TechSpot

Slow laptop + Sometimes Hangs

By EHNN
Sep 5, 2011
  1. Good day !

    this is my first time here, i found this forum while googling lately.
    i read some threads that help me decide to seek help from you guys..

    this is my concern, this passed few days, may laptop often hangs, i don't know why or what causing it to act like that. I wait several minutes before i decided to turn it off forcely by pressing the main power button (which i know not recommended) but i have no choice, i dont know any other way how to fix and get rid of it.. Another is, i feel it runs slower than few months ago..
    please help me fixing this..

    i did scan this while writing this thread.. i use MBAM, HijackThis, DDS, and also GMER,
    the logs are attached.

    looking forward with your suggestions/advice/comments :)
    thank you in advice! more power for this forum :)
     

    Attached Files:

  2. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    log of DDS


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by NECCO at 14:29:26 on 2011-09-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.305 [GMT 8:00]
    .
    AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Users\acer\Desktop\VPN\HHX1\HarmonyHackerX.exe
    C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Time Lock\timelockfw.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Expat Shield\bin\fbw.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\Crusty.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar =
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = 127.0.0.1
    uInternet Settings,ProxyServer = 127.0.0.1:9666
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: AutorunsDisabled - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
    uRun: [<NO NAME>]
    uRun: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
    mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device...
    IE: Send page to &Bluetooth Device...
    IE: YamicsoftDisabled
    IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: microsoft.com\v6.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: windowsupdate.com\download
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 10.204.16.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E445 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E44502E5E5 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E4452C0AE5E5 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD} : DhcpNameServer = 10.204.16.1
    TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1} : NameServer = 202.126.40.5 222.127.143.5
    TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9} : NameServer = 202.126.40.5 222.127.143.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    IFEO: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    IFEO-X64: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO-X64: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO-X64: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
    FF - prefs.js: network.proxy.ftp - 10.201.60.241
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 10.201.60.241
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 10.201.60.241
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
    FF - component: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-09-04 22:03:53 -------- d-----w- C:\Windows\pss
    2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
    2011-09-01 00:36:29 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-09-01 00:36:29 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
    2011-09-01 00:36:29 -------- d-----w- C:\Program Files (x86)\Expat Shield
    2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
    2011-08-31 10:54:00 -------- d-----w- C:\Program Files (x86)\Connectify
    2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
    2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
    2011-08-30 21:52:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
    2011-08-29 10:50:01 -------- d-----w- C:\ICC_Backup
    2011-08-28 07:38:19 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
    2011-08-27 17:00:55 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
    2011-08-27 16:59:37 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
    2011-08-27 13:00:06 -------- d-----w- C:\Program Files (x86)\AutocompletePro
    2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
    2011-08-26 03:15:19 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
    2011-08-26 03:15:09 -------- d-----w- C:\Program Files (x86)\Uniblue
    2011-08-26 03:00:39 -------- d-----w- C:\ProgramData\BabylonUpdater
    2011-08-26 03:00:26 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
    2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
    2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
    2011-08-26 02:59:51 -------- d-----w- C:\Program Files (x86)\Easy Downloads
    2011-08-25 01:49:10 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
    2011-08-24 05:30:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2011-08-24 05:29:40 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-08-23 22:50:59 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
    2011-08-23 22:34:25 -------- d-----w- C:\aircrack
    2011-08-21 14:56:52 -------- d-----w- C:\Program Files (x86)\WinPcap
    2011-08-21 14:56:01 -------- d-----w- C:\Program Files (x86)\Cain
    2011-08-21 11:07:08 -------- d-----w- C:\Expat Shield
    2011-08-20 03:25:31 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
    2011-08-19 23:34:35 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
    2011-08-12 17:09:29 -------- d-----w- C:\ProgramData\Nero
    2011-08-12 14:31:32 -------- d-----w- C:\Program Files (x86)\Ask.com
    2011-08-09 17:10:33 -------- d-----w- C:\Program Files (x86)\Ultrasurf
    2011-08-09 17:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\System-G
    2011-08-09 17:05:57 -------- d-----w- C:\Program Files (x86)\Connection Keeper
    2011-08-09 16:48:31 -------- d-----w- C:\Users\acer\AppData\Roaming\DMCache
    2011-08-08 20:02:53 -------- d-----w- C:\Windows\System32\SPReview
    2011-08-08 19:59:24 -------- d-----w- C:\Windows\System32\EventProviders
    2011-08-08 19:50:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-08-08 19:50:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-08-08 19:49:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-08-08 19:49:11 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2011-08-08 19:49:10 3715584 ----a-w- C:\Windows\System32\mstscax.dll
    2011-08-08 19:49:10 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-08-08 19:49:09 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-08-08 19:49:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
    2011-08-08 19:46:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2011-08-08 19:45:59 1371136 ----a-w- C:\Windows\SysWow64\dwmcore.dll
    2011-08-08 19:44:59 630272 ----a-w- C:\Windows\System32\evr.dll
    2011-08-08 19:43:59 223248 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2011-08-08 19:42:59 199168 ----a-w- C:\Windows\SysWow64\onex.dll
    2011-08-08 19:41:59 155520 ----a-w- C:\Windows\System32\drivers\ataport.sys
    2011-08-08 19:40:59 781312 ----a-w- C:\Windows\System32\wmdrmsdk.dll
    2011-08-08 19:39:59 527872 ----a-w- C:\Windows\System32\wmdrmnet.dll
    2011-08-08 19:38:59 44544 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2011-08-08 19:37:33 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
    2011-08-08 19:37:31 3072 ----a-w- C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
    2011-08-08 19:37:02 23552 ----a-w- C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
    2011-08-08 19:36:24 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
    2011-08-08 19:36:23 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
    2011-08-08 19:34:59 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
    2011-08-08 19:33:59 411496 ----a-w- C:\Windows\System32\xactengine2_9.dll
    2011-08-08 19:23:11 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-08-08 19:23:11 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-08-08 19:23:10 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-08-08 19:22:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-08-08 19:21:56 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-08-08 19:18:16 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-08-08 19:18:13 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-08-08 19:07:02 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-08-08 19:07:00 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-08-08 19:07:00 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-08-08 19:07:00 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-08-08 19:07:00 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-08-08 19:07:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-08 19:07:00 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-08 19:07:00 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-08-08 19:07:00 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2011-08-08 19:07:00 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-08-08 18:42:41 -------- d-----w- C:\Windows\SysWow64\directx
    2011-08-08 18:35:30 -------- d-----w- C:\inetpub
    2011-08-08 12:56:25 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-08-08 12:56:25 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-08-07 17:35:45 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
    2011-08-07 17:35:45 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
    2011-08-07 17:35:44 105816 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2011-08-07 16:13:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-08-07 16:09:37 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2011-08-07 13:54:05 102400 ----a-w- C:\Windows\SysWow64\WelchGIFviewer.ocx
    2011-08-07 13:54:04 57344 ----a-w- C:\Windows\SysWow64\WelchProgressBar.ocx
    2011-08-07 13:54:04 352256 ----a-w- C:\Windows\SysWow64\Welch's PNG.ocx
    2011-08-07 13:54:04 176128 ----a-w- C:\Windows\SysWow64\WelchButton.ocx
    2011-08-07 13:54:04 143360 ----a-w- C:\Windows\SysWow64\WelchToolbar.ocx
    2011-08-07 13:54:04 1138688 ----a-w- C:\Windows\SysWow64\WelchUserControl.ocx
    2011-08-07 13:54:03 1777664 ----a-w- C:\Windows\SysWow64\welchAeroSuite.ocx
    2011-08-07 13:54:02 110384 ----a-w- C:\Windows\SysWow64\MSCAL.OCX
    2011-08-07 13:54:01 -------- d-----w- C:\Program Files (x86)\Welch's Project Reference
    2011-08-07 00:45:46 -------- d-----w- C:\Program Files (x86)\OpenVPN
    2011-08-06 12:31:01 -------- d-----w- C:\Program Files (x86)\ConvertHelper
    2011-08-06 11:58:19 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo
    2011-08-06 11:56:17 111 ----a-w- C:\Windows\SysWow64\sysinter.drv
    2011-08-06 11:15:23 -------- d-----w- C:\ProgramData\Globe Tattoo Broadband
    2011-08-06 11:13:44 363008 ----a-w- C:\Windows\System32\drivers\UMDF\hwgpssensor.dll
    2011-08-06 11:13:16 -------- d-----w- C:\Program Files (x86)\Globe Tattoo Broadband
    2011-08-06 11:12:56 -------- d-----w- C:\ProgramData\DatacardService
    .
    ==================== Find3M ====================
    .
    2011-09-04 22:14:02 77824 ----a-w- C:\Windows\KMSEmulator.exe
    2011-08-24 01:03:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-08 20:35:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-08 20:35:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-08-06 11:13:42 999936 ----a-w- C:\Windows\System32\drivers\mod7700.sys
    2011-08-06 11:13:42 196608 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
    2011-08-06 11:13:42 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
    2011-08-06 11:13:41 93696 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
    2011-08-06 11:13:41 85504 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
    2011-08-06 11:13:41 55296 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
    2011-08-06 11:13:41 29184 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
    2011-08-06 11:13:41 256000 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
    2011-08-06 11:13:41 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
    2011-08-06 11:13:40 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
    2011-08-06 11:13:40 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2011-08-06 11:13:40 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
    2011-08-06 11:13:40 121600 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-20 08:41:18 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
    2011-07-20 08:35:48 25920 ----a-w- C:\Windows\System32\authuitu.dll
    2011-07-20 08:35:42 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2011-07-20 08:35:38 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
    2011-07-20 08:35:34 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-06 11:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 11:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-07-01 09:46:40 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
    .
    ============= FINISH: 14:36:03.66 ===============
     
  3. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-05 15:29:43
    Windows 6.1.7601 Service Pack 1
    Running: 0cc021v0.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x8C 0x00 0x70 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@4257f5a96612 0x03 0xDA 0x7B 0xE5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@64f1424f6612 0x35 0x49 0xBD 0x93 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x17 0x4D 0xF1 0x6C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@d4cbafe295df 0x6A 0x00 0xFF 0x90 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@9463d172d6ec 0x01 0x8A 0xCB 0x0E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???n?n???????????????????i?i?i???????????????????l?l?????????i????????????N??j?????????????????????????????s?????????l??????????6.1.7600.16385??????6-21-2006?????(??k???o?? (???k?l????????????????????????????STORAGE\Volume??00???i???i??BS???????????????i?l?????????_???????????????????S??LA????N??i???????????????????i??????????????dp???????h??????GU???i??????????xM??????tu???????j???c??????????????????????? 0??i???y???????y??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0002?:6???????y??? ??????????????x?????N??i?????????D?????????????i??os???????????????????????h??????e ???????????????????o?o?o??@machine.inf,%gendev_mfg%;(Standard system devices)?????{00000000-0000-0000-0000-000000000000}?fs.???????????i?j?i????X??k???n???s???i???????????????????i???s???(???i?????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0??????????????????????????????????????????????????????R????????g?????????????i?????i????? ???????i?????i???????0???????????????????????i???i???i???i???i???i???
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????A??????r???????????? ???????3??????Mi?????????????????e?"???? ???????????c?? ??????os??t?????<??????????????????????_???????s??*6to4mp?????????????????????? ??? ???????????????????t?????????? ????????????l??Network Address??m??? ???????????????????y?????????? ????????m???? ??????m?????m?m??Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????n?k??? ???????l?????l?l??? "??????m?????m?m??ndis5_ip6_tunnel???????????????????????????????????????????s????????????????????????? ?????????????????????0?????????????????????????????_??__????????????????????????????????????????N???????????D??????????????r??ti???????????i???e??? ?????????????????????0??????????????????????N???????????D?????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????.???????????? "?????????????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????WUDFRd??????? ?????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????????????????????????????????????????????????.?????????????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|Name=hposfx08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|?????{2ba405c8-3a4a-5efd-b9e7-e7761f3a5726}?z????usbstor.inf??e??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|?u??Standard Serial over Bluetooth link?????BTHENUM\{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f????? .??????????????????????????i???????????i???????z???????????????????????????????????????m????$??????i??????????????????? ?????????????????????0????????????&???????????????????????? ???????????????????3?0??????*?.??? ???????????????????????????"?????$??????r???????????????u???D??????????????????????????????????????????tunnel??????????????????????????nettun.inf?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???i?z???????z??? ??sv??? ???f???b?????;1w???i??????????11??r\??mfewfpk?????NDIS?????i??{71a27cdd-812a-11d0-bec7-08002be2092f}\0014????????????????????s?????????????h??Microsoft???? \??h??????????4p???????????????f???????i??????????????s ???????????4???.??{8ECC055D-047F-11D1-A537-0000F8753ED1}??-0?????? ??????????s????RasPppoe?????????????????????????i??????????LegacyDriver? ???????????k?k?1????X?????????????Volume??????Microsoft????????????????????h?h?ipi?????????????????t???T??SymIRON??????????????v?????s72?????????????????sC0???i?k???????????????????????????s?????????h???????e?????????????????s?????i??????????????@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????????volsnap?????Volume?????????? ????0??????Le??Volume????????N??????B???????????????????h???????????i?i? ?????????????i?&???V?h?i?i?????????????i?????????????????????????????????s?????????i???e???e??Volume???????}???????????$1?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????i???e????????????????????X??j????????????X????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????z??????????????????? ?????????????????????0????????????????????? ??????????????????6.1.7600.16385????????????????V?????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????1??04??????????.NTAMD64????? ??????????????????????????????z??????l?l????????????X??????a??????6-21-2006????????????3??hi??6.1.7600.16385??????????????????????DiskDrive?????f????????g?????????????????????h??? ??????????????????????????????z?????#2e6??disk_install????\\?\storage#volume#_??_usbstor#disk&ven_kingston&prod_dt_101_ii&rev_1.00#001372982d2aa99186370060&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&0#??????wpdfs.inf:Microsoft.NTamd64:Basic_Install:6.1.7600.16385:wpdbusenum\fs??????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&1#??????????????@disk.inf,%genmanufacturer%;(Standard disk drives)?m?k??????????????????\\?\WpdBusEnumRoot#UMB#2&37c186
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????o???????????U????????N??????d??????????????????volume.inf????????<??????1??????????0???? ??????????????????????????????????????????????????????? ????????????????????????????V?N?????0?????? ?????????????????????0????????????&????????????????????2??? ?????????????????????0????????????????????? ???????????????????f?0????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????h?0??????????????????????$??????_???????????????z???3??E-??? ????????????????????????"???????~???????????o???????o?????????????{00000000-0000-0000-0000-000000000000}???????????????u???e???????????????????????????e??un???????????????????????????????????????d???d??.NT??&??? ??????????????????????????????N?????????????s?????Microsoft ISATAP Adapter #3??????????????????h??@nettun.inf,%msft%;Microsoft?B??????CI??????HP??????????Ndi-Mp-AsyncMac??4??????????? ??????????????????????????????????????????????0???? ?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b97c3f???????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@a87b3948391b 0x82 0x57 0x44 0x8E ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x77 0xBB 0xCC 0x5B ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0021fc002299 0x82 0xC3 0xF3 0x76 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x68 0xE1 0xAB 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n???????n????? ???????n?????n???????0????????????????????????????????t????n??*6to4mp??z??? ???????n???????????i?0?????????????????????????n??????p???SCSI Miniport????n???n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????N??????????????d???n?n?n?n?n?n94???????????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????P??n????????h??????????????????e??????????????t??????n????? ???????n?????n???????0????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????j?0????????????????????SCSI Miniport????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????n??????????????????????????????????????????t????u?v???????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????????n??????p???SCSI miniport????n???n?????n????? ???????fH????????????-??.????????????B????? ???????n?????????????-?????????????????????????o?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???n?????????i??????s??????????????????z???????n????@%systemroot%\system32\drivers\hwpolicy.sys,-101???????????????g????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive?ram???????????????????????????????0???m???e??????1????????????????A????????????????????<??s???????????????????????????????????????????????????????????????????p??t???????????localSystem??????n?n?n?n?n?n?????????????????l???????????????n????8??n????????h??????t?t?t???s???????????????????????????????????????p????????h?????????????{F3A42474-0891-4151-B44A-ED04B657432B}?\????Security Processor Loader Driver?????n???????????n??????t???? ???????n?????n?????m???? ???&????? ??????????????????????????????e ????????????????e?????????????M??????????????????????N??????f????D??/???????n??????????????????????????????t?????????????????????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\iirsp.sys???????????????????????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1??????????????????????????T??n?????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???n????Microsoft????p?p?p??? ??????????????????? 6??????m??????sl??cdrom???????? ???????n??????????????????????????????0????????????????????????????W?bCa????????????????????????????????E?????winmgmt??7???s?t?t??RSUSBSTOR??????????????????????????????g??????R??s?????????e????\SystemRoot\system32\DRIVERS\intelide.sys?????(??n??????p???System Bus Extender???????R??????????????d????N??n???o??????????\???? ???????n????????????????????V?n?????????????????????????????????.??o?????????e????Extended Base???System32\Drivers\ksecdd.sys??????????????_??????Tc??????Tc??????????????to???????????????????????????????????????????????????????n??? ???????n???????????n??????????????????1o???????????C?MWi???????????m????????????????????E:\W???=???????????????????e?F2\???????????????\???n?n?n?n?n?n?n??????? ???????n???????????n??????????????????2t???????????\?igw???????????????n???s??eF??tunnel??????????????LocalSystem?????????????Net??s???????????????????????B???????61??????????t????8??s????????h????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?????????/???1???e?????? ????}?????s?????????????0???r???????h???p??????? ??????????????????btwampfl????????????volsnap??????i?i?i?i?????????i????N??j????????D??????i?j?:???????????????????????i??Ndi-Mp-Ip???11???o??????????????????????????????????????????Microsoft????????????????????????????????????i??????s????????i???2???????i?ih???oem46.inf???????? ????X????????????????????????????????????????????????????????????????????????????????s????Microsoft???????????????s????????3???c?????reZ???????????? ??????4???????i?k?i???????????i??????????11????????4??i?????????e????? ??????????????D???????&???????????????????C:\ProgramData\Microsoft\MF?????????os???????????????????????????0??B&???????3???????????.??????????LegacyDriver??????^??n???+?????e?+???????h??????p????????}???n???l???????z???j?k?2??Volume?f????STORAGE\VolumeSnapshot????????X?????????????????????????????????????????????????????????Wi???r???????y???????????????n???????????????s??????p????????????????x???m???????????????5???3???k?k?i??LegacyDriver? ?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???8?????????l???????????????????l?l?3???????????o???????o???????j??????????? ???????l?????????????-?????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????[?0?????????????????????????????????????????????????e?????????????l?????????????n??????6.1.7600.16385???????l??????????????? ???????l?????l???????0????????????&????????????????????????l?l?????l??????? ???????l?????l???????0????????????????????? ???????l???????????d?0??????????????????????:??l?????????????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????f?0?????????????????????????l???????????????????c?????????rli?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????h?0?????????????????????l?l?l???????l???0??22???????l?????????????????????l????? ???????l?????l???????0???????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??po?s????(??n???????????m???????????o??????????????????????????????????? ??????????????????????????? ??????????????????mscoree.dll?????? ???n??????????s???? ???n??????????s???MS_BTHBRB???? ??????????????r????????????????????e??????????????????? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o?????????????????????????????????e????HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooledConnections?NumberOfPooledConnections?NumberOfActiveConnectionPoolGroups?NumberOfInactiveConnectionPoolGroups?NumberOfActiveConnectionPools?NumberOfInactiveConnectionPools?NumberOfActiveConnections?NumberOfFreeConnections?NumberOfStasisConnections?NumberOfReclaimedConnections?????CollectPerformanceData?????????
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=C52B8C99 \xa0The Social Network (2010).exe 8
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    after following step-by-step instruction

