08/2012 06:53:14 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 01/08/2012 06:55:28 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 02/08/2012 04:12:03 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 02/08/2012 04:20:17 p.m. | Computer Name = Jenny1 | Source = Application Hang | ID = 1002
    Description = El programa Explorer.exe, versión 6.0.6002.18005, dejó de interactuar
    con Windows y se cerró. Para ver si hay más información disponible acerca del problema,
    compruebe el historial de problemas en el panel de control de Informes de problemas
    y soluciones. Id. de proceso: c94 Hora de inicio: 01cd70ebc5a4e468 Hora de finalización:
    0

    Error - 02/08/2012 04:26:08 p.m. | Computer Name = Jenny1 | Source = EventSystem | ID = 4609
    Description =

    Error - 02/08/2012 04:27:02 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 02/08/2012 04:49:21 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 02/08/2012 05:06:43 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    Error - 03/08/2012 05:25:37 p.m. | Computer Name = Jenny1 | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 02/08/2012 05:04:57 p.m. | Computer Name = Jenny1 | Source = Service Control Manager | ID = 7030
    Description =

    Error - 02/08/2012 05:06:44 p.m. | Computer Name = Jenny1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 02/08/2012 05:06:44 p.m. | Computer Name = Jenny1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 02/08/2012 05:16:33 p.m. | Computer Name = Jenny1 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 ha encontrado un error al intentar actualizar las firmas. Nueva
    versión de firma: Versión de firma anterior: 1.131.943.0 Origen de actualización:
    %%859 Etapa de actualización: %%852 Ruta de origen: http://www.microsoft.com Tipo
    de firma: %%800 Tipo de actualización: %%803 Usuario: NT AUTHORITY\SYSTEM Versión de
    motor actual: Versión de motor anterior: 1.1.8601.0 Código del error: 0x8024402c
    Descripción
    del error: Se produjo un problema inesperado mientras se buscaban actualizaciones.
    Para obtener más información sobre cómo instalar o solucionar problemas en las
    actualizaciones, consulte Ayuda y soporte técnico.

    Error - 03/08/2012 05:25:37 p.m. | Computer Name = Jenny1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 03/08/2012 05:25:37 p.m. | Computer Name = Jenny1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 03/08/2012 05:28:00 p.m. | Computer Name = Jenny1 | Source = DCOM | ID = 10010
    Description =

    Error - 03/08/2012 05:31:29 p.m. | Computer Name = Jenny1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 03/08/2012 05:35:41 p.m. | Computer Name = Jenny1 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 ha encontrado un error al intentar actualizar las firmas. Nueva
    versión de firma: Versión de firma anterior: 1.131.943.0 Origen de actualización:
    %%859 Etapa de actualización: %%852 Ruta de origen: http://www.microsoft.com Tipo
    de firma: %%800 Tipo de actualización: %%803 Usuario: NT AUTHORITY\SYSTEM Versión de
    motor actual: Versión de motor anterior: 1.1.8601.0 Código del error: 0x8024402c
    Descripción
    del error: Se produjo un problema inesperado mientras se buscaban actualizaciones.
    Para obtener más información sobre cómo instalar o solucionar problemas en las
    actualizaciones, consulte Ayuda y soporte técnico.

    Error - 03/08/2012 05:48:35 p.m. | Computer Name = Jenny1 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 47,707   +268

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
      SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
      IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      IE - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-1539172791-1993740456-1200154265-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
      [2012/07/30 04:24:52 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9F683177
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9E22BBE8
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:193426B4
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4F636E25
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:131C0EE9
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8AB6C1D7
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FC420CE6
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B623B5B8
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
      @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4BB26BE9
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8173A019
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54
      @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:861A898F
      @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
      @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C95B63DA
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Archivos de programa\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,707   +268

    Still with me?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,707   +268

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.