Solved Slow laptop + Sometimes Hangs

[EHNN]

Good day !

this is my first time here, I found this forum while googling lately.
I read some threads that help me decide to seek help from you guys..

this is my concern, this passed few days, may laptop often hangs, I don't know why or what causing it to act like that. I wait several minutes before I decided to turn it off forcely by pressing the main power button (which I know not recommended) but I have no choice, I dont know any other way how to fix and get rid of it.. Another is, I feel it runs slower than few months ago..
please help me fixing this..

I did scan this while writing this thread.. I use MBAM, HijackThis, DDS, and also GMER,
the logs are attached.

looking forward with your suggestions/advice/comments
thank you in advice! more power for this forum

 

[EHNN]

log of DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by NECCO at 14:29:26 on 2011-09-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.305 [GMT 8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\acer\Desktop\VPN\HHX1\HarmonyHackerX.exe
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Time Lock\timelockfw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\igfxsrvc.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\system32\taskhost.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Expat Shield\bin\fbw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Crusty.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
uRun: [<NO NAME>]
uRun: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device...
IE: Send page to &Bluetooth Device...
IE: YamicsoftDisabled
IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.204.16.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E445 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E44502E5E5 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E4452C0AE5E5 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD} : DhcpNameServer = 10.204.16.1
TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1} : NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9} : NameServer = 202.126.40.5 222.127.143.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
IFEO: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
BHO-X64: AutorunsDisabled - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
IFEO-X64: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
FF - prefs.js: network.proxy.ftp - 10.201.60.241
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.201.60.241
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.201.60.241
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
============= SERVICES / DRIVERS ===============
.
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
.
=============== Created Last 30 ================
.
2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-04 22:03:53 -------- d-----w- C:\Windows\pss
2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
2011-09-01 00:36:29 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-09-01 00:36:29 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-01 00:36:29 -------- d-----w- C:\Program Files (x86)\Expat Shield
2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
2011-08-31 10:54:00 -------- d-----w- C:\Program Files (x86)\Connectify
2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
2011-08-30 21:52:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2011-08-29 10:50:01 -------- d-----w- C:\ICC_Backup
2011-08-28 07:38:19 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
2011-08-27 17:00:55 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
2011-08-27 16:59:37 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
2011-08-27 13:00:06 -------- d-----w- C:\Program Files (x86)\AutocompletePro
2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
2011-08-26 03:15:19 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
2011-08-26 03:15:09 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-08-26 03:00:39 -------- d-----w- C:\ProgramData\BabylonUpdater
2011-08-26 03:00:26 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
2011-08-26 02:59:51 -------- d-----w- C:\Program Files (x86)\Easy Downloads
2011-08-25 01:49:10 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
2011-08-24 05:30:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-24 05:29:40 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-23 22:50:59 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
2011-08-23 22:34:25 -------- d-----w- C:\aircrack
2011-08-21 14:56:52 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-08-21 14:56:01 -------- d-----w- C:\Program Files (x86)\Cain
2011-08-21 11:07:08 -------- d-----w- C:\Expat Shield
2011-08-20 03:25:31 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
2011-08-19 23:34:35 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
2011-08-12 17:09:29 -------- d-----w- C:\ProgramData\Nero
2011-08-12 14:31:32 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-08-09 17:10:33 -------- d-----w- C:\Program Files (x86)\Ultrasurf
2011-08-09 17:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\System-G
2011-08-09 17:05:57 -------- d-----w- C:\Program Files (x86)\Connection Keeper
2011-08-09 16:48:31 -------- d-----w- C:\Users\acer\AppData\Roaming\DMCache
2011-08-08 20:02:53 -------- d-----w- C:\Windows\System32\SPReview
2011-08-08 19:59:24 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-08 19:50:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-08 19:50:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-08 19:49:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-08 19:49:11 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-08-08 19:49:10 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-08-08 19:49:10 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-08-08 19:49:09 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-08-08 19:49:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-08-08 19:46:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-08-08 19:45:59 1371136 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2011-08-08 19:44:59 630272 ----a-w- C:\Windows\System32\evr.dll