    step 1 : done using ESET smart sec
    step 2 : done using MBAM
    log:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7660

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    09/06/2011 9:31:04 AM
    mbam-log-2011-09-06 (09-31-04).txt

    Scan type: Quick scan
    Objects scanned: 198190
    Time elapsed: 14 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\acer\Desktop\patch 5.xx.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

    step 3 : done by gmer
    log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-06 21:57:48
    Windows 6.1.7601 Service Pack 1
    Running: 0cc021v0.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x8C 0x00 0x70 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@4257f5a96612 0x03 0xDA 0x7B 0xE5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@64f1424f6612 0x35 0x49 0xBD 0x93 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x17 0x4D 0xF1 0x6C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@d4cbafe295df 0x6A 0x00 0xFF 0x90 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@9463d172d6ec 0x01 0x8A 0xCB 0x0E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???n?n???????????????????i?i?i???????????????????l?l?????????i????????????N??j?????????????????????????????s?????????l??????????6.1.7600.16385??????6-21-2006?????(??k???o?? (???k?l????????????????????????????STORAGE\Volume??00???i???i??BS???????????????i?l?????????_???????????????????S??LA????N??i???????????????????i??????????????dp???????h??????GU???i??????????xM??????tu???????j???c??????????????????????? 0??i???y???????y??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0002?:6???????y??? ??????????????x?????N??i?????????D?????????????i??os???????????????????????h??????e ???????????????????o?o?o??@machine.inf,%gendev_mfg%;(Standard system devices)?????{00000000-0000-0000-0000-000000000000}?fs.???????????i?j?i????X??k???n???s???i???????????????????i???s???(???i?????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0??????????????????????????????????????????????????????R????????g?????????????i?????i????? ???????i?????i???????0???????????????????????i???i???i???i???i???i???
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????A??????r???????????? ???????3??????Mi?????????????????e?"???? ???????????c?? ??????os??t?????<??????????????????????_???????s??*6to4mp?????????????????????? ??? ???????????????????t?????????? ????????????l??Network Address??m??? ???????????????????y?????????? ????????m???? ??????m?????m?m??Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????n?k??? ???????l?????l?l??? "??????m?????m?m??ndis5_ip6_tunnel???????????????????????????????????????????s????????????????????????? ?????????????????????0?????????????????????????????_??__????????????????????????????????????????N???????????D??????????????r??ti???????????i???e??? ?????????????????????0??????????????????????N???????????D?????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????.???????????? "?????????????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????WUDFRd??????? ?????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????????????????????????????????????????????????.?????????????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|Name=hposfx08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|?????{2ba405c8-3a4a-5efd-b9e7-e7761f3a5726}?z????usbstor.inf??e??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|?u??Standard Serial over Bluetooth link?????BTHENUM\{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f????? .??????????????????????????i???????????i???????z???????????????????????????????????????m????$??????i??????????????????? ?????????????????????0????????????&???????????????????????? ???????????????????3?0??????*?.??? ???????????????????????????"?????$??????r???????????????u???D??????????????????????????????????????????tunnel??????????????????????????nettun.inf?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???i?z???????z??? ??sv??? ???f???b?????;1w???i??????????11??r\??mfewfpk?????NDIS?????i??{71a27cdd-812a-11d0-bec7-08002be2092f}\0014????????????????????s?????????????h??Microsoft???? \??h??????????4p???????????????f???????i??????????????s ???????????4???.??{8ECC055D-047F-11D1-A537-0000F8753ED1}??-0?????? ??????????s????RasPppoe?????????????????????????i??????????LegacyDriver? ???????????k?k?1????X?????????????Volume??????Microsoft????????????????????h?h?ipi?????????????????t???T??SymIRON??????????????v?????s72?????????????????sC0???i?k???????????????????????????s?????????h???????e?????????????????s?????i??????????????@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????????volsnap?????Volume?????????? ????0??????Le??Volume????????N??????B???????????????????h???????????i?i? ?????????????i?&???V?h?i?i?????????????i?????????????????????????????????s?????????i???e???e??Volume???????}???????????$1?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????i???e????????????????????X??j????????????X????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????z??????????????????? ?????????????????????0????????????????????? ??????????????????6.1.7600.16385????????????????V?????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????1??04??????????.NTAMD64????? ??????????????????????????????z??????l?l????????????X??????a??????6-21-2006????????????3??hi??6.1.7600.16385??????????????????????DiskDrive?????f????????g?????????????????????h??? ??????????????????????????????z?????#2e6??disk_install????\\?\storage#volume#_??_usbstor#disk&ven_kingston&prod_dt_101_ii&rev_1.00#001372982d2aa99186370060&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&0#??????wpdfs.inf:Microsoft.NTamd64:Basic_Install:6.1.7600.16385:wpdbusenum\fs??????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&1#??????????????@disk.inf,%genmanufacturer%;(Standard disk drives)?m?k??????????????????\\?\WpdBusEnumRoot#UMB#2&37c186
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????o???????????U????????N??????d??????????????????volume.inf????????<??????1??????????0???? ??????????????????????????????????????????????????????? ????????????????????????????V?N?????0?????? ?????????????????????0????????????&????????????????????2??? ?????????????????????0????????????????????? ???????????????????f?0????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????h?0??????????????????????$??????_???????????????z???3??E-??? ????????????????????????"???????~???????????o???????o?????????????{00000000-0000-0000-0000-000000000000}???????????????u???e???????????????????????????e??un???????????????????????????????????????d???d??.NT??&??? ??????????????????????????????N?????????????s?????Microsoft ISATAP Adapter #3??????????????????h??@nettun.inf,%msft%;Microsoft?B??????CI??????HP??????????Ndi-Mp-AsyncMac??4??????????? ??????????????????????????????????????????????0???? ?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@DhcpNetbiosOptions 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5384
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@LeaseObtainedTime 1315298017
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@T1 1331066017
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@T2 1342892017
    Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@LeaseTerminatesTime 1346834017
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b97c3f???????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
    Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@LeaseObtainedTime 1315298017
    Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@T1 1331066017
    Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@T2 1342892017
    Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@LeaseTerminatesTime 1346834017
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@a87b3948391b 0x82 0x57 0x44 0x8E ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x77 0xBB 0xCC 0x5B ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0021fc002299 0x82 0xC3 0xF3 0x76 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x68 0xE1 0xAB 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n???????n????? ???????n?????n???????0????????????????????????????????t????n??*6to4mp??z??? ???????n???????????i?0?????????????????????????n??????p???SCSI Miniport????n???n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????N??????????????d???n?n?n?n?n?n94???????????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????P??n????????h??????????????????e??????????????t??????n????? ???????n?????n???????0????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????j?0????????????????????SCSI Miniport????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????n??????????????????????????????????????????t????u?v???????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????????n??????p???SCSI miniport????n???n?????n????? ???????fH????????????-??.????????????B????? ???????n?????????????-?????????????????????????o?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???n?????????i??????s??????????????????z???????n????@%systemroot%\system32\drivers\hwpolicy.sys,-101???????????????g????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive?ram???????????????????????????????0???m???e??????1????????????????A????????????????????<??s???????????????????????????????????????????????????????????????????p??t???????????localSystem??????n?n?n?n?n?n?????????????????l???????????????n????8??n????????h??????t?t?t???s???????????????????????????????????????p????????h?????????????{F3A42474-0891-4151-B44A-ED04B657432B}?\????Security Processor Loader Driver?????n???????????n??????t???? ???????n?????n?????m???? ???&????? ??????????????????????????????e ????????????????e?????????????M??????????????????????N??????f????D??/???????n??????????????????????????????t?????????????????????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\iirsp.sys???????????????????????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1??????????????????????????T??n?????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???n????Microsoft????p?p?p??? ??????????????????? 6??????m??????sl??cdrom???????? ???????n??????????????????????????????0????????????????????????????W?bCa????????????????????????????????E?????winmgmt??7???s?t?t??RSUSBSTOR??????????????????????????????g??????R??s?????????e????\SystemRoot\system32\DRIVERS\intelide.sys?????(??n??????p???System Bus Extender???????R??????????????d????N??n???o??????????\???? ???????n????????????????????V?n?????????????????????????????????.??o?????????e????Extended Base???System32\Drivers\ksecdd.sys??????????????_??????Tc??????Tc??????????????to???????????????????????????????????????????????????????n??? ???????n???????????n??????????????????1o???????????C?MWi???????????m????????????????????E:\W???=???????????????????e?F2\???????????????\???n?n?n?n?n?n?n??????? ???????n???????????n??????????????????2t???????????\?igw???????????????n???s??eF??tunnel??????????????LocalSystem?????????????Net??s???????????????????????B???????61??????????t????8??s????????h????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?????????/???1???e?????? ????}?????s?????????????0???r???????h???p??????? ??????????????????btwampfl????????????volsnap??????i?i?i?i?????????i????N??j????????D??????i?j?:???????????????????????i??Ndi-Mp-Ip???11???o??????????????????????????????????????????Microsoft????????????????????????????????????i??????s????????i???2???????i?ih???oem46.inf???????? ????X????????????????????????????????????????????????????????????????????????????????s????Microsoft???????????????s????????3???c?????reZ???????????? ??????4???????i?k?i???????????i??????????11????????4??i?????????e????? ??????????????D???????&???????????????????C:\ProgramData\Microsoft\MF?????????os???????????????????????????0??B&???????3???????????.??????????LegacyDriver??????^??n???+?????e?+???????h??????p????????}???n???l???????z???j?k?2??Volume?f????STORAGE\VolumeSnapshot????????X?????????????????????????????????????????????????????????Wi???r???????y???????????????n???????????????s??????p????????????????x???m???????????????5???3???k?k?i??LegacyDriver? ?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???8?????????l???????????????????l?l?3???????????o???????o???????j??????????? ???????l?????????????-?????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????[?0?????????????????????????????????????????????????e?????????????l?????????????n??????6.1.7600.16385???????l??????????????? ???????l?????l???????0????????????&????????????????????????l?l?????l??????? ???????l?????l???????0????????????????????? ???????l???????????d?0??????????????????????:??l?????????????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????f?0?????????????????????????l???????????????????c?????????rli?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????h?0?????????????????????l?l?l???????l???0??22???????l?????????????????????l????? ???????l?????l???????0???????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??po?s????(??n???????????m???????????o??????????????????????????????????? ??????????????????????????? ??????????????????mscoree.dll?????? ???n??????????s???? ???n??????????s???MS_BTHBRB???? ??????????????r????????????????????e??????????????????? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o?????????????????????????????????e????HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooledConnections?NumberOfPooledConnections?NumberOfActiveConnectionPoolGroups?NumberOfInactiveConnectionPoolGroups?NumberOfActiveConnectionPools?NumberOfInactiveConnectionPools?NumberOfActiveConnections?NumberOfFreeConnections?NumberOfStasisConnections?NumberOfReclaimedConnections?????CollectPerformanceData?????????
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=C52B8C99 \xa0The Social Network (2010).exe 8