2011-08-08 19:43:59 223248 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-08-08 19:42:59 199168 ----a-w- C:\Windows\SysWow64\onex.dll
2011-08-08 19:41:59 155520 ----a-w- C:\Windows\System32\drivers\ataport.sys
2011-08-08 19:40:59 781312 ----a-w- C:\Windows\System32\wmdrmsdk.dll
2011-08-08 19:39:59 527872 ----a-w- C:\Windows\System32\wmdrmnet.dll
2011-08-08 19:38:59 44544 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2011-08-08 19:37:33 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
2011-08-08 19:37:31 3072 ----a-w- C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
2011-08-08 19:37:02 23552 ----a-w- C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
2011-08-08 19:36:24 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-08-08 19:36:23 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-08-08 19:34:59 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-08-08 19:33:59 411496 ----a-w- C:\Windows\System32\xactengine2_9.dll
2011-08-08 19:23:11 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-08-08 19:23:11 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-08-08 19:23:10 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-08-08 19:22:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-08-08 19:21:56 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-08-08 19:18:16 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-08-08 19:18:13 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-08-08 19:07:02 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-08 19:07:00 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-08-08 19:07:00 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-08 19:07:00 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-08 19:07:00 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-08-08 19:07:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 19:07:00 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-08 19:07:00 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-08 19:07:00 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-08 19:07:00 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-08 18:42:41 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-08 18:35:30 -------- d-----w- C:\inetpub
2011-08-08 12:56:25 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-08-08 12:56:25 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-08-07 17:35:45 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
2011-08-07 17:35:45 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
2011-08-07 17:35:44 105816 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2011-08-07 16:13:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-07 16:09:37 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-08-07 13:54:05 102400 ----a-w- C:\Windows\SysWow64\WelchGIFviewer.ocx
2011-08-07 13:54:04 57344 ----a-w- C:\Windows\SysWow64\WelchProgressBar.ocx
2011-08-07 13:54:04 352256 ----a-w- C:\Windows\SysWow64\Welch's PNG.ocx
2011-08-07 13:54:04 176128 ----a-w- C:\Windows\SysWow64\WelchButton.ocx
2011-08-07 13:54:04 143360 ----a-w- C:\Windows\SysWow64\WelchToolbar.ocx
2011-08-07 13:54:04 1138688 ----a-w- C:\Windows\SysWow64\WelchUserControl.ocx
2011-08-07 13:54:03 1777664 ----a-w- C:\Windows\SysWow64\welchAeroSuite.ocx
2011-08-07 13:54:02 110384 ----a-w- C:\Windows\SysWow64\MSCAL.OCX
2011-08-07 13:54:01 -------- d-----w- C:\Program Files (x86)\Welch's Project Reference
2011-08-07 00:45:46 -------- d-----w- C:\Program Files (x86)\OpenVPN
2011-08-06 12:31:01 -------- d-----w- C:\Program Files (x86)\ConvertHelper
2011-08-06 11:58:19 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo
2011-08-06 11:56:17 111 ----a-w- C:\Windows\SysWow64\sysinter.drv
2011-08-06 11:15:23 -------- d-----w- C:\ProgramData\Globe Tattoo Broadband
2011-08-06 11:13:44 363008 ----a-w- C:\Windows\System32\drivers\UMDF\hwgpssensor.dll
2011-08-06 11:13:16 -------- d-----w- C:\Program Files (x86)\Globe Tattoo Broadband
2011-08-06 11:12:56 -------- d-----w- C:\ProgramData\DatacardService
.
==================== Find3M ====================
.
2011-09-04 22:14:02 77824 ----a-w- C:\Windows\KMSEmulator.exe
2011-08-24 01:03:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 20:35:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-08 20:35:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-06 11:13:42 999936 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2011-08-06 11:13:42 196608 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2011-08-06 11:13:42 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2011-08-06 11:13:41 93696 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2011-08-06 11:13:41 85504 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2011-08-06 11:13:41 55296 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2011-08-06 11:13:41 29184 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2011-08-06 11:13:41 256000 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys
2011-08-06 11:13:41 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2011-08-06 11:13:40 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2011-08-06 11:13:40 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-08-06 11:13:40 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2011-08-06 11:13:40 121600 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-20 08:41:18 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-07-20 08:35:48 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-07-20 08:35:42 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-07-20 08:35:38 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-07-20 08:35:34 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-06 11:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-07-01 09:46:40 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 14:36:03.66 ===============

 

[EHNN]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-05 15:29:43
Windows 6.1.7601 Service Pack 1
Running: 0cc021v0.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x8C 0x00 0x70 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@4257f5a96612 0x03 0xDA 0x7B 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@64f1424f6612 0x35 0x49 0xBD 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x17 0x4D 0xF1 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@d4cbafe295df 0x6A 0x00 0xFF 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@9463d172d6ec 0x01 0x8A 0xCB 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???n?n???????????????????i?i?i???????????????????l?l?????????i????????????N??j?????????????????????????????s?????????l??????????6.1.7600.16385??????6-21-2006?????(??k???o?? (???k?l????????????????????????????STORAGE\Volume??00???i???i??BS???????????????i?l?????????_???????????????????S??LA????N??i???????????????????i??????????????dp???????h??????GU???i??????????xM??????tu???????j???c??????????????????????? 0??i???y???????y??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0002?:6???????y??? ??????????????x?????N??i?????????D?????????????i??os???????????????????????h??????e ???????????????????o?o?o??@machine.inf,%gendev_mfg%;(Standard system devices)?????{00000000-0000-0000-0000-000000000000}?fs.???????????i?j?i????X??k???n???s???i???????????????????i???s???(???i?????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0??????????????????????????????????????????????????????R????????g?????????????i?????i????? ???????i?????i???????0???????????????????????i???i???i???i???i???i???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????A??????r???????????? ???????3??????Mi?????????????????e?"???? ???????????c?? ??????os??t?????<??????????????????????_???????s??*6to4mp?????????????????????? ??? ???????????????????t?????????? ????????????l??Network Address??m??? ???????????????????y?????????? ????????m???? ??????m?????m?m??Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????n?k??? ???????l?????l?l??? "??????m?????m?m??ndis5_ip6_tunnel???????????????????????????????????????????s????????????????????????? ?????????????????????0?????????????????????????????_??__????????????????????????????????????????N???????????D??????????????r??ti???????????i???e??? ?????????????????????0??????????????????????N???????????D?????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????.???????????? "?????????????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????WUDFRd??????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????????????????????????????????????????????????.?????????????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|Name=hposfx08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|?????{2ba405c8-3a4a-5efd-b9e7-e7761f3a5726}?z????usbstor.inf??e??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|?u??Standard Serial over Bluetooth link?????BTHENUM\{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f????? .??????????????????????????i???????????i???????z???????????????????????????????????????m????$??????i??????????????????? ?????????????????????0????????????&???????????????????????? ???????????????????3?0??????*?.??? ???????????????????????????"?????$??????r???????????????u???D??????????????????????????????????????????tunnel??????????????????????????nettun.inf?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???i?z???????z??? ??sv??? ???f???b?????;1w???i??????????11??r\??mfewfpk?????NDIS?????i??{71a27cdd-812a-11d0-bec7-08002be2092f}\0014????????????????????s?????????????h??Microsoft???? \??h??????????4p???????????????f???????i??????????????s ???????????4???.??{8ECC055D-047F-11D1-A537-0000F8753ED1}??-0?????? ??????????s????RasPppoe?????????????????????????i??????????LegacyDriver? ???????????k?k?1????X?????????????Volume??????Microsoft????????????????????h?h?ipi?????????????????t???T??SymIRON??????????????v?????s72?????????????????sC0???i?k???????????????????????????s?????????h???????e?????????????????s?????i??????????????@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????????volsnap?????Volume?????????? ????0??????Le??Volume????????N??????B???????????????????h???????????i?i? ?????????????i?&???V?h?i?i?????????????i?????????????????????????????????s?????????i???e???e??Volume???????}???????????$1?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????i???e????????????????????X??j????????????X????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????z??????????????????? ?????????????????????0????????????????????? ??????????????????6.1.7600.16385????????????????V?????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????1??04??????????.NTAMD64????? ??????????????????????????????z??????l?l????????????X??????a??????6-21-2006????????????3??hi??6.1.7600.16385??????????????????????DiskDrive?????f????????g?????????????????????h??? ??????????????????????????????z?????#2e6??disk_install????\\?\storage#volume#_??_usbstor#disk&ven_kingston&prod_dt_101_ii&rev_1.00#001372982d2aa99186370060&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&0#??????wpdfs.inf:Microsoft.NTamd64:Basic_Install:6.1.7600.16385:wpdbusenum\fs??????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&1#??????????????@disk.inf,%genmanufacturer%;(Standard disk drives)?m?k??????????????????\\?\WpdBusEnumRoot#UMB#2&37c186