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\TMP00000638B7A04889A36E0ED2 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    step 4 : done using DDS
    log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by NECCO at 21:58:33 on 2011-09-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.286 [GMT 8:00]
    .
    AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Connectify\Connectifyd.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
    C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
    C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Time Lock\timelockfw.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
    C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
    C:\Users\acer\Desktop\VPN\HHX1\HarmonyHackerX.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Expat Shield\bin\fbw.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar =
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = 127.0.0.1
    uInternet Settings,ProxyServer = 127.0.0.1:9666
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: AutorunsDisabled - No File
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
    uRun: [<NO NAME>]
    uRun: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
    uRun: [Facebook Update] "C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
    mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device...
    IE: Send page to &Bluetooth Device...
    IE: YamicsoftDisabled
    IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: microsoft.com\v6.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: windowsupdate.com\download
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 10.203.8.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E445 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E44502E5E5 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E4452C0AE5E5 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD} : DhcpNameServer = 10.203.8.1
    TCP: Interfaces\{5FD56E7F-07FA-4A3A-B57E-05C14796F73D} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1} : NameServer = 202.126.40.5 222.127.143.5
    TCP: Interfaces\{8BC605CD-C9FB-4EEC-8656-9EDA591D7D63} : NameServer = 192.168.2.1
    TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9} : NameServer = 202.126.40.5 222.127.143.5
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    IFEO: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
    TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    IFEO-X64: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO-X64: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO-X64: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
    FF - prefs.js: network.proxy.ftp - 10.201.60.241
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 10.201.60.241
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 10.201.60.241
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
    FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
    FF - component: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2011-09-06 12:13:30 -------- d-----w- C:\Users\acer\AppData\Roaming\IDM
    2011-09-06 12:12:53 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
    2011-09-06 05:27:50 -------- d-----w- C:\ProgramData\InterAction studios
    2011-09-06 03:03:21 -------- d-----w- C:\Users\acer\AppData\Local\Connectify
    2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-09-04 22:03:53 -------- d-----w- C:\Windows\pss
    2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
    2011-09-01 00:36:29 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-09-01 00:36:29 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
    2011-09-01 00:36:29 -------- d-----w- C:\Program Files (x86)\Expat Shield
    2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
    2011-08-31 10:54:00 -------- d-----w- C:\Program Files (x86)\Connectify
    2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
    2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
    2011-08-30 21:52:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
    2011-08-29 10:50:01 -------- d-----w- C:\ICC_Backup
    2011-08-28 07:38:19 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
    2011-08-27 17:00:55 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
    2011-08-27 16:59:37 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
    2011-08-27 13:00:06 -------- d-----w- C:\Program Files (x86)\AutocompletePro
    2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
    2011-08-26 03:15:19 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
    2011-08-26 03:15:09 -------- d-----w- C:\Program Files (x86)\Uniblue
    2011-08-26 03:00:39 -------- d-----w- C:\ProgramData\BabylonUpdater
    2011-08-26 03:00:26 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
    2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
    2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
    2011-08-26 02:59:51 -------- d-----w- C:\Program Files (x86)\Easy Downloads
    2011-08-25 01:49:10 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
    2011-08-24 05:30:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2011-08-24 05:29:40 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-08-23 22:50:59 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
    2011-08-23 22:34:25 -------- d-----w- C:\aircrack
    2011-08-21 14:56:52 -------- d-----w- C:\Program Files (x86)\WinPcap
    2011-08-21 14:56:01 -------- d-----w- C:\Program Files (x86)\Cain
    2011-08-21 11:07:08 -------- d-----w- C:\Expat Shield
    2011-08-20 03:25:31 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
    2011-08-19 23:34:35 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
    2011-08-12 17:09:29 -------- d-----w- C:\ProgramData\Nero
    2011-08-12 14:31:32 -------- d-----w- C:\Program Files (x86)\Ask.com
    2011-08-09 17:10:33 -------- d-----w- C:\Program Files (x86)\Ultrasurf
    2011-08-09 17:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\System-G
    2011-08-09 17:05:57 -------- d-----w- C:\Program Files (x86)\Connection Keeper
    2011-08-09 16:48:31 -------- d-----w- C:\Users\acer\AppData\Roaming\DMCache
    2011-08-08 20:02:53 -------- d-----w- C:\Windows\System32\SPReview
    2011-08-08 19:59:24 -------- d-----w- C:\Windows\System32\EventProviders
    2011-08-08 19:50:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-08-08 19:50:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-08-08 19:49:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-08-08 19:49:11 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2011-08-08 19:49:10 3715584 ----a-w- C:\Windows\System32\mstscax.dll
    2011-08-08 19:49:10 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-08-08 19:49:09 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-08-08 19:49:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
    2011-08-08 19:46:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2011-08-08 19:45:59 1371136 ----a-w- C:\Windows\SysWow64\dwmcore.dll
    2011-08-08 19:44:59 630272 ----a-w- C:\Windows\System32\evr.dll
    2011-08-08 19:43:59 223248 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2011-08-08 19:42:59 199168 ----a-w- C:\Windows\SysWow64\onex.dll
    2011-08-08 19:41:59 155520 ----a-w- C:\Windows\System32\drivers\ataport.sys
    2011-08-08 19:40:59 781312 ----a-w- C:\Windows\System32\wmdrmsdk.dll
    2011-08-08 19:39:59 527872 ----a-w- C:\Windows\System32\wmdrmnet.dll
    2011-08-08 19:38:59 44544 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2011-08-08 19:37:33 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
    2011-08-08 19:37:31 3072 ----a-w- C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
    2011-08-08 19:37:02 23552 ----a-w- C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
    2011-08-08 19:36:24 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
    2011-08-08 19:36:23 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
    2011-08-08 19:34:59 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
    2011-08-08 19:33:59 411496 ----a-w- C:\Windows\System32\xactengine2_9.dll
    2011-08-08 19:23:11 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-08-08 19:23:11 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-08-08 19:23:10 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-08-08 19:22:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-08-08 19:21:56 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-08-08 19:18:16 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-08-08 19:18:13 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-08-08 19:07:02 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-08-08 19:07:00 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-08-08 19:07:00 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-08-08 19:07:00 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-08-08 19:07:00 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-08-08 19:07:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-08 19:07:00 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-08 19:07:00 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-08-08 19:07:00 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2011-08-08 19:07:00 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-08-08 18:42:41 -------- d-----w- C:\Windows\SysWow64\directx
    2011-08-08 18:35:30 -------- d-----w- C:\inetpub
    2011-08-08 17:46:12 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2011-08-08 12:56:25 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-08-08 12:56:25 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-08-07 17:35:45 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
    2011-08-07 17:35:45 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
    2011-08-07 17:35:44 105816 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2011-08-07 16:13:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-08-07 16:09:37 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    .
    ==================== Find3M ====================
    .
    2011-09-06 08:37:20 77824 ----a-w- C:\Windows\KMSEmulator.exe
    2011-08-24 01:03:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-08 20:35:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-08 20:35:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-08-06 11:56:17 111 ----a-w- C:\Windows\SysWow64\sysinter.drv
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-20 08:41:18 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
    2011-07-20 08:35:48 25920 ----a-w- C:\Windows\System32\authuitu.dll
    2011-07-20 08:35:42 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2011-07-20 08:35:38 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
    2011-07-20 08:35:34 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-06 11:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 11:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-07-01 09:46:40 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
    .
    ============= FINISH: 22:07:41.41 ===============


    i also want to ask for help is my problem about "This version of windows is not genuine" it always shows, that's why i create shortcut of Activate windows just to remove that message at the bottom right of my monitor..
    kinda curious about it, why is it showing even though i have a licence windows 7 home premium x64bit OS,

    another i want to share is, i just noticed while watching on youtube, the video is seem laggy. like playing slow mo..

    thank you for your time reading my concern..
    i will really appreciate your help..
    thank you! and God Speed :)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    sorry for the delay sir.. i just got home from school..
    this morning, i just do what you ask me to do..
    i finished the scan process, but i have some little problem with the combofix, the scan was good but the processing of the log for this combofix takes so long..i wait maybe half an hour.. still no progress.. i didnt know if the app hangs or what i didnt see any progress when it will be finished.. so for now i only have the aswMBR log file.. ooops! just want to share what happen while doing the scan process..
    i already have the aswMBR.exe, i install then start scan, while scanning some error occured then suddenly gone blockout then restarted.. :( so, i run the aswMBR.exe again, and the log file is as follows :


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-08 06:08:09
    -----------------------------
    06:08:09.659 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:08:09.659 Number of processors: 2 586 0x170A
    06:08:09.661 ComputerName: NECCO UserName: NECCO
    06:08:13.869 Initialize success
    06:08:27.165 AVAST engine defs: 11090700
    06:08:59.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:09:00.020 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
    06:09:00.037 Disk 0 MBR read error 0
    06:09:00.042 Disk 0 MBR scan
    06:09:00.050 Disk 0 unknown MBR code
    06:09:00.056 MBR BIOS signature not found 0
    06:09:00.062 Service scanning
    06:09:04.657 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    06:09:05.764 Modules scanning
    06:09:05.776 Disk 0 trace - called modules:
    06:09:05.826 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spih.sys
    06:09:05.833 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027fa790]
    06:09:05.841 3 CLASSPNP.SYS[fffff88001dc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800268c050]
    06:09:07.331 AVAST engine scan C:\Windows
    06:09:19.253 AVAST engine scan C:\Windows\system32
    06:13:21.259 AVAST engine scan C:\Windows\system32\drivers
    06:13:45.993 AVAST engine scan C:\Users\acer
    06:25:36.931 AVAST engine scan C:\ProgramData
    06:29:22.478 Scan finished successfully
    06:30:32.679 Disk 0 MBR has been saved successfully to "C:\Users\acer\Desktop\MBR.dat"
    06:30:32.688 The log file has been saved successfully to "C:\Users\acer\Desktop\aswMBR.txt"


    ill try to rerun the combofix and post the log after ..
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go ahead........
     
  10. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    at last ! :)

    combofix log:

    ComboFix 11-09-08.03 - NECCO 09/09/2011 7:17:57.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.537 [GMT 8:00]
    Running from: C:\Users\acer\Desktop\techspot\ComboFix.exe
    AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active



    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))


    2011-09-08 23:37:00 . 2011-09-08 23:37:00 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
    2011-09-08 23:37:00 . 2011-09-08 23:37:00 -------- d-----w- C:\Users\DURAN\AppData\Local\temp
    2011-09-07 02:57:14 . 2011-09-07 03:02:10 -------- d-----w- C:\Users\acer\AppData\Roaming\TS3Client
    2011-09-07 02:56:34 . 2011-09-07 02:56:52 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
    2011-09-06 05:27:50 . 2011-09-06 05:27:50 -------- d-----w- C:\ProgramData\InterAction studios
    2011-09-06 03:03:21 . 2011-09-07 03:03:49 -------- d-----w- C:\Users\acer\AppData\Local\Connectify
    2011-09-05 05:00:41 . 2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-09-02 23:11:18 . 2011-09-02 23:11:18 -------- d-----w- C:\Users\DURAN\AppData\Local\Diagnostics
    2011-09-01 01:57:45 . 2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
    2011-09-01 00:36:29 . 2011-09-01 00:40:46 -------- d-----w- C:\Program Files (x86)\Expat Shield
    2011-09-01 00:36:29 . 2011-06-22 22:05:58 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
    2011-09-01 00:36:29 . 2011-06-22 22:05:52 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-08-31 11:05:45 . 2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
    2011-08-31 10:54:00 . 2011-09-08 10:37:33 -------- d-----w- C:\Program Files (x86)\Connectify
    2011-08-30 21:52:33 . 2011-08-30 21:52:34 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
    2011-08-30 21:52:33 . 2011-08-30 21:52:34 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
    2011-08-30 21:52:33 . 2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
    2011-08-29 17:26:40 . 2011-08-31 22:32:46 -------- d-----w- C:\Users\EHNN
    2011-08-29 10:50:01 . 2011-08-31 22:29:29 -------- d-----w- C:\ICC_Backup
    2011-08-28 08:44:16 . 2011-08-28 08:44:17 -------- d-----w- C:\Users\DURAN\AppData\Local\Yahoo
    2011-08-28 08:44:16 . 2011-08-28 08:44:16 -------- d-----w- C:\Users\DURAN\AppData\Roaming\Yahoo!
    2011-08-28 08:37:51 . 2011-08-28 08:37:51 -------- d-----w- C:\Users\DURAN\AppData\Roaming\skypePM
    2011-08-28 07:38:19 . 2011-09-05 10:04:25 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
    2011-08-27 17:00:55 . 2011-08-27 17:00:56 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
    2011-08-27 16:59:37 . 2011-08-31 11:07:30 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
    2011-08-26 03:47:53 . 2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
    2011-08-26 03:15:19 . 2011-08-26 03:34:58 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
    2011-08-26 03:15:09 . 2011-08-26 03:28:24 -------- d-----w- C:\Program Files (x86)\Uniblue
    2011-08-26 03:00:26 . 2011-08-31 22:16:36 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
    2011-08-26 03:00:23 . 2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
    2011-08-26 03:00:21 . 2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
    2011-08-26 02:59:51 . 2011-08-27 00:13:36 -------- d-----w- C:\Program Files (x86)\Easy Downloads
    2011-08-25 01:49:10 . 2011-08-12 04:10:01 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
    2011-08-24 05:30:59 . 2011-07-16 05:21:04 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-08-24 05:29:40 . 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
    2011-08-23 22:50:59 . 2011-09-01 00:29:15 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
    2011-08-23 22:34:25 . 2011-08-23 22:34:47 -------- d-----w- C:\aircrack
    2011-08-21 14:56:52 . 2011-08-21 14:56:55 -------- d-----w- C:\Program Files (x86)\WinPcap
    2011-08-21 14:56:01 . 2011-08-22 10:55:51 -------- d-----w- C:\Program Files (x86)\Cain
    2011-08-21 11:07:08 . 2011-09-01 00:40:45 -------- d-----w- C:\Expat Shield
    2011-08-20 03:25:31 . 2011-08-21 03:55:40 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
    2011-08-19 23:34:35 . 2011-08-21 03:56:12 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
    2011-08-12 17:09:29 . 2011-08-12 17:17:54 -------- d-----w- C:\ProgramData\Nero
    2011-08-12 14:31:32 . 2011-08-12 14:31:41 -------- d-----w- C:\Program Files (x86)\Ask.com
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-09-08 12:13:30 . 2011-07-16 11:04:31 77824 ----a-w- C:\Windows\KMSEmulator.exe
    2011-08-24 01:03:19 . 2011-07-17 10:09:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-08 20:35:57 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-08 20:35:54 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
    2011-08-08 17:10:22 . 2011-08-08 17:10:22 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2011-08-08 17:10:22 . 2011-08-08 17:10:22 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 367104 ----a-w- C:\Windows\SysWow64\html.iec
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-08-08 17:10:21 . 2011-08-08 17:10:21 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
    2011-08-08 17:10:20 . 2011-08-08 17:10:20 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-08-08 17:10:20 . 2011-08-08 17:10:20 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
    2011-08-08 17:10:20 . 2011-08-08 17:10:20 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2011-08-08 17:10:20 . 2011-08-08 17:10:20 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2011-08-08 17:10:20 . 2011-08-08 17:10:20 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 76800 ----a-w- C:\Windows\system32\tdc.ocx
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 49664 ----a-w- C:\Windows\system32\imgutil.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 48640 ----a-w- C:\Windows\system32\mshtmler.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 222208 ----a-w- C:\Windows\system32\msls31.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 12288 ----a-w- C:\Windows\system32\mshta.exe
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 114176 ----a-w- C:\Windows\system32\admparse.dll
    2011-08-08 17:10:19 . 2011-08-08 17:10:19 111616 ----a-w- C:\Windows\system32\iesysprep.dll
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 85504 ----a-w- C:\Windows\system32\iesetup.dll
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 603648 ----a-w- C:\Windows\system32\vbscript.dll
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 448512 ----a-w- C:\Windows\system32\html.iec
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 30720 ----a-w- C:\Windows\system32\licmgr10.dll
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 165888 ----a-w- C:\Windows\system32\iexpress.exe
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 160256 ----a-w- C:\Windows\system32\wextract.exe
    2011-08-08 17:10:18 . 2011-08-08 17:10:18 1492992 ----a-w- C:\Windows\system32\inetcpl.cpl
    2011-08-08 14:11:14 . 2011-07-15 02:33:03 2136512 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-08-06 11:13:42 . 2011-08-06 11:14:39 196608 ----a-w- C:\Windows\system32\drivers\ew_juwwanecm.sys
    2011-08-06 11:13:42 . 2011-08-06 11:14:28 999936 ----a-w- C:\Windows\system32\drivers\mod7700.sys
    2011-08-06 11:13:42 . 2011-08-06 11:14:28 13952 ----a-w- C:\Windows\system32\drivers\ew_usbenumfilter.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:39 93696 ----a-w- C:\Windows\system32\drivers\ew_jucdcacm.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:39 85504 ----a-w- C:\Windows\system32\drivers\ew_jubusenum.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:39 55296 ----a-w- C:\Windows\system32\drivers\ew_jucdcecm.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:39 29184 ----a-w- C:\Windows\system32\drivers\ew_juextctrl.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:27 256000 ----a-w- C:\Windows\system32\drivers\ewusbnet.sys
    2011-08-06 11:13:41 . 2011-08-06 11:14:12 117248 ----a-w- C:\Windows\system32\drivers\ew_hwusbdev.sys
    2011-08-06 11:13:40 . 2011-08-06 11:14:39 1490656 ----a-w- C:\Windows\system32\WdfCoInstaller01007.dll
    2011-08-06 11:13:40 . 2011-08-06 11:14:39 1490656 ----a-w- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
    2011-08-06 11:13:40 . 2011-08-06 11:14:27 32768 ----a-w- C:\Windows\system32\drivers\ewdcsc.sys
    2011-08-06 11:13:40 . 2011-08-06 11:14:27 121600 ----a-w- C:\Windows\system32\drivers\ewusbmdm.sys
    2011-08-06 11:13:37 . 2011-08-06 11:13:44 363008 ----a-w- C:\Windows\system32\drivers\UMDF\hwgpssensor.dll
    2011-07-20 08:41:18 . 2011-04-28 01:04:40 34624 ----a-w- C:\Windows\system32\TURegOpt.exe
    2011-07-20 08:35:48 . 2011-04-28 01:04:31 25920 ----a-w- C:\Windows\system32\authuitu.dll
    2011-07-20 08:35:42 . 2011-04-28 01:04:29 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2011-07-20 08:35:38 . 2011-04-28 01:04:32 36160 ----a-w- C:\Windows\system32\uxtuneup.dll
    2011-07-20 08:35:34 . 2011-04-28 01:04:31 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
    2011-07-16 04:26:00 . 2011-08-24 05:31:08 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-06 11:52:42 . 2011-03-24 03:42:52 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 11:52:42 . 2011-03-24 03:42:33 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-07-05 10:37:00 . 2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 10:37:00 . 2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-07-01 09:46:40 . 2011-07-01 09:46:40 31232 ----a-w- C:\Windows\system32\drivers\tap0901.sys
    2011-06-11 03:07:25 . 2011-07-24 06:28:38 3137536 ----a-w- C:\Windows\system32\win32k.sys
    2010-07-08 02:37:14 . 2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe


    ((((((((((((((((((((((((((((( SnapShot@2011-09-07_22.56.35 )))))))))))))))))))))))))))))))))))))))))

    + 2011-09-04 22:10:04 . 2011-09-08 12:09:08 32768 C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-04 22:10:04 . 2011-09-07 22:03:02 32768 C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-04 22:10:04 . 2011-09-07 22:03:02 16384 C:\Windows\Temp\History\History.IE5\index.dat
    + 2011-09-04 22:10:04 . 2011-09-08 12:09:08 16384 C:\Windows\Temp\History\History.IE5\index.dat
    + 2011-09-04 22:10:04 . 2011-09-08 12:09:08 16384 C:\Windows\Temp\Cookies\index.dat
    - 2011-09-04 22:10:04 . 2011-09-07 22:03:02 16384 C:\Windows\Temp\Cookies\index.dat
    + 2010-07-31 02:35:48 . 2011-09-08 10:37:07 12646 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
    - 2010-07-31 02:35:48 . 2011-09-07 01:14:22 12646 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
    - 2009-07-14 05:10:35 . 2011-09-07 22:05:46 60292 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10:35 . 2011-09-08 12:12:22 60292 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-10 09:42:15 . 2011-09-08 04:10:11 28132 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2915824604-787655904-4174257227-1000_UserData.bin
    - 2009-07-14 05:30:40 . 2011-09-06 03:01:29 86016 C:\Windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30:40 . 2011-09-08 23:15:12 86016 C:\Windows\system32\DriverStore\infpub.dat
    + 2010-06-04 01:32:32 . 2011-09-08 10:37:05 14878 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-07-31 09:28:12 . 2011-09-08 07:30:50 5366 C:\Windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
    - 2011-09-07 11:58:06 . 2011-09-07 22:02:19 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-08 12:08:33 . 2011-09-08 12:08:33 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-08 12:08:33 . 2011-09-08 12:08:33 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-09-07 11:58:06 . 2011-09-07 22:02:19 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-07-11 00:01:09 . 2011-09-08 07:30:45 525366 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2011-08-05 06:21:17 . 2011-09-08 10:36:24 474936 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2010-04-13 23:05:24 . 2011-09-08 12:12:17 108944 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2010-06-04 16:41:04 . 2011-09-07 08:29:48 481560 C:\Windows\system32\prfh0404.dat
    + 2010-06-04 16:41:04 . 2011-09-08 13:51:49 481560 C:\Windows\system32\prfh0404.dat
    + 2010-06-04 16:41:04 . 2011-09-08 13:51:49 151844 C:\Windows\system32\prfc0404.dat
    - 2010-06-04 16:41:04 . 2011-09-07 08:29:48 151844 C:\Windows\system32\prfc0404.dat
    - 2009-07-14 02:36:59 . 2011-09-07 08:29:48 738742 C:\Windows\system32\perfh009.dat
    + 2009-07-14 02:36:59 . 2011-09-08 13:51:49 738742 C:\Windows\system32\perfh009.dat
    + 2009-07-14 02:36:59 . 2011-09-08 13:51:49 151844 C:\Windows\system32\perfc009.dat
    - 2009-07-14 02:36:59 . 2011-09-07 08:29:48 151844 C:\Windows\system32\perfc009.dat
    - 2009-07-14 05:30:40 . 2011-09-06 03:01:29 239616 C:\Windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30:40 . 2011-09-08 23:15:12 239616 C:\Windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30:40 . 2011-09-08 23:15:12 143360 C:\Windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30:40 . 2011-09-06 03:01:28 143360 C:\Windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:01:48 . 2011-09-08 10:37:09 541956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01:48 . 2011-09-07 11:39:56 541956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-02-16 08:58:15 . 2011-09-07 04:23:06 5473648 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
    + 2011-02-16 08:58:15 . 2011-09-08 10:37:10 5473648 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
    2011-05-24 23:41:14 233288 ----a-w- C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 08:50:26 1197448 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 08:50:26 1197448]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USB Safely Remove"="C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-27 22:23:59 1239040]
    "PowerSuite"="C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" [2011-07-18 08:08:22 67448]
    "Facebook Update"="C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 10:00:46 137536]
    "Connectify"="C:\Program Files (x86)\Connectify\Connectify.exe" [2011-03-09 22:17:14 1532992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-11-01 23:39:48 1094736]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 04:59:52 254696]
    "Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 11:52:38 449584]

    C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
    HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    "IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

    R1 bftpznfz;bftpznfz; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 05:16:28 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 06:27:14 138576]
    R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2011-08-06 11:13:34 218624]
    R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:51 135664]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 11:52:38 366640]
    R2 stimelock;Time Lock;C:\Time Lock\timelockfw.exe [2010-01-13 13:01:32 743424]
    R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys [x]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [x]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-07-01 18:40:38 58013]
    R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files (x86)\Garena\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:51 135664]
    R3 huawei_cdcecm;huawei_cdcecm;C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 09:51:12 30963576]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys [x]
    R3 NETw5s64;?? Windows 7 64 Bit ? Intel(R) Wireless WiFi Link ???????;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 05:37:14 517096]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
    R3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]
    R4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 04:33:26 430424]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
    S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
    S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 04:55:28 64952]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    S2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-03-09 22:17:16 892992]
    S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 18:30:12 107016]
    S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 08:41:42 810144]
    S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [x]
    S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-26 03:56:10 782880]
    S2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2011-07-01 18:37:24 298824]
    S2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-05-24 23:40:12 363336]
    S2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [2011-05-25 00:54:54 329544]
    S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2010-11-16 13:38:16 339456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 09:00:42 13336]
    S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x]
    S2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 07:44:14 158240]
    S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 08:52:58 260640]
    S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 23:27:36 243232]
    S2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 18:12:42 539032]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
    S3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys [x]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [x]
    S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [x]
    S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 12:34:24 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc

    Contents of the 'Scheduled Tasks' folder

    2011-09-08 C:\Windows\Tasks\AutoKMS.job
    - C:\Windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04:53 . 2011-07-16 11:04:53]

    2011-09-08 C:\Windows\Tasks\AutoKMSDaily.job
    - C:\Windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04:53 . 2011-07-16 11:04:53]

    2011-09-05 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
    - C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:01:02 . 2011-09-05 10:00:46]

    2011-09-06 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    - C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:01:02 . 2011-09-05 10:00:46]

    2011-09-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:54 . 2010-08-23 08:10:51]

    2011-09-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:54 . 2010-08-23 08:10:51]

    2011-08-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core1cc542decbe9360.job
    - C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:14:42 . 2010-10-23 10:43:26]

    2011-09-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    - C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:14:42 . 2010-10-23 10:43:26]


    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
    2011-05-24 23:41:14 287048 ----a-w- C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2011-01-12 08:41:26 2917632]
    "Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-26 03:56:12 496160]
    "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-09 05:50:30 387608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    ------- Supplementary Scan -------

    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1
    uInternet Settings,ProxyServer = 127.0.0.1:9666
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device...
    IE: Send page to &Bluetooth Device...
    IE: YamicsoftDisabled
    IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: microsoft.com\v6.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: windowsupdate.com\download
    TCP: DhcpNameServer = 10.202.48.1
    TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
    TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
    FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
    FF - prefs.js: network.proxy.ftp - 10.201.60.241
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 10.201.60.241
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 10.201.60.241
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600

    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-HijackThis - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You forgot to post Attach.txt part of DDS...

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/10/2010 5:40:25 PM
    System Uptime: 09/05/2011 6:08:50 AM (8 hours ago)
    .
    Motherboard: Acer | | Aspire 4810T
    Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz | CPU | 1196/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is CDROM ()
    C: is FIXED (NTFS) - 226 GiB total, 129.213 GiB free.
    D: is FIXED (NTFS) - 227 GiB total, 117.182 GiB free.
    F: is CDROM (CDFS)
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0010
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #11
    PNP Device ID: ROOT\*6TO4MP\0010
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0036
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #37
    PNP Device ID: ROOT\*6TO4MP\0036
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0011
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #12
    PNP Device ID: ROOT\*6TO4MP\0011
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0037
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #38
    PNP Device ID: ROOT\*6TO4MP\0037
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0012
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #13
    PNP Device ID: ROOT\*6TO4MP\0012
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0038
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #39
    PNP Device ID: ROOT\*6TO4MP\0038
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: HUAWEI Mobile CMCC Connect - Network Adapter
    Device ID: ROOT\NET\0001
    Manufacturer: HUAWEI
    Name: HUAWEI Mobile CMCC Connect - Network Adapter
    PNP Device ID: ROOT\NET\0001
    Service: huawei_cdcecm
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0013
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #14
    PNP Device ID: ROOT\*6TO4MP\0013
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0039
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #40
    PNP Device ID: ROOT\*6TO4MP\0039
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0014
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #15
    PNP Device ID: ROOT\*6TO4MP\0014
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0040
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #41
    PNP Device ID: ROOT\*6TO4MP\0040
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0015
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #16
    PNP Device ID: ROOT\*6TO4MP\0015
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0041
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #42
    PNP Device ID: ROOT\*6TO4MP\0041
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0016
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #17
    PNP Device ID: ROOT\*6TO4MP\0016
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0042
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #43
    PNP Device ID: ROOT\*6TO4MP\0042
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0017
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #18
    PNP Device ID: ROOT\*6TO4MP\0017
    Service: tunnel
    .
    Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
    Description: Microsoft Windows SideShow-compatible device
    Device ID: ROOT\SIDESHOW\0000
    Manufacturer: Microsoft
    Name: Microsoft Windows SideShow-compatible device
    PNP Device ID: ROOT\SIDESHOW\0000
    Service: WUDFRd
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0043
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #44
    PNP Device ID: ROOT\*6TO4MP\0043
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0018
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #19
    PNP Device ID: ROOT\*6TO4MP\0018
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0044
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #45
    PNP Device ID: ROOT\*6TO4MP\0044
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0019
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #20
    PNP Device ID: ROOT\*6TO4MP\0019
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0045
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #46
    PNP Device ID: ROOT\*6TO4MP\0045
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0020
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #21
    PNP Device ID: ROOT\*6TO4MP\0020
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0046
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #47
    PNP Device ID: ROOT\*6TO4MP\0046
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0021
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #22
    PNP Device ID: ROOT\*6TO4MP\0021
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0047
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #48
    PNP Device ID: ROOT\*6TO4MP\0047
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0022
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #23
    PNP Device ID: ROOT\*6TO4MP\0022
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0023
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #24
    PNP Device ID: ROOT\*6TO4MP\0023
    Service: tunnel
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Lexmark X422
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Lexmark
    Name: Lexmark X422
    PNP Device ID: ROOT\IMAGE\0000
    Service: usbscan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0024
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #25
    PNP Device ID: ROOT\*6TO4MP\0024
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0025
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #26
    PNP Device ID: ROOT\*6TO4MP\0025
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0026
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #27
    PNP Device ID: ROOT\*6TO4MP\0026
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0004
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0001
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #2
    PNP Device ID: ROOT\*6TO4MP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0027
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #28
    PNP Device ID: ROOT\*6TO4MP\0027
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0002
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #3
    PNP Device ID: ROOT\*6TO4MP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0028
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #29
    PNP Device ID: ROOT\*6TO4MP\0028
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0003
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #4
    PNP Device ID: ROOT\*6TO4MP\0003
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0029
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #30
    PNP Device ID: ROOT\*6TO4MP\0029
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0004
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #5
    PNP Device ID: ROOT\*6TO4MP\0004
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0030
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #31
    PNP Device ID: ROOT\*6TO4MP\0030
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0005
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #6
    PNP Device ID: ROOT\*6TO4MP\0005
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0031
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #32
    PNP Device ID: ROOT\*6TO4MP\0031
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0006
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #7
    PNP Device ID: ROOT\*6TO4MP\0006
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0032
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #33
    PNP Device ID: ROOT\*6TO4MP\0032
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0007
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #8
    PNP Device ID: ROOT\*6TO4MP\0007
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0033
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #34
    PNP Device ID: ROOT\*6TO4MP\0033
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0008
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #9
    PNP Device ID: ROOT\*6TO4MP\0008
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0034
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #35
    PNP Device ID: ROOT\*6TO4MP\0034
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0009
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #10
    PNP Device ID: ROOT\*6TO4MP\0009
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0035
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter #36
    PNP Device ID: ROOT\*6TO4MP\0035
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    1.1.1.5
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    4500_G510gm_Help
    4500G510gm
    4500G510gm_Software_Min
    Accurate Personality Test 1.0
    Acer Crystal Eye Webcam
    Acer eRecovery Management
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader X (10.1.0)
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 1.2.6
    BlueJ 3.0.4
    BufferChm
    Bullzip MS Access to MySQL 3.0.0.148
    Cain & Abel v4.9.42
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help English
    CommView for WiFi
    Connection Keeper
    ConvertHelper 2.2
    Dark Parables-The Exiled Prince Collector's Edition
    Definition update for Microsoft Office 2010 (KB982726)
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Driver Genius Professional Edition
    eSobi v2
    Expat Shield 2.06
    Fax
    Garena - League of Legends PH
    Garena 2010
    Garena Messenger
    Globe Tattoo Broadband
    Google Chrome
    Google Update Helper
    GPBaseService2
    HijackThis 2.0.2
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    HPProductAssistant
    Imagicon
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) SE Development Kit 6 Update 21
    JCreator LE 5.00
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Full)
    Kalydo Player 3.10.04
    Launch Manager
    Learning Essentials for Microsoft Office
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Choice Guard
    Microsoft Math
    Microsoft MSDN 2005 Express Edition - ENU
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft PowerPoint Viewer
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server System CLR Types
    Microsoft Student 2007 for Learning Essentials
    Microsoft Student with Encarta Premium 2009
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Visual Basic 2005 Express Edition - ENU
    Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
    Microsoft Visual Basic 6.0 Enterprise Edition
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 5.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Server 5.1
    Mystery Case Files 13th Skull Collectors Edition 1.00
    MyWinLocker Suite
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    OpenVPN 2.2.1
    Optical Drive Power Management
    PDF Settings CS5
    Photo Transport
    Photoshop Camera Raw
    Picasa 3
    Pixel Bender Toolkit
    PowerISO
    PX Profile Update
    PxMergeModule
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
    Shredder
    Skype™ 5.2
    SMART BRO
    SmartWebPrinting
    SolutionCenter
    SQLyog Community 8.4 Beta1
    Status
    Suite Shared Configuration CS4
    swMSM
    Technology in the Class for Learning Essentials
    Toolbox
    Total Video Converter 3.71 100812
    TrayApp
    Treasure Seekers: The Time Has Come Collector's Edition
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    USB Safely Remove 4.5
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.7
    WebReg
    Welch's Project Reference 6.6.8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Writer
    Windows Movie Maker 2.6
    WinPcap 4.1.2
    Yahoo! Messenger
    Yahoo! Software Update
    yEd Graph Editor 3.7.0.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    09/05/2011 6:10:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
    09/05/2011 6:10:08 AM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    09/05/2011 5:51:52 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:49:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    09/05/2011 5:48:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    09/05/2011 5:48:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    09/05/2011 5:48:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    09/05/2011 5:48:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ehdrv mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd tdx vwififlt Wanarpv6 WfpLwf
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The Expat Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    09/05/2011 5:47:13 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    09/04/2011 8:45:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    09/04/2011 7:05:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    .
    ==== End Of File ===========================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall all Uniblue programs, which actually can be part of your problem:
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Uninstall Ask Toolbar, typical foistware.