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????o???????????U????????N??????d??????????????????volume.inf????????<??????1??????????0???? ??????????????????????????????????????????????????????? ????????????????????????????V?N?????0?????? ?????????????????????0????????????&????????????????????2??? ?????????????????????0????????????????????? ???????????????????f?0????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????h?0??????????????????????$??????_???????????????z???3??E-??? ????????????????????????"???????~???????????o???????o?????????????{00000000-0000-0000-0000-000000000000}???????????????u???e???????????????????????????e??un???????????????????????????????????????d???d??.NT??&??? ??????????????????????????????N?????????????s?????Microsoft ISATAP Adapter #3??????????????????h??@nettun.inf,%msft%;Microsoft?B??????CI??????HP??????????Ndi-Mp-AsyncMac??4??????????? ??????????????????????????????????????????????0???? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b97c3f???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@a87b3948391b 0x82 0x57 0x44 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x77 0xBB 0xCC 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0021fc002299 0x82 0xC3 0xF3 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x68 0xE1 0xAB 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n???????n????? ???????n?????n???????0????????????????????????????????t????n??*6to4mp??z??? ???????n???????????i?0?????????????????????????n??????p???SCSI Miniport????n???n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????N??????????????d???n?n?n?n?n?n94???????????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????P??n????????h??????????????????e??????????????t??????n????? ???????n?????n???????0????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????j?0????????????????????SCSI Miniport????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????n??????????????????????????????????????????t????u?v???????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????????n??????p???SCSI miniport????n???n?????n????? ???????fH????????????-??.????????????B????? ???????n?????????????-?????????????????????????o?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???n?????????i??????s??????????????????z???????n????@%systemroot%\system32\drivers\hwpolicy.sys,-101???????????????g????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive?ram???????????????????????????????0???m???e??????1????????????????A????????????????????<??s???????????????????????????????????????????????????????????????????p??t???????????localSystem??????n?n?n?n?n?n?????????????????l???????????????n????8??n????????h??????t?t?t???s???????????????????????????????????????p????????h?????????????{F3A42474-0891-4151-B44A-ED04B657432B}?\????Security Processor Loader Driver?????n???????????n??????t???? ???????n?????n?????m???? ???&????? ??????????????????????????????e ????????????????e?????????????M??????????????????????N??????f????D??/???????n??????????????????????????????t?????????????????????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\iirsp.sys???????????????????????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1??????????????????????????T??n?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???n????Microsoft????p?p?p??? ??????????????????? 6??????m??????sl??cdrom???????? ???????n??????????????????????????????0????????????????????????????W?bCa????????????????????????????????E?????winmgmt??7???s?t?t??RSUSBSTOR??????????????????????????????g??????R??s?????????e????\SystemRoot\system32\DRIVERS\intelide.sys?????(??n??????p???System Bus Extender???????R??????????????d????N??n???o??????????\???? ???????n????????????????????V?n?????????????????????????????????.??o?????????e????Extended Base???System32\Drivers\ksecdd.sys??????????????_??????Tc??????Tc??????????????to???????????????????????????????????????????????????????n??? ???????n???????????n??????????????????1o???????????C?MWi???????????m????????????????????E:\W???=???????????????????e?F2\???????????????\???n?n?n?n?n?n?n??????? ???????n???????????n??????????????????2t???????????\?igw???????????????n???s??eF??tunnel??????????????LocalSystem?????????????Net??s???????????????????????B???????61??????????t????8??s????????h????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?????????/???1???e?????? ????}?????s?????????????0???r???????h???p??????? ??????????????????btwampfl????????????volsnap??????i?i?i?i?????????i????N??j????????D??????i?j?:???????????????????????i??Ndi-Mp-Ip???11???o??????????????????????????????????????????Microsoft????????????????????????????????????i??????s????????i???2???????i?ih???oem46.inf???????? ????X????????????????????????????????????????????????????????????????????????????????s????Microsoft???????????????s????????3???c?????reZ???????????? ??????4???????i?k?i???????????i??????????11????????4??i?????????e????? ??????????????D???????&???????????????????C:\ProgramData\Microsoft\MF?????????os???????????????????????????0??B&???????3???????????.??????????LegacyDriver??????^??n???+?????e?+???????h??????p????????}???n???l???????z???j?k?2??Volume?f????STORAGE\VolumeSnapshot????????X?????????????????????????????????????????????????????????Wi???r???????y???????????????n???????????????s??????p????????????????x???m???????????????5???3???k?k?i??LegacyDriver? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???8?????????l???????????????????l?l?3???????????o???????o???????j??????????? ???????l?????????????-?????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????[?0?????????????????????????????????????????????????e?????????????l?????????????n??????6.1.7600.16385???????l??????????????? ???????l?????l???????0????????????&????????????????????????l?l?????l??????? ???????l?????l???????0????????????????????? ???????l???????????d?0??????????????????????:??l?????????????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????f?0?????????????????????????l???????????????????c?????????rli?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????h?0?????????????????????l?l?l???????l???0??22???????l?????????????????????l????? ???????l?????l???????0???????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??po?s????(??n???????????m???????????o??????????????????????????????????? ??????????????????????????? ??????????????????mscoree.dll?????? ???n??????????s???? ???n??????????s???MS_BTHBRB???? ??????????????r????????????????????e??????????????????? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o?????????????????????????????????e????HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooledConnections?NumberOfPooledConnections?NumberOfActiveConnectionPoolGroups?NumberOfInactiveConnectionPoolGroups?NumberOfActiveConnectionPools?NumberOfInactiveConnectionPools?NumberOfActiveConnections?NumberOfFreeConnections?NumberOfStasisConnections?NumberOfReclaimedConnections?????CollectPerformanceData?????????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=C52B8C99 \xa0The Social Network (2010).exe 8