    =======================================================

    Make sure you post a whole Combofix log this time.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    C:\Users\acer\AppData\Local\BITF061.tmp
    
    
    DDS::
    uInternet Settings,ProxyOverride = 127.0.0.1
    uInternet Settings,ProxyServer = 127.0.0.1:9666
    Trusted Zone: microsoft.com\v6.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: windowsupdate.com\download
    
    Driver::
    bftpznfz
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    sir.. i already removed
    Ask Toolbar
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC


    done also scanning using Combofix as what you instructed me to do..
    sad to say, the Log processing is not yet finished up to now.. still no clues for almost 2 hours waiting..
    is it normal sir? :/

    ill report again later, need to go school first :)
    thank you, God Bless :)
     
  14. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    yeeppe!

    just now, the log pop out at last...

    here it is :)



    ComboFix 11-09-08.03 - NECCO 09/09/2011 11:14:28.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.428 [GMT 8:00]
    Running from: c:\users\acer\Desktop\techspot\ComboFix.exe
    Command switches used :: c:\users\acer\Desktop\techspot\CFScript.txt
    AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\acer\AppData\Local\BITF061.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_bftpznfz
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-09 03:36 . 2011-09-09 03:36 0 ---ha-w- c:\users\acer\AppData\Local\BIT7FF8.tmp
    2011-09-09 03:31 . 2011-09-09 03:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-09-09 03:31 . 2011-09-09 03:31 -------- d-----w- c:\users\DURAN\AppData\Local\temp
    2011-09-07 02:57 . 2011-09-07 03:02 -------- d-----w- c:\users\acer\AppData\Roaming\TS3Client
    2011-09-07 02:56 . 2011-09-07 02:56 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2011-09-06 05:27 . 2011-09-06 05:27 -------- d-----w- c:\programdata\InterAction studios
    2011-09-06 03:03 . 2011-09-07 03:03 -------- d-----w- c:\users\acer\AppData\Local\Connectify
    2011-09-05 05:00 . 2011-09-05 05:00 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-09-02 23:11 . 2011-09-02 23:11 -------- d-----w- c:\users\DURAN\AppData\Local\Diagnostics
    2011-09-01 01:57 . 2011-09-01 01:57 -------- d-----w- c:\programdata\hssff
    2011-09-01 00:36 . 2011-09-01 00:40 -------- d-----w- c:\program files (x86)\Expat Shield
    2011-09-01 00:36 . 2011-06-22 22:05 755016 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
    2011-09-01 00:36 . 2011-06-22 22:05 756552 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    2011-08-31 11:05 . 2011-08-31 11:05 0 ---ha-w- c:\users\acer\AppData\Local\BITF061.tmp
    2011-08-31 10:54 . 2011-09-09 03:32 -------- d-----w- c:\program files (x86)\Connectify
    2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\users\acer\AppData\Roaming\PACE Anti-Piracy
    2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\programdata\PACE Anti-Piracy
    2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\users\acer\AppData\Local\PACE Anti-Piracy
    2011-08-29 17:26 . 2011-08-31 22:32 -------- d-----w- c:\users\EHNN
    2011-08-29 10:50 . 2011-08-31 22:29 -------- d-----w- C:\ICC_Backup
    2011-08-28 08:44 . 2011-08-28 08:44 -------- d-----w- c:\users\DURAN\AppData\Local\Yahoo
    2011-08-28 08:44 . 2011-08-28 08:44 -------- d-----w- c:\users\DURAN\AppData\Roaming\Yahoo!
    2011-08-28 08:37 . 2011-08-28 08:37 -------- d-----w- c:\users\DURAN\AppData\Roaming\skypePM
    2011-08-28 07:38 . 2011-09-05 10:04 -------- d-----w- c:\users\acer\AppData\Local\Facebook
    2011-08-27 17:00 . 2011-08-27 17:00 -------- d-----w- c:\users\acer\AppData\Roaming\MozillaControl
    2011-08-27 16:59 . 2011-08-31 11:07 -------- d-----w- c:\program files (x86)\'Full Speed' Internet Booster + Performance Tests
    2011-08-26 03:47 . 2011-08-26 03:47 -------- d-----w- c:\programdata\Uniblue
    2011-08-26 03:15 . 2011-09-09 03:06 -------- d-----w- c:\program files (x86)\Uniblue
    2011-08-26 03:00 . 2011-08-31 22:16 -------- d-----w- c:\users\acer\AppData\Local\Babylon
    2011-08-26 03:00 . 2011-08-26 03:00 -------- d-----w- c:\programdata\Babylon
    2011-08-26 03:00 . 2011-08-26 03:00 -------- d-----w- c:\users\acer\AppData\Roaming\Babylon
    2011-08-26 02:59 . 2011-08-27 00:13 -------- d-----w- c:\program files (x86)\Easy Downloads
    2011-08-25 01:49 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
    2011-08-24 05:30 . 2011-07-16 05:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-08-24 05:29 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-23 22:50 . 2011-09-01 00:29 -------- d-----w- c:\program files (x86)\CommViewWiFi
    2011-08-23 22:34 . 2011-08-23 22:34 -------- d-----w- C:\aircrack
    2011-08-21 14:56 . 2011-08-21 14:56 -------- d-----w- c:\program files (x86)\WinPcap
    2011-08-21 14:56 . 2011-08-22 10:55 -------- d-----w- c:\program files (x86)\Cain
    2011-08-21 11:07 . 2011-09-01 00:40 -------- d-----w- C:\Expat Shield
    2011-08-20 03:25 . 2011-08-21 03:55 -------- d-----w- c:\program files (x86)\Sun Broadband Wireless
    2011-08-19 23:34 . 2011-08-21 03:56 -------- d-----w- c:\program files (x86)\Cheat Engine 6
    2011-08-12 17:09 . 2011-08-12 17:17 -------- d-----w- c:\programdata\Nero
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 03:39 . 2011-09-09 03:39 0 ---ha-w- c:\users\acer\AppData\Local\BIT124D.tmp
    2011-09-09 03:38 . 2011-07-16 11:04 77824 ----a-w- c:\windows\KMSEmulator.exe
    2011-08-24 01:03 . 2011-07-17 10:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-08 20:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-08 20:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-08-08 17:10 . 2011-08-08 17:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-08-08 17:10 . 2011-08-08 17:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-08-08 17:10 . 2011-08-08 17:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-08-08 17:10 . 2011-08-08 17:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-08-08 17:10 . 2011-08-08 17:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-08-08 17:10 . 2011-08-08 17:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-08-08 17:10 . 2011-08-08 17:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-08-08 17:10 . 2011-08-08 17:10 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-08-08 17:10 . 2011-08-08 17:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-08-08 17:10 . 2011-08-08 17:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-08-08 17:10 . 2011-08-08 17:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-08-08 17:10 . 2011-08-08 17:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-08-08 17:10 . 2011-08-08 17:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-08-08 17:10 . 2011-08-08 17:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-08-08 17:10 . 2011-08-08 17:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-08-08 17:10 . 2011-08-08 17:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-08-08 17:10 . 2011-08-08 17:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-08-08 17:10 . 2011-08-08 17:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-08-08 17:10 . 2011-08-08 17:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-08 17:10 . 2011-08-08 17:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-08 17:10 . 2011-08-08 17:10 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-08-08 17:10 . 2011-08-08 17:10 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-08-08 17:10 . 2011-08-08 17:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-08-08 17:10 . 2011-08-08 17:10 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-08-08 17:10 . 2011-08-08 17:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-08-08 17:10 . 2011-08-08 17:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-08-08 17:10 . 2011-08-08 17:10 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-08-08 17:10 . 2011-08-08 17:10 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-08-08 17:10 . 2011-08-08 17:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-08-08 17:10 . 2011-08-08 17:10 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-08-08 17:10 . 2011-08-08 17:10 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-08-08 17:10 . 2011-08-08 17:10 448512 ----a-w- c:\windows\system32\html.iec
    2011-08-08 17:10 . 2011-08-08 17:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-08 17:10 . 2011-08-08 17:10 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-08-08 17:10 . 2011-08-08 17:10 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-08-08 17:10 . 2011-08-08 17:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-08 14:11 . 2011-07-15 02:33 2136512 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2011-08-06 11:13 . 2011-08-06 11:14 196608 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
    2011-08-06 11:13 . 2011-08-06 11:14 999936 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2011-08-06 11:13 . 2011-08-06 11:14 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2011-08-06 11:13 . 2011-08-06 11:14 93696 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2011-08-06 11:13 . 2011-08-06 11:14 85504 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2011-08-06 11:13 . 2011-08-06 11:14 55296 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2011-08-06 11:13 . 2011-08-06 11:14 29184 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2011-08-06 11:13 . 2011-08-06 11:14 256000 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2011-08-06 11:13 . 2011-08-06 11:14 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2011-08-06 11:13 . 2011-08-06 11:14 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2011-08-06 11:13 . 2011-08-06 11:14 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2011-08-06 11:13 . 2011-08-06 11:14 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2011-08-06 11:13 . 2011-08-06 11:14 121600 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2011-08-06 11:13 . 2011-08-06 11:13 363008 ----a-w- c:\windows\system32\drivers\UMDF\hwgpssensor.dll
    2011-07-20 08:41 . 2011-04-28 01:04 34624 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-07-20 08:35 . 2011-04-28 01:04 25920 ----a-w- c:\windows\system32\authuitu.dll
    2011-07-20 08:35 . 2011-04-28 01:04 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
    2011-07-20 08:35 . 2011-04-28 01:04 36160 ----a-w- c:\windows\system32\uxtuneup.dll
    2011-07-20 08:35 . 2011-04-28 01:04 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
    2011-07-16 04:26 . 2011-08-24 05:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-06 11:52 . 2011-03-24 03:42 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 11:52 . 2011-03-24 03:42 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-07-01 09:46 . 2011-07-01 09:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2010-07-08 02:37 . 2010-07-08 02:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-09-07_22.56.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-09-04 22:10 . 2011-09-09 03:34 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-04 22:10 . 2011-09-07 22:03 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-09-04 22:10 . 2011-09-07 22:03 16384 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-09-04 22:10 . 2011-09-09 03:34 16384 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-09-04 22:10 . 2011-09-09 03:34 16384 c:\windows\Temp\Cookies\index.dat
    - 2011-09-04 22:10 . 2011-09-07 22:03 16384 c:\windows\Temp\Cookies\index.dat
    + 2010-07-31 02:35 . 2011-09-08 10:37 12646 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2010-07-31 02:35 . 2011-09-07 01:14 12646 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2009-07-14 05:10 . 2011-09-07 22:05 60292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-09-09 03:37 60292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-10 09:42 . 2011-09-09 03:37 28274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2915824604-787655904-4174257227-1000_UserData.bin
    - 2009-07-14 05:30 . 2011-09-06 03:01 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2011-09-08 23:15 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2010-06-04 01:32 . 2011-09-08 10:37 14878 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-07-31 09:28 . 2011-09-08 07:30 5366 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
    - 2011-09-07 11:58 . 2011-09-07 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-09 03:34 . 2011-09-09 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-09-09 03:34 . 2011-09-09 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-09-07 11:58 . 2011-09-07 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-07-11 00:01 . 2011-09-08 07:30 525366 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2011-08-05 06:21 . 2011-09-08 10:36 474936 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2010-04-13 23:05 . 2011-09-08 12:12 108944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2010-06-04 16:41 . 2011-09-07 08:29 481560 c:\windows\system32\prfh0404.dat
    + 2010-06-04 16:41 . 2011-09-08 13:51 481560 c:\windows\system32\prfh0404.dat
    + 2010-06-04 16:41 . 2011-09-08 13:51 151844 c:\windows\system32\prfc0404.dat
    - 2010-06-04 16:41 . 2011-09-07 08:29 151844 c:\windows\system32\prfc0404.dat
    - 2009-07-14 02:36 . 2011-09-07 08:29 738742 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-09-08 13:51 738742 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-09-08 13:51 151844 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-09-07 08:29 151844 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:30 . 2011-09-06 03:01 239616 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-09-08 23:15 239616 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2011-09-08 23:15 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2011-09-06 03:01 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:01 . 2011-09-09 03:32 541956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-09-07 11:39 541956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-02-16 08:58 . 2011-09-07 04:23 5473648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
    + 2011-02-16 08:58 . 2011-09-09 03:32 5473648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
    2011-05-24 23:41 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-27 1239040]
    "Facebook Update"="c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
    "Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2011-08-06 218624]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 135664]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-07-01 58013]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 135664]
    R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
    R3 NETw5s64;?? Windows 7 64 Bit ? Intel(R) Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
    S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-26 782880]
    S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2011-07-01 298824]
    S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-05-24 363336]
    S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2011-05-25 329544]
    S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 stimelock;Time Lock;c:\time lock\timelockfw.exe [2010-01-13 743424]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 539032]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-09 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04]
    .
    2011-09-09 c:\windows\Tasks\AutoKMSDaily.job
    - c:\windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04]
    .
    2011-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
    - c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:00]
    .
    2011-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    - c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:00]
    .
    2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10]
    .
    2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10]
    .
    2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core1cc542decbe9360.job
    - c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:43]
    .
    2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    - c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:43]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
    2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2917632]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-26 496160]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608]
    "combofix"="c:\combofix\CF9920.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device...
    IE: Send page to &Bluetooth Device...
    IE: YamicsoftDisabled
    IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: YamicsoftDisabled\Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    TCP: DhcpNameServer = 10.204.24.1
    TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
    TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
    FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
    FF - prefs.js: network.proxy.ftp - 10.201.60.241
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 10.201.60.241
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 10.201.60.241
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.proxy.type - 0
    FF - user.js: network.proxy.http -
    user_pref(network.proxy.http_port,);
    FF - user.js: network.proxy.no_proxies_on -
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Wow6432Node-HKCU-Run-PowerSuite - c:\progra~2\Uniblue\POWERS~1\launcher.exe
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):19,9a,7f,10,97,de,d3,55,2b,8a,89,01,fb,03,d2,87,77,17,27,6c,8d,
    2a,ac,e4,f5,02,18,bb,84,38,0d,c4,05,50,a3,48,14,1f,73,3a,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000_Classes\Wow6432Node\CLSID\{fea775ac-13c3-4e75-822d-b5860013a99b}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000f9
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,00,8b,b7,a0,86,d5,49,bb,d8,b4,55,54,ea,d1,38,1e,be,25,0a,94,65,24,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
    "DataDir"="ESET\\ESET Smart Security\\"
    "EditionName"=" "
    "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:6090e758
    "ProductBase"=dword:00000001
    "ProductCode"="{C0D93E4E-0866-43C8-A104-BF41A803EA84}"
    "ProductName"="ESET Smart Security"
    "ProductType"="ess"
    "ProductVersion"="4.2.71.2"
    "UniqueId"="0003BFE44DCAFAB7"
    "ScannerBuild"=dword:000025fe
    "ScannerVersionId"=dword:000018cf
    "ScannerVersion"="Open window for status."
    "ei2"=hex(b):e0,3b,9a,c8,55,ca,03,2e
    "ei1"=hex(b):00,26,2d,a6,72,b0,00,00
    "ei3"=hex(b):77,bf,12,4e,00,00,00,00
    "ei4"=dword:00000002
    "FixId"=dword:00000009
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile]
    @Denied: (2) (LocalSystem)
    "SelfdefenceEnabled"=dword:00000001
    "ScanUnwantedApp"=dword:00000000
    "WUWarningLevel"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\programdata\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
    c:\programdata\DatacardService\DCSHelper.exe
    c:\program files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
    c:\program files (x86)\Expat Shield\bin\openvpntray.exe
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\program files (x86)\Expat Shield\bin\openvpn.exe
    c:\program files (x86)\Expat Shield\bin\fbw.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-09 13:15:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-09 05:15
    .
    Pre-Run: 134,227,980,288 bytes free
    Post-Run: 133,226,590,208 bytes free
    .
    - - End Of File - - B814B33DC1D11CD79A1E0BF0D5F30195


    sorry for not following what combofix needs me to do..
    im bored waiting so i open chrome + expatshield + tattoo broadband for me to surf :(
    hope this does not do anything worse,

    another thing sir, lately the MBAM has error opening .. dunno why
    hope we also fix my not genuine issue,

    until later sir :)
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    This will be a subject to a different forum, when we're done here.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    tdsskiller log

    2011/09/10 08:28:07.0885 0260 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
    2011/09/10 08:28:09.0892 0260 ================================================================================
    2011/09/10 08:28:09.0893 0260 SystemInfo:
    2011/09/10 08:28:09.0893 0260
    2011/09/10 08:28:09.0893 0260 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/10 08:28:09.0893 0260 Product type: Workstation
    2011/09/10 08:28:09.0893 0260 ComputerName: NECCO
    2011/09/10 08:28:09.0894 0260 UserName: NECCO
    2011/09/10 08:28:09.0894 0260 Windows directory: C:\Windows
    2011/09/10 08:28:09.0894 0260 System windows directory: C:\Windows
    2011/09/10 08:28:09.0894 0260 Running under WOW64
    2011/09/10 08:28:09.0894 0260 Processor architecture: Intel x64
    2011/09/10 08:28:09.0894 0260 Number of processors: 2
    2011/09/10 08:28:09.0894 0260 Page size: 0x1000
    2011/09/10 08:28:09.0894 0260 Boot type: Normal boot
    2011/09/10 08:28:09.0894 0260 ================================================================================
    2011/09/10 08:28:13.0526 0260 Initialize success
    2011/09/10 08:28:21.0036 4052 ================================================================================
    2011/09/10 08:28:21.0036 4052 Scan started
    2011/09/10 08:28:21.0036 4052 Mode: Manual;
    2011/09/10 08:28:21.0036 4052 ================================================================================
    2011/09/10 08:28:25.0406 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/10 08:28:25.0751 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/10 08:28:26.0058 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/10 08:28:26.0393 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/10 08:28:27.0108 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/10 08:28:27.0626 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/10 08:28:27.0882 4052 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/10 08:28:28.0249 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/10 08:28:28.0580 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/10 08:28:28.0901 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/10 08:28:29.0137 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/10 08:28:29.0548 4052 amdkmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atipmdag.sys
    2011/09/10 08:28:30.0478 4052 amdkmdap (95fdd2d085013d34bc27daa5e900ed86) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/09/10 08:28:30.0714 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/10 08:28:30.0973 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/10 08:28:31.0404 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/10 08:28:31.0667 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/10 08:28:32.0039 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/10 08:28:32.0324 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/10 08:28:32.0640 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/10 08:28:32.0910 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/10 08:28:33.0154 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/10 08:28:33.0823 4052 athrusb6 (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\athrxu6.sys
    2011/09/10 08:28:34.0460 4052 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/10 08:28:35.0435 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/10 08:28:35.0665 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/10 08:28:36.0000 4052 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    2011/09/10 08:28:36.0493 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/10 08:28:36.0772 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/10 08:28:37.0060 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/10 08:28:37.0410 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/10 08:28:37.0566 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/10 08:28:37.0737 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/10 08:28:38.0006 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/10 08:28:38.0249 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/10 08:28:38.0455 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/10 08:28:38.0640 4052 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/09/10 08:28:38.0888 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/10 08:28:39.0243 4052 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/10 08:28:39.0552 4052 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    2011/09/10 08:28:39.0815 4052 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/09/10 08:28:40.0279 4052 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
    2011/09/10 08:28:40.0515 4052 btwampfl (73a1c54749fe4f0019241e36c796ab86) C:\Windows\system32\drivers\btwampfl.sys
    2011/09/10 08:28:40.0881 4052 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
    2011/09/10 08:28:41.0061 4052 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
    2011/09/10 08:28:41.0255 4052 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
    2011/09/10 08:28:41.0432 4052 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/09/10 08:28:41.0656 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/10 08:28:41.0847 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/10 08:28:42.0418 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/10 08:28:42.0649 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/10 08:28:43.0122 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/10 08:28:43.0317 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/10 08:28:43.0534 4052 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/10 08:28:43.0865 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/10 08:28:44.0140 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/10 08:28:44.0370 4052 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
    2011/09/10 08:28:45.0223 4052 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
    2011/09/10 08:28:45.0388 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/10 08:28:45.0642 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/10 08:28:45.0813 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/10 08:28:46.0208 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/10 08:28:46.0917 4052 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/10 08:28:47.0172 4052 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    2011/09/10 08:28:47.0369 4052 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/10 08:28:47.0650 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/10 08:28:47.0938 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/10 08:28:48.0295 4052 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
    2011/09/10 08:28:48.0931 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/10 08:28:49.0374 4052 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
    2011/09/10 08:28:49.0826 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/10 08:28:50.0033 4052 epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
    2011/09/10 08:28:50.0511 4052 Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
    2011/09/10 08:28:50.0851 4052 epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
    2011/09/10 08:28:51.0313 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/10 08:28:51.0690 4052 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
    2011/09/10 08:28:51.0934 4052 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    2011/09/10 08:28:52.0356 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/10 08:28:52.0937 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/10 08:28:53.0271 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/10 08:28:53.0628 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/10 08:28:53.0829 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/10 08:28:54.0241 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/10 08:28:54.0570 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/10 08:28:55.0239 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/10 08:28:55.0537 4052 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    2011/09/10 08:28:55.0819 4052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/10 08:28:56.0077 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/10 08:28:57.0194 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/10 08:28:57.0875 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/10 08:28:58.0140 4052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/10 08:28:58.0367 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/10 08:28:58.0585 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/10 08:28:58.0875 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/10 08:28:59.0118 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/10 08:28:59.0413 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/09/10 08:28:59.0738 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/10 08:28:59.0965 4052 HssDrv (80b0c0d39178e80905e30fa92c0f6d43) C:\Windows\system32\DRIVERS\HssDrv.sys
    2011/09/10 08:29:00.0823 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/10 08:29:01.0116 4052 huawei_cdcecm (4919c5492dca2cca36d6b8902713c8d0) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
    2011/09/10 08:29:01.0366 4052 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    2011/09/10 08:29:01.0583 4052 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    2011/09/10 08:29:02.0381 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/10 08:29:02.0684 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/10 08:29:02.0932 4052 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/10 08:29:03.0224 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/10 08:29:03.0717 4052 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/10 08:29:04.0734 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/10 08:29:05.0101 4052 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/10 08:29:05.0687 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/10 08:29:06.0414 4052 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
    2011/09/10 08:29:06.0941 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/10 08:29:07.0165 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/10 08:29:07.0389 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/10 08:29:07.0768 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/10 08:29:08.0090 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/10 08:29:08.0278 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/10 08:29:08.0496 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/10 08:29:08.0707 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/10 08:29:08.0856 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/10 08:29:09.0056 4052 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/10 08:29:09.0228 4052 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/10 08:29:09.0390 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/10 08:29:09.0660 4052 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
    2011/09/10 08:29:10.0040 4052 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
    2011/09/10 08:29:10.0357 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/10 08:29:10.0688 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/10 08:29:10.0942 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/10 08:29:11.0183 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/10 08:29:11.0471 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/10 08:29:11.0866 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/10 08:29:12.0655 4052 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
    2011/09/10 08:29:13.0056 4052 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/09/10 08:29:13.0418 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/10 08:29:14.0063 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/10 08:29:15.0230 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/10 08:29:15.0466 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/10 08:29:15.0715 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/10 08:29:15.0917 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/10 08:29:16.0112 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/10 08:29:16.0563 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/10 08:29:16.0856 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/10 08:29:17.0246 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/10 08:29:17.0569 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/10 08:29:17.0962 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/10 08:29:18.0302 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/10 08:29:18.0597 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/10 08:29:19.0277 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/10 08:29:19.0853 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/10 08:29:20.0191 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/10 08:29:20.0380 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/10 08:29:21.0000 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/10 08:29:21.0258 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/10 08:29:21.0489 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/10 08:29:21.0864 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/10 08:29:22.0179 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/10 08:29:22.0484 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/10 08:29:23.0311 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/10 08:29:23.0639 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/10 08:29:23.0908 4052 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
    2011/09/10 08:29:24.0186 4052 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
    2011/09/10 08:29:24.0425 4052 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
    2011/09/10 08:29:24.0702 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/10 08:29:25.0107 4052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/10 08:29:25.0456 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/10 08:29:25.0736 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/10 08:29:25.0935 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/10 08:29:26.0102 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/10 08:29:26.0332 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/10 08:29:26.0797 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/10 08:29:27.0052 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/10 08:29:27.0462 4052 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
    2011/09/10 08:29:27.0964 4052 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/09/10 08:29:28.0997 4052 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
    2011/09/10 08:29:29.0687 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/10 08:29:30.0323 4052 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
    2011/09/10 08:29:30.0809 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/10 08:29:31.0265 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/10 08:29:31.0591 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/10 08:29:33.0100 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/10 08:29:33.0482 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/10 08:29:33.0894 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/10 08:29:34.0363 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/10 08:29:34.0822 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/10 08:29:36.0146 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/10 08:29:37.0376 4052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/10 08:29:38.0015 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/10 08:29:38.0717 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/10 08:29:39.0054 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/10 08:29:39.0346 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/10 08:29:39.0677 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/10 08:29:40.0357 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/10 08:29:41.0029 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/10 08:29:52.0084 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/10 08:29:52.0330 4052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/10 08:29:52.0705 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/10 08:29:52.0945 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/10 08:29:53.0146 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/10 08:29:53.0385 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/10 08:29:53.0642 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/10 08:29:54.0306 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/10 08:29:54.0764 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/10 08:29:54.0955 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/10 08:29:55.0177 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/10 08:29:55.0810 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/10 08:29:56.0291 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/10 08:29:56.0559 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/10 08:29:56.0742 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/10 08:29:56.0903 4052 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/10 08:29:57.0180 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/10 08:29:57.0473 4052 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/10 08:29:57.0754 4052 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    2011/09/10 08:29:58.0058 4052 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
    2011/09/10 08:29:58.0375 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/10 08:29:58.0617 4052 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/09/10 08:29:58.0945 4052 RT73 (3b5809e9d3b8995fb65a82cb92745072) C:\Windows\system32\DRIVERS\Dr71WU.sys
    2011/09/10 08:29:59.0679 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/10 08:29:59.0960 4052 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
    2011/09/10 08:30:00.0204 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/10 08:30:01.0204 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/10 08:30:01.0488 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/10 08:30:01.0768 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/10 08:30:02.0364 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/10 08:30:02.0703 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/10 08:30:02.0920 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/10 08:30:03.0141 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/10 08:30:03.0336 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/10 08:30:03.0596 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/10 08:30:03.0884 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/10 08:30:04.0200 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/10 08:30:04.0527 4052 SNP2UVC (a415c67b40dfb903accc1d40fbee3269) C:\Windows\system32\DRIVERS\snp2uvc.sys
    2011/09/10 08:30:04.0914 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/10 08:30:05.0259 4052 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/09/10 08:30:05.0259 4052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/09/10 08:30:05.0281 4052 sptd - detected LockedFile.Multi.Generic (1)
    2011/09/10 08:30:05.0503 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/10 08:30:05.0818 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/10 08:30:06.0043 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/10 08:30:06.0267 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/10 08:30:06.0538 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/10 08:30:06.0864 4052 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/10 08:30:07.0161 4052 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
    2011/09/10 08:30:07.0506 4052 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
    2011/09/10 08:30:07.0803 4052 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/10 08:30:08.0293 4052 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/10 08:30:08.0542 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/10 08:30:08.0792 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/10 08:30:09.0009 4052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/10 08:30:09.0248 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/10 08:30:09.0465 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/09/10 08:30:09.0826 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/10 08:30:10.0019 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/10 08:30:10.0387 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/10 08:30:10.0661 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/10 08:30:10.0890 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/10 08:30:11.0136 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/10 08:30:11.0393 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/09/10 08:30:11.0663 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/10 08:30:11.0950 4052 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/10 08:30:12.0203 4052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/10 08:30:12.0592 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/10 08:30:12.0760 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/10 08:30:12.0985 4052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/10 08:30:13.0227 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/10 08:30:13.0462 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/10 08:30:13.0762 4052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/10 08:30:13.0929 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/10 08:30:14.0113 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/10 08:30:14.0340 4052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/09/10 08:30:14.0642 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/10 08:30:14.0976 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/10 08:30:15.0150 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/10 08:30:15.0377 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/10 08:30:15.0612 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/10 08:30:15.0823 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/10 08:30:16.0295 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/10 08:30:16.0480 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/10 08:30:16.0796 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/10 08:30:17.0074 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/10 08:30:17.0336 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/10 08:30:17.0534 4052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/10 08:30:17.0818 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/10 08:30:18.0022 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/10 08:30:18.0121 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/10 08:30:18.0385 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/10 08:30:18.0598 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/10 08:30:18.0927 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/10 08:30:19.0174 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/10 08:30:19.0538 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
    2011/09/10 08:30:19.0830 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/10 08:30:20.0191 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/10 08:30:20.0492 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/10 08:30:20.0763 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/10 08:30:21.0120 4052 ZTEusbmdm6k (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    2011/09/10 08:30:21.0377 4052 ZTEusbnmea (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    2011/09/10 08:30:21.0615 4052 ZTEusbser6k (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    2011/09/10 08:30:21.0885 4052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/09/10 08:30:21.0922 4052 Boot (0x1200) (aae757f9982a2b1883f7b896b55898c5) \Device\Harddisk0\DR0\Partition0
    2011/09/10 08:30:22.0045 4052 Boot (0x1200) (11fcf77a610fc58c908ecbeab5b24eba) \Device\Harddisk0\DR0\Partition1
    2011/09/10 08:30:22.0106 4052 Boot (0x1200) (615cb1e6851d6b163caa67276dda49cd) \Device\Harddisk0\DR0\Partition2
    2011/09/10 08:30:22.0122 4052 ================================================================================
    2011/09/10 08:30:22.0122 4052 Scan finished
    2011/09/10 08:30:22.0122 4052 ================================================================================
    2011/09/10 08:30:22.0160 2068 Detected object count: 1
    2011/09/10 08:30:22.0160 2068 Actual detected object count: 1
    2011/09/10 08:31:05.0604 2068 LockedFile.Multi.Generic(sptd) - User select action: Skip
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is computer doing?

    As for MBAM...
    1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    2. Restart your computer (very important).
    3. Download and run this utility.
    4. It will ask to restart your computer (please allow it to).
    5. After the computer restarts, install the latest version from here.

    ===========================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    my MBAM is now okay sir..

    OTL log


    OTL logfile created on: 09/11/2011 06:21:03 - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\acer\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000464 | Country: Philippines | Language: FPO | Date Format: MM/dd/yyyy

    1.93 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 50.05% Memory free
    4.86 Gb Paging File | 3.12 Gb Available in Paging File | 64.22% Paging File free
    Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 226.46 Gb Total Space | 123.98 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
    Drive D: | 226.51 Gb Total Space | 114.89 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
    Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NECCO | User Name: NECCO | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/11 06:19:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Downloads\OTL.exe
    PRC - [2011/09/05 18:00:46 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
    PRC - [2011/08/06 19:13:52 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
    PRC - [2011/08/06 19:13:34 | 000,218,624 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
    PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/07/02 02:40:30 | 000,122,184 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
    PRC - [2011/07/02 02:37:24 | 000,298,824 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
    PRC - [2011/07/02 02:36:48 | 000,609,096 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
    PRC - [2011/06/23 06:12:18 | 000,873,800 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\FBW.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
    PRC - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
    PRC - [2011/03/10 06:17:16 | 000,892,992 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
    PRC - [2011/01/28 06:23:59 | 001,239,040 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
    PRC - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2010/11/16 21:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
    PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2010/01/29 07:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/13 21:01:32 | 000,743,424 | ---- | M] () -- C:\Time Lock\timelockfw.exe
    PRC - [2009/11/02 07:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () -- C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe
    PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    PRC - [2009/08/25 02:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/06 19:13:52 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
    MOD - [2011/08/06 19:13:40 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\XFramePlugin.dll
    MOD - [2011/08/06 19:13:40 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\XCodec.dll
    MOD - [2011/08/06 19:13:40 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\USSDSrvPlugin.dll
    MOD - [2011/08/06 19:13:40 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Win7Support.dll
    MOD - [2011/08/06 19:13:39 | 000,808,960 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SMSUIPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SmsAppPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,315,904 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\StatusBarMgrPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,246,784 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\ToolBarMgrPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SmsSrvPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\STKSrvPlugin.dll
    MOD - [2011/08/06 19:13:39 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Trace.dll
    MOD - [2011/08/06 19:13:38 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtGui4.dll
    MOD - [2011/08/06 19:13:38 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtCore4.dll
    MOD - [2011/08/06 19:13:38 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtNetwork4.dll
    MOD - [2011/08/06 19:13:38 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\PluginContainer.dll
    MOD - [2011/08/06 19:13:38 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Proxy.dll
    MOD - [2011/08/06 19:13:38 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll
    MOD - [2011/08/06 19:13:38 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll
    MOD - [2011/08/06 19:13:38 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\sdk.dll
    MOD - [2011/08/06 19:13:38 | 000,235,008 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetSrvPlugin.dll
    MOD - [2011/08/06 19:13:38 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll
    MOD - [2011/08/06 19:13:38 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSDialup.dll
    MOD - [2011/08/06 19:13:38 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSNDIS.dll
    MOD - [2011/08/06 19:13:38 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSAdapt.dll
    MOD - [2011/08/06 19:13:38 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NotifyServicePlugin.dll
    MOD - [2011/08/06 19:13:38 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll
    MOD - [2011/08/06 19:13:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qico4.dll
    MOD - [2011/08/06 19:13:38 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSPowerMgr.dll
    MOD - [2011/08/06 19:13:38 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSCall.dll
    MOD - [2011/08/06 19:13:37 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NDISAPI.dll
    MOD - [2011/08/06 19:13:37 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoUIExPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetConnectPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoSrvPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\MenuMgrPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,250,880 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,239,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\LiveUpdateInterface.dll
    MOD - [2011/08/06 19:13:37 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NDISPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetConnectSrvPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\LayoutPlugin.dll
    MOD - [2011/08/06 19:13:37 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\libgcc_s_dw2-1.dll
    MOD - [2011/08/06 19:13:37 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\mingwm10.dll
    MOD - [2011/08/06 19:13:36 | 000,495,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll
    MOD - [2011/08/06 19:13:36 | 000,428,032 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DialupUIPlugin.dll
    MOD - [2011/08/06 19:13:36 | 000,428,032 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\core.dll
    MOD - [2011/08/06 19:13:36 | 000,338,432 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceAppPlugin.dll
    MOD - [2011/08/06 19:13:36 | 000,301,056 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceSrvPlugin.dll
    MOD - [2011/08/06 19:13:36 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Common.dll
    MOD - [2011/08/06 19:13:36 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DialUpPlugin.dll
    MOD - [2011/08/06 19:13:36 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DataServicePlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,739,328 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookUIPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,645,120 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallUIPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,550,400 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallAppPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallLogSrvPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,406,528 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallLogUIPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookSrvPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AtCodec.dll
    MOD - [2011/08/06 19:13:35 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallSrvPlugin.dll
    MOD - [2011/08/06 19:13:35 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\ATR2SMgr.dll
    MOD - [2011/08/06 19:13:34 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookPlugin.dll
    MOD - [2011/07/02 02:40:30 | 000,122,184 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
    MOD - [2011/07/02 02:40:00 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll
    MOD - [2011/06/23 06:12:18 | 000,873,800 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\FBW.exe
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/07/20 16:35:38 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
    SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/06/25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/02/26 11:56:10 | 000,782,880 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/29 07:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/09/09 15:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/09/04 15:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/08/06 19:13:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
    SRV - [2011/08/06 06:51:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/07/20 16:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/07/02 02:40:38 | 000,058,013 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe -- (ExpatTrayService)
    SRV - [2011/07/02 02:37:24 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
    SRV - [2011/07/01 17:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
    SRV - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
    SRV - [2011/03/10 06:17:16 | 000,892,992 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files (x86)\Connectify\Connectifyd.exe -- (Connectify)
    SRV - [2011/01/28 02:12:42 | 000,539,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
    SRV - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 20:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/06/26 01:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2010/01/13 21:01:32 | 000,743,424 | ---- | M] () [Auto | Running] -- C:\Time Lock\timelockfw.exe -- (stimelock)
    SRV - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)
    SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/08/25 02:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/26 12:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
    DRV:64bit: - [2011/08/06 19:13:41 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2011/08/06 19:13:41 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2011/08/06 19:13:41 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2011/08/06 19:13:41 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
    DRV:64bit: - [2011/08/06 19:13:40 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/07/01 17:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011/05/25 07:40:10 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
    DRV:64bit: - [2011/05/25 07:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/03/12 13:19:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/08 02:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfyMP)
    DRV:64bit: - [2011/03/08 02:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfy)
    DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2010/12/21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2010/12/21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
    DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/29 23:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/10/18 17:21:31 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/06/26 07:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2010/06/26 07:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/06/26 07:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/06/26 07:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/06/26 07:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/06/26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/04/21 15:47:48 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/12/16 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2009/09/16 04:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) 用於 Windows 7 64 Bit 的 Intel(R)
    DRV:64bit: - [2009/09/09 16:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/09/09 16:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2009/09/09 15:05:12 | 000,142,848 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/09/09 13:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
    DRV:64bit: - [2009/09/09 13:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/18 00:52:02 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/20 10:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
    DRV:64bit: - [2009/06/11 04:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
    DRV:64bit: - [2009/06/11 04:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/03 10:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/03 10:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/03 10:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/05/05 15:03:06 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV:64bit: - [2008/05/05 15:02:34 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV:64bit: - [2008/05/05 15:01:48 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV:64bit: - [2008/01/16 10:18:12 | 000,610,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dr71WU.sys -- (RT73)
    DRV:64bit: - [2007/08/07 08:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\acer\Desktop\Downloads
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 00 7A 71 F5 55 CC 01 [binary data]
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://fb.me/"
    FF - prefs.js..extensions.enabledItems: DefaultManager@Microsoft:2.1
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
    FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10
    FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..network.proxy.backup.ftp: "10.201.42.146"
    FF - prefs.js..network.proxy.backup.ftp_port: 80
    FF - prefs.js..network.proxy.backup.socks: "10.201.42.146"
    FF - prefs.js..network.proxy.backup.socks_port: 80
    FF - prefs.js..network.proxy.backup.ssl: "10.201.42.146"
    FF - prefs.js..network.proxy.backup.ssl_port: 80
    FF - prefs.js..network.proxy.ftp: "10.201.60.241"
    FF - prefs.js..network.proxy.ftp_port: 80
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "10.201.60.241"
    FF - prefs.js..network.proxy.socks_port: 80
    FF - prefs.js..network.proxy.ssl: "10.201.60.241"
    FF - prefs.js..network.proxy.ssl_port: 80
    FF - prefs.js..network.proxy.type: 0

    FF - user.js..network.proxy.type: 0
    FF - user.js..network.proxy.http: ""
    FF - user.js..network.proxy.http_port:
    FF - user.js..network.proxy.no_proxies_on: ""

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.10.04: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 07:54:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/31 21:08:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 03:07:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/22 14:02:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/07/14 07:55:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 07:54:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\acer\AppData\Roaming\IDM\idmmzcc5

    [2010/09/12 02:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
    [2010/09/12 02:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
    [2011/09/01 06:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions
    [2011/09/01 06:30:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/09/01 06:30:25 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\DefaultManager@Microsoft
    [2011/09/01 06:28:31 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\support@predictad.com
    [2011/03/19 06:38:07 | 000,001,018 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\searchplugins\facebook.xml
    [2011/09/01 08:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/09/01 08:36:29 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1KLORMG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/07/08 15:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/08/26 11:00:33 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/08/05 14:46:44 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

    O1 HOSTS File: ([2011/09/09 11:35:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
    O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [Facebook Update] C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
    O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/01 06:30:25 | 000,000,000 | -H-D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
     
  19. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.203.16.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}: DhcpNameServer = 10.203.16.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/16 08:11:12 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2011/07/16 08:11:18 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/11/17 05:37:37 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/12/21 09:42:30 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/10 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Zen of Sudoku
    [2011/09/10 13:33:05 | 000,000,000 | ---D | C] -- C:\New folder
    [2011/09/10 12:45:45 | 000,118,784 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
    [2011/09/10 12:45:44 | 000,118,784 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
    [2011/09/09 14:59:59 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\compile
    [2011/09/09 11:36:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/09/08 16:16:02 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\pcsp v0.5.2
    [2011/09/08 09:43:50 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\games
    [2011/09/08 06:36:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/08 06:36:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/08 06:36:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/08 06:36:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/08 06:36:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/08 06:06:15 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\techspot
    [2011/09/07 11:30:37 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\psp
    [2011/09/07 10:57:14 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\TS3Client
    [2011/09/07 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    [2011/09/07 10:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
    [2011/09/06 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\LogInExample
    [2011/09/06 13:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\InterAction studios
    [2011/09/06 13:26:34 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\Chicken Invaders 4 - Ultimate Omelette
    [2011/09/06 11:06:20 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\test
    [2011/09/06 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Connectify
    [2011/09/06 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify
    [2011/09/05 13:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/09/05 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/09/05 06:03:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/09/02 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\raffle
    [2011/09/02 09:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
    [2011/09/02 09:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLyog Community
    [2011/09/01 09:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
    [2011/09/01 08:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
    [2011/09/01 08:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Expat Shield
    [2011/08/31 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
    [2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
    [2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\PACE Anti-Piracy
    [2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
    [2011/08/29 18:50:01 | 000,000,000 | ---D | C] -- C:\ICC_Backup
    [2011/08/28 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Facebook
    [2011/08/28 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\MozillaControl
    [2011/08/28 00:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
    [2011/08/27 19:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Connection Counter
    [2011/08/26 12:17:46 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
    [2011/08/26 11:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    [2011/08/26 11:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    [2011/08/26 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
    [2011/08/26 11:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
    [2011/08/26 11:00:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Babylon
    [2011/08/26 11:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/08/26 11:00:21 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Babylon
    [2011/08/26 10:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Downloads
    [2011/08/25 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    [2011/08/24 06:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi
    [2011/08/24 06:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommViewWiFi
    [2011/08/24 06:34:25 | 000,000,000 | ---D | C] -- C:\aircrack
    [2011/08/22 20:04:26 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\ae
    [2011/08/22 02:50:28 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\VPN
    [2011/08/22 02:22:10 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    [2011/08/21 22:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    [2011/08/21 22:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
    [2011/08/21 22:56:19 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
    [2011/08/21 22:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
    [2011/08/21 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
    [2011/08/21 19:07:08 | 000,000,000 | ---D | C] -- C:\Expat Shield
    [2011/08/21 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
    [2011/08/20 22:11:16 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\Poker Superstars II Documents
    [2011/08/20 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sun Broadband Wireless
    [2011/08/20 11:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun Broadband Wireless
    [2011/08/20 07:34:45 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\My Cheat Tables
    [2011/08/20 07:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6
    [2011/08/18 12:13:20 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\My Music
    [2011/08/13 01:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2010/06/04 09:00:03 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
    [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/11 06:26:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/11 05:02:29 | 001,209,110 | ---- | M] () -- C:\Users\acer\Desktop\vision.rar
    [2011/09/10 21:24:59 | 001,517,364 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/10 21:24:59 | 000,738,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/10 21:24:59 | 000,481,560 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
    [2011/09/10 21:24:59 | 000,151,844 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
    [2011/09/10 21:24:59 | 000,151,844 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/10 21:13:20 | 000,022,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/10 21:13:20 | 000,022,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/10 18:26:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/10 18:07:12 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2011/09/10 18:07:11 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
    [2011/09/10 18:06:27 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe
    [2011/09/10 18:01:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/10 18:01:10 | 1556,180,992 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/10 12:39:13 | 525,806,555 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/09/10 12:27:35 | 000,001,098 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/09/09 11:35:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/09/08 07:55:56 | 000,000,086 | ---- | M] () -- C:\Windows\SysNative\RegRuns00-X64
    [2011/09/08 07:55:54 | 000,002,053 | ---- | M] () -- C:\Windows\SysNative\mSIOI00-X64
    [2011/09/08 07:55:53 | 000,004,098 | ---- | M] () -- C:\Windows\SysNative\ToolB-01-X64
    [2011/09/08 07:55:50 | 000,000,153 | ---- | M] () -- C:\Windows\SysNative\ToolB-00-X64
    [2011/09/07 11:47:15 | 000,000,000 | ---- | M] () -- C:\Users\acer\Documents\dbact.sql
    [2011/09/07 10:39:43 | 000,000,702 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2011/09/07 05:56:19 | 000,001,096 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2011/09/06 09:42:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    [2011/09/06 09:06:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    [2011/09/05 20:12:36 | 000,000,193 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2011/09/05 18:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
    [2011/09/04 07:05:00 | 000,000,000 | ---- | M] () -- C:\Users\acer\AppData\Local\{7E3364A0-F95B-4240-B4D1-5810D05E6AA0}
    [2011/09/02 21:35:34 | 000,000,600 | ---- | M] () -- C:\Users\acer\PUTTY.RND
    [2011/09/02 09:23:14 | 000,458,752 | ---- | M] () -- C:\Users\acer\Documents\Database3.mdb
    [2011/09/02 09:04:58 | 000,001,087 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\SQLyog Community.lnk
    [2011/09/01 08:23:08 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2011/09/01 06:40:54 | 000,000,911 | ---- | M] () -- C:\Users\acer\Desktop\School.lnk
    [2011/09/01 05:34:15 | 000,560,982 | ---- | M] () -- C:\Users\acer\Documents\SysInspector-NECCO-110901-0526.zip
    [2011/08/31 19:06:05 | 000,000,000 | ---- | M] () -- C:\Users\acer\AppData\Local\{3D26E813-51FD-4FBE-B664-EA957DB584D1}
    [2011/08/27 15:15:37 | 000,054,327 | ---- | M] () -- C:\Users\acer\Documents\Level 0 revise.graphml
    [2011/08/27 14:22:22 | 000,021,245 | ---- | M] () -- C:\Users\acer\Documents\Level 1 Returned MOdule revised.graphml
    [2011/08/27 14:19:54 | 000,027,586 | ---- | M] () -- C:\Users\acer\Documents\leve 1 Borrow Module.graphml
    [2011/08/26 12:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
    [2011/08/26 10:44:57 | 000,016,494 | ---- | M] () -- C:\Users\acer\Documents\Level 1 Update Module revised.graphml
    [2011/08/25 13:08:05 | 005,268,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/08/25 09:46:21 | 001,516,080 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/23 02:18:07 | 030,519,015 | ---- | M] () -- C:\Users\acer\Documents\20questions.wma
    [2011/08/23 01:29:54 | 001,971,595 | ---- | M] () -- C:\Users\acer\Documents\Untitled (2).wma
    [2011/08/23 01:26:07 | 000,040,895 | ---- | M] () -- C:\Users\acer\Documents\Untitled.wma
    [2011/08/21 23:14:14 | 000,237,568 | ---- | M] () -- C:\Users\acer\Documents\db2.mdb
    [2011/08/21 23:13:36 | 000,352,256 | ---- | M] () -- C:\Users\acer\Documents\db21.mdb
    [2011/08/21 23:13:10 | 000,397,312 | ---- | M] () -- C:\Users\acer\Documents\Database2.accdb
    [2011/08/21 23:07:04 | 000,569,344 | ---- | M] () -- C:\Users\acer\Documents\Database1.accdb
    [2011/08/21 19:06:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
    [2011/08/21 14:46:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/08/21 14:44:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_09_00.Wdf
    [2011/08/21 14:40:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
    [2011/08/21 14:32:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_hwgpssensor_01_09_00.Wdf
    [2011/08/19 21:19:51 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2011/08/18 12:36:44 | 000,032,610 | ---- | M] () -- C:\Users\acer\DURAN, Necco.jpg
    [2011/08/13 08:35:25 | 000,401,934 | ---- | M] () -- C:\Users\acer\Documents\Image (2).rtf
    [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/11 05:02:28 | 001,209,110 | ---- | C] () -- C:\Users\acer\Desktop\vision.rar
    [2011/09/10 12:27:35 | 000,001,098 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/09/08 07:55:55 | 000,000,086 | ---- | C] () -- C:\Windows\SysNative\RegRuns00-X64
    [2011/09/08 07:55:54 | 000,002,053 | ---- | C] () -- C:\Windows\SysNative\mSIOI00-X64
    [2011/09/08 07:55:53 | 000,004,098 | ---- | C] () -- C:\Windows\SysNative\ToolB-01-X64
    [2011/09/08 07:55:50 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\ToolB-00-X64
    [2011/09/08 06:36:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/08 06:36:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/08 06:36:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/08 06:36:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/08 06:36:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/07 11:47:14 | 000,000,000 | ---- | C] () -- C:\Users\acer\Documents\dbact.sql
    [2011/09/07 08:34:23 | 525,806,555 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/09/07 05:56:19 | 000,001,096 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2011/09/05 18:01:10 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    [2011/09/05 18:01:07 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
    [2011/09/04 07:05:00 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Local\{7E3364A0-F95B-4240-B4D1-5810D05E6AA0}
    [2011/09/02 09:04:58 | 000,001,087 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\SQLyog Community.lnk
    [2011/09/02 08:25:43 | 000,458,752 | ---- | C] () -- C:\Users\acer\Documents\Database3.mdb
    [2011/09/01 06:40:54 | 000,000,911 | ---- | C] () -- C:\Users\acer\Desktop\School.lnk
    [2011/09/01 05:34:14 | 000,560,982 | ---- | C] () -- C:\Users\acer\Documents\SysInspector-NECCO-110901-0526.zip
    [2011/08/31 19:05:25 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Local\{3D26E813-51FD-4FBE-B664-EA957DB584D1}
    [2011/08/27 14:22:21 | 000,021,245 | ---- | C] () -- C:\Users\acer\Documents\Level 1 Returned MOdule revised.graphml
    [2011/08/27 14:19:19 | 000,027,586 | ---- | C] () -- C:\Users\acer\Documents\leve 1 Borrow Module.graphml
    [2011/08/23 02:18:06 | 030,519,015 | ---- | C] () -- C:\Users\acer\Documents\20questions.wma
    [2011/08/23 01:29:53 | 001,971,595 | ---- | C] () -- C:\Users\acer\Documents\Untitled (2).wma
    [2011/08/23 01:26:04 | 000,040,895 | ---- | C] () -- C:\Users\acer\Documents\Untitled.wma
    [2011/08/22 14:02:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2011/08/21 19:06:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
    [2011/08/21 14:46:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2011/08/21 14:44:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_09_00.Wdf
    [2011/08/21 14:40:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
    [2011/08/21 14:32:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_hwgpssensor_01_09_00.Wdf
    [2011/08/21 12:09:50 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/08/19 21:19:51 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2011/08/18 12:36:42 | 000,032,610 | ---- | C] () -- C:\Users\acer\DURAN, Necco.jpg
    [2011/08/13 08:35:12 | 000,401,934 | ---- | C] () -- C:\Users\acer\Documents\Image (2).rtf
    [2011/08/06 19:56:17 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\sysinter.drv
    [2011/08/04 06:56:44 | 000,000,193 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2011/07/27 16:01:45 | 000,011,875 | ---- | C] () -- C:\Windows\UN091114.INI
    [2011/07/24 12:38:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/07/22 09:53:27 | 000,000,132 | ---- | C] () -- C:\Users\acer\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/07/16 19:04:31 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe
    [2011/07/15 06:54:36 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Roaming\debuggee.mdmp
    [2011/07/15 06:07:04 | 000,000,702 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/15 06:07:04 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/04/27 20:57:30 | 000,000,132 | ---- | C] () -- C:\Users\acer\AppData\Roaming\Adobe AIFF Format CS5 Prefs
    [2011/04/01 17:03:20 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
    [2011/03/16 21:24:40 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Roaming\wklnhst.dat
    [2011/03/11 22:51:44 | 000,151,040 | ---- | C] () -- C:\Windows\SysWow64\wimadll.dll
    [2011/03/04 01:13:55 | 000,031,831 | ---- | C] () -- C:\Users\acer\AppData\Roaming\UserTile.png
    [2011/03/01 06:28:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
    [2011/03/01 06:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
    [2011/03/01 06:28:20 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
    [2011/02/16 22:22:57 | 000,007,600 | ---- | C] () -- C:\Users\acer\AppData\Local\resmon.resmoncfg
    [2010/10/09 20:14:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/10/09 20:14:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/10/09 20:14:45 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/10/09 20:14:45 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/10/09 20:14:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/09/30 21:52:26 | 000,204,498 | ---- | C] () -- C:\Windows\hpwins26.dat
    [2010/09/11 16:23:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/09/02 19:34:42 | 000,013,312 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/23 16:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/07/21 09:32:49 | 001,516,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
    [2010/06/26 01:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2010/06/05 00:29:34 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/06/05 00:29:34 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2010/06/05 00:29:34 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/06/05 00:29:33 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/06/05 00:29:33 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/06/05 00:28:19 | 000,001,787 | ---- | C] () -- C:\Windows\WPatchProgress.ini
    [2010/06/04 09:22:50 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2010/06/04 09:00:03 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
    [2010/06/04 09:00:03 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2010/06/04 09:00:03 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
    [2010/06/04 09:00:03 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
    [2010/06/04 09:00:03 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
    [2010/06/04 08:56:56 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
    [2010/06/04 08:53:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/04/14 07:39:43 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2010/04/14 07:39:43 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
    [2010/04/14 07:39:43 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
    [2009/08/18 14:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
    [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/11/20 23:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
    [2008/11/20 23:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
    [2006/11/07 22:03:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\REWCACHE.DAT
    [2006/05/19 19:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
    [2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\REGTLIB.EXE
    [1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL

    ========== LOP Check ==========

    [2011/04/04 21:27:30 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Artogon
    [2011/08/26 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Babylon
    [2011/03/03 03:53:47 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Big Fish Games
    [2011/02/18 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitComet
    [2011/09/01 06:20:17 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitDefender
    [2011/03/10 08:31:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Blue Tea Games
    [2011/07/17 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Bullzip
    [2011/08/01 20:21:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/23 15:46:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/08/23 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\CometNetwork
    [2010/10/11 01:25:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\CometPlayer
    [2011/03/12 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DAEMON Tools Lite
    [2011/09/07 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DMCache
    [2011/03/13 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DriverCure
    [2011/03/13 05:30:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Dropbox
    [2010/09/13 14:49:12 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/02/18 14:36:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ESET
    [2011/02/16 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\eSobi
    [2011/02/17 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\fizzy
    [2011/09/01 06:20:18 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FlashGet
    [2011/03/26 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\GetRightToGo
    [2011/09/01 06:30:23 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Hide IP NG
    [2010/10/11 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\iLike
    [2010/09/22 12:23:34 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\IMVUClient
    [2011/03/03 07:01:12 | 000,000,000 | RHSD | M] -- C:\Users\acer\AppData\Roaming\install
    [2011/03/08 02:46:58 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\JCreator
    [2011/09/01 06:20:19 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Kalydo
    [2011/02/27 21:22:28 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\LolClient
    [2011/02/27 05:55:32 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
    [2011/09/01 06:20:38 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Opera
    [2011/08/31 05:52:34 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
    [2011/03/13 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ParetoLogic
    [2010/11/06 18:41:12 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PlayFirst
    [2011/03/13 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\QuickScan
    [2011/08/12 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Rovio
    [2011/09/01 06:30:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Softouch
    [2011/09/07 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\SQLyog
    [2011/07/09 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/09/01 06:20:39 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Synaptics
    [2011/03/16 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Template
    [2011/09/01 06:20:39 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Thinstall
    [2010/12/26 00:15:05 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TigerPlayer
    [2011/09/01 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Transcend
    [2011/09/07 11:02:10 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TS3Client
    [2011/09/01 06:21:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TuneUp Software
    [2011/02/16 14:33:36 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\USBSafelyRemove
    [2011/09/05 06:00:32 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\uTorrent
    [2011/08/04 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WildTangent
    [2011/08/06 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\yWorks
    [2011/09/10 17:06:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Zen of Sudoku
    [2011/02/28 09:39:35 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Zentimo
    [2011/09/01 06:21:08 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ZIP RAR ACE Password Recovery
    [2011/07/14 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\ESET
    [2011/08/04 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\funkitron
    [2011/07/14 07:56:17 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Kalydo
    [2011/08/04 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Rovio
    [2011/07/14 07:56:17 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\SQLyog
    [2011/07/30 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/07/26 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Synaptics
    [2011/07/14 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\TuneUp Software
    [2011/07/14 08:23:56 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\USBSafelyRemove
    [2011/08/04 18:40:35 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Zen of Sudoku
    [2011/08/30 01:28:04 | 000,000,000 | ---D | M] -- C:\Users\EHNN\AppData\Roaming\ESET
    [2011/08/30 01:28:02 | 000,000,000 | ---D | M] -- C:\Users\EHNN\AppData\Roaming\Synaptics
    [2011/09/10 18:07:12 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
    [2011/09/10 18:07:11 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
    [2011/09/05 18:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
    [2011/09/06 09:06:00 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
    [2011/08/26 13:52:24 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/08/19 21:19:51 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/28 04:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/09/09 13:15:47 | 000,041,435 | ---- | M] () -- C:\ComboFix.txt
    [2011/09/10 18:01:10 | 1556,180,992 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/10 18:01:20 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
    [2010/04/20 23:34:44 | 000,021,629 | RHS- | M] () -- C:\Patch.rev
    [2010/07/10 17:40:46 | 000,000,216 | RHS- | M] () -- C:\Preload.rev
    [2011/09/10 08:37:10 | 000,151,106 | ---- | M] () -- C:\TDSSKiller.2.5.20.0_10.09.2011_08.28.07_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 13:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 13:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 13:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 13:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 04:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/03/04 22:23:38 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/09 01:26:20 | 000,000,221 | -HS- | M] () -- C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2006/05/19 19:53:02 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/09/02 10:49:03 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/09/02 10:49:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2010/06/04 08:50:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/06/04 08:50:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/09/02 10:49:03 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/08/09 10:36:33 | 000,000,402 | -HS- | M] () -- C:\Users\acer\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Acer Crystal Eye webcam.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/03/15 12:20:12 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2011/03/15 12:18:33 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2010/07/10 17:40:36 | 000,000,000 | -HSD | M](C:\Users\acer\[??] ???) -- C:\Users\acer\[開始] 功能表
    [2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    [2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
    [2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    [2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
    (C:\Users\acer\[??] ???) -- C:\Users\acer\[開始] 功能表
    (C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
    (C:\ProgramData\??) -- C:\ProgramData\桌面

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:697DDE2B
    @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:8E5EA40F
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0207454C
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B0456F0C
    @Alternate Data Stream - 1236 bytes -> C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D5AD7675

    < End of report >
     
  20. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    Extra


    OTL Extras logfile created on: 09/11/2011 06:21:03 - Run 1
    OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\acer\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000464 | Country: Philippines | Language: FPO | Date Format: MM/dd/yyyy

    1.93 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 50.05% Memory free
    4.86 Gb Paging File | 3.12 Gb Available in Paging File | 64.22% Paging File free
    Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 226.46 Gb Total Space | 123.98 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
    Drive D: | 226.51 Gb Total Space | 114.89 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
    Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: NECCO | User Name: NECCO | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Public Files\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Public Files\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 1
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{2CF025A4-321E-C776-B04C-3AC66DC50907}" = ATI AVIVO64 Codecs
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{7B02BD23-7843-4481-5778-B20110993E0D}" = WMV9/VC-1 Video Playback
    "{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E3ECAA6-4975-17E7-E443-960F8E3F9136}" = ccc-utility64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90A1F0ED-BC6F-EBD4-2101-885AB084499C}" = ATI Catalyst Install Manager
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
    "{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
    "{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
    "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBA3236F-BE5E-4565-952D-31C36E721CD1}" = Windows 7 Manager
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "Connectify" = Connectify
    "DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416)
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Recuva" = Recuva
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09041881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Student with Encarta Premium 2009
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
    "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
    "{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
    "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
    "{5A4FB792-D98F-409C-24B6-BD2A80D30E3A}" = Catalyst Control Center Graphics Previews Common
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
    "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{896C5024-AA39-12E8-D6C2-D818B7E3D58F}" = CCC Help English
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AFEE9BF-D99C-4FEB-7E33-EFBBE25A8ABC}" = Catalyst Control Center InstallProxy
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_OMUI.zh-tw_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.zh-tw_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98245074-479E-4882-9D8B-66D6C4863FAE}" = MySQL Server 5.1
    "{9A22BB09-8086-691D-F409-3AF74D9E3BF0}" = ccc-core-static
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B4D5767-98CE-D0F0-8156-4E3601826F3F}" = PX Profile Update
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DCB676D-64F8-43E0-9A11-295710F335DC}_is1" = 1.1.1.5
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ADEEF3E4-15A4-F286-38EE-675A8EF0212B}" = Catalyst Control Center InstallProxy
    "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B6FB0C12-6429-4d4d-A30B-B680FB7C5F5A}" = Microsoft Works
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDCE4881-8336-4475-A8FD-349AE29C1DA4}_is1" = Welch's Project Reference 6.6.8
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.2
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
    "{Technology in the Class_8B2E6736-24F1-4272-B94D-A423E6DE8813}" = Technology in the Class for Learning Essentials
    "3309-7404-0599-8908" = yEd Graph Editor 3.7.0.2
    "Accurate Personality Test_is1" = Accurate Personality Test 1.0
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
    "Audacity_is1" = Audacity 1.2.6
    "BFG-Treasure Seekers - The Time Has Come Collector's Edition" = Treasure Seekers: The Time Has Come Collector's Edition
    "BlueJ_is1" = BlueJ 3.0.4
    "Bullzip MS Access to MySQL_is1" = Bullzip MS Access to MySQL 3.0.0.148
    "Cain & Abel v4.9.42" = Cain & Abel v4.9.42
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CommView for WiFi" = CommView for WiFi
    "Connection Keeper" = Connection Keeper
    "Dark Parables-The Exiled Prince Collector's Edition1.0" = Dark Parables-The Exiled Prince Collector's Edition
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ExpatShield" = Expat Shield 2.06
    "Garena" = Garena 2010
    "Globe Tattoo Broadband" = Globe Tattoo Broadband
    "HijackThis" = HijackThis 2.0.2
    "im" = Garena Messenger
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "JCreator LE_is1" = JCreator LE 5.00
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
    "LE_CDK" =
    "LManager" = Launch Manager
    "LoLPH" = Garena - League of Legends PH
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
    "Mystery Case Files 13th Skull Collectors Edition 1.00" = Mystery Case Files 13th Skull Collectors Edition 1.00
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenVPN" = OpenVPN 2.2.1
    "Picasa 3" = Picasa 3
    "PowerISO" = PowerISO
    "SQLyog Community" = SQLyog Community 8.4 Beta1
    "Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
    "USB Safely Remove_is1" = USB Safely Remove 4.5
    "uTorrent" = µTorrent
    "Visual Basic 6.0 Enterprise Edition" = Microsoft Visual Basic 6.0 Enterprise Edition
    "VLC media player" = VLC media player 1.1.7
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Imagicon" = Imagicon
    "KalydoPlayer" = Kalydo Player 3.10.04

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    With your 64-bit system I'd suggest getting another 2GB of RAM.

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
      FF - prefs.js..network.proxy.backup.ftp: "10.201.42.146"
      FF - prefs.js..network.proxy.backup.ftp_port: 80
      FF - prefs.js..network.proxy.backup.socks: "10.201.42.146"
      FF - prefs.js..network.proxy.backup.socks_port: 80
      FF - prefs.js..network.proxy.backup.ssl: "10.201.42.146"
      FF - prefs.js..network.proxy.backup.ssl_port: 80
      FF - prefs.js..network.proxy.ftp: "10.201.60.241"
      FF - prefs.js..network.proxy.ftp_port: 80
      FF - prefs.js..network.proxy.http_port: 80
      FF - prefs.js..network.proxy.no_proxies_on: ""
      FF - prefs.js..network.proxy.share_proxy_settings: true
      FF - prefs.js..network.proxy.socks: "10.201.60.241"
      FF - prefs.js..network.proxy.socks_port: 80
      FF - prefs.js..network.proxy.ssl: "10.201.60.241"
      FF - prefs.js..network.proxy.ssl_port: 80
      FF - prefs.js..network.proxy.type: 0
      FF - user.js..network.proxy.type: 0
      FF - user.js..network.proxy.http: ""
      FF - user.js..network.proxy.http_port:
      FF - user.js..network.proxy.no_proxies_on: ""
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
      O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
      O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
      O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
      O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
      O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
      O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
      [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
      @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:697DDE2B
      @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:8E5EA40F
      @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2
      @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
      @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0207454C
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B0456F0C
      @Alternate Data Stream - 1236 bytes -> C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D5AD7675
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  22. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    09122011_061818.log


    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    Prefs.js: "10.201.42.146" removed from network.proxy.backup.ftp
    Prefs.js: 80 removed from network.proxy.backup.ftp_port
    Prefs.js: "10.201.42.146" removed from network.proxy.backup.socks
    Prefs.js: 80 removed from network.proxy.backup.socks_port
    Prefs.js: "10.201.42.146" removed from network.proxy.backup.ssl
    Prefs.js: 80 removed from network.proxy.backup.ssl_port
    Prefs.js: "10.201.60.241" removed from network.proxy.ftp
    Prefs.js: 80 removed from network.proxy.ftp_port
    Prefs.js: 80 removed from network.proxy.http_port
    Prefs.js: "" removed from network.proxy.no_proxies_on
    Prefs.js: true removed from network.proxy.share_proxy_settings
    Prefs.js: "10.201.60.241" removed from network.proxy.socks
    Prefs.js: 80 removed from network.proxy.socks_port
    Prefs.js: "10.201.60.241" removed from network.proxy.ssl
    Prefs.js: 80 removed from network.proxy.ssl_port
    Prefs.js: 0 removed from network.proxy.type
    C:\Users\acer\AppData\Roaming\Mozilla\FireFox\Profiles\l1klormg.default\user.js moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
    C:\Users\acer\AppData\Local\BITF061.tmp deleted successfully.
    ADS C:\ProgramData\Temp:697DDE2B deleted successfully.
    ADS C:\ProgramData\Temp:8E5EA40F deleted successfully.
    ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
    ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
    ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
    ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
    ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
    ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
    ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
    ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
    ADS C:\ProgramData\Temp:0207454C deleted successfully.
    ADS C:\ProgramData\Temp:798A3728 deleted successfully.
    ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
    ADS C:\ProgramData\Temp:B0456F0C deleted successfully.
    ADS C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ deleted successfully.
    ADS C:\ProgramData\Temp:D5AD7675 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: acer
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2832074 bytes
    ->Java cache emptied: 493312 bytes
    ->FireFox cache emptied: 67974236 bytes
    ->Google Chrome cache emptied: 341543257 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 61639 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 134 bytes

    User: DURAN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 72363 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 66808333 bytes
    ->Flash cache emptied: 1344 bytes

    User: EHNN
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1709866 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 27525962 bytes

    Total Files Cleaned = 485.00 mb


    [EMPTYFLASH]

    User: acer
    ->Flash cache emptied: 0 bytes

    User: Default

    User: DURAN
    ->Flash cache emptied: 0 bytes

    User: EHNN

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.27.0 log created on 09122011_061818

    Files\Folders moved on Reboot...
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
    C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

    Registry entries deleted on Reboot...
     
  23. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    checkup.text


    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    Java(TM) 6 Update 27
    Java(TM) SE Development Kit 6 Update 21
    Out of date Java installed!
    Adobe Flash Player 10.3.183.5
    Adobe Reader X (10.1.0)
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Globe Tattoo Broadband OnlineUpdate ouc.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    What happened to ESET Smart Security?

    Uninstall Java(TM) SE Development Kit 6 Update 21
     
  25. EHNN

    EHNN TS Rookie Topic Starter Posts: 19

    TFC.exe is not a valid Win32 application..
    i try to troubleshoot this using troubleshoot compatibility but still can't..
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...