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[EHNN]

after following step-by-step instruction

step 1 : done using ESET smart sec
step 2 : done using MBAM
log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7660

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

09/06/2011 9:31:04 AM
mbam-log-2011-09-06 (09-31-04).txt

Scan type: Quick scan
Objects scanned: 198190
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\acer\Desktop\patch 5.xx.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

step 3 : done by gmer
log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-06 21:57:48
Windows 6.1.7601 Service Pack 1
Running: 0cc021v0.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x8C 0x00 0x70 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@4257f5a96612 0x03 0xDA 0x7B 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@64f1424f6612 0x35 0x49 0xBD 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x17 0x4D 0xF1 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@d4cbafe295df 0x6A 0x00 0xFF 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@9463d172d6ec 0x01 0x8A 0xCB 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???n?n???????????????????i?i?i???????????????????l?l?????????i????????????N??j?????????????????????????????s?????????l??????????6.1.7600.16385??????6-21-2006?????(??k???o?? (???k?l????????????????????????????STORAGE\Volume??00???i???i??BS???????????????i?l?????????_???????????????????S??LA????N??i???????????????????i??????????????dp???????h??????GU???i??????????xM??????tu???????j???c??????????????????????? 0??i???y???????y??????????????????????????{4d36e97d-e325-11ce-bfc1-08002be10318}\0002?:6???????y??? ??????????????x?????N??i?????????D?????????????i??os???????????????????????h??????e ???????????????????o?o?o??@machine.inf,%gendev_mfg%;(Standard system devices)?????{00000000-0000-0000-0000-000000000000}?fs.???????????i?j?i????X??k???n???s???i???????????????????i???s???(???i?????i????? ???????i?????i???????0????????????????????? ???????i???????????i?0??????????????????????????????????????????????????????R????????g?????????????i?????i????? ???????i?????i???????0???????????????????????i???i???i???i???i???i???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????A??????r???????????? ???????3??????Mi?????????????????e?"???? ???????????c?? ??????os??t?????<??????????????????????_???????s??*6to4mp?????????????????????? ??? ???????????????????t?????????? ????????????l??Network Address??m??? ???????????????????y?????????? ????????m???? ??????m?????m?m??Microsoft 6to4 Adapter Driver???? ??????????????????????????????"??? ??????n?k??? ???????l?????l?l??? "??????m?????m?m??ndis5_ip6_tunnel???????????????????????????????????????????s????????????????????????? ?????????????????????0?????????????????????????????_??__????????????????????????????????????????N???????????D??????????????r??ti???????????i???e??? ?????????????????????0??????????????????????N???????????D?????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????? ?????????????????????0????????.???????????? "?????????????????????????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????WUDFRd??????? ?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ??????????????????????????????????????????????????????.?????????????v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|Name=hposfx08.exe|Desc=C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe|?????{2ba405c8-3a4a-5efd-b9e7-e7761f3a5726}?z????usbstor.inf??e??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-30753|Desc=@FirewallAPI.dll,-30756|EmbedCtxt=@FirewallAPI.dll,-30752|?u??Standard Serial over Bluetooth link?????BTHENUM\{00001101-0000-1000-8000-00805f9b34fb}_LOCALMFG&000f????? .??????????????????????????i???????????i???????z???????????????????????????????????????m????$??????i??????????????????? ?????????????????????0????????????&???????????????????????? ???????????????????3?0??????*?.??? ???????????????????????????"?????$??????r???????????????u???D??????????????????????????????????????????tunnel??????????????????????????nettun.inf?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???i?z???????z??? ??sv??? ???f???b?????;1w???i??????????11??r\??mfewfpk?????NDIS?????i??{71a27cdd-812a-11d0-bec7-08002be2092f}\0014????????????????????s?????????????h??Microsoft???? \??h??????????4p???????????????f???????i??????????????s ???????????4???.??{8ECC055D-047F-11D1-A537-0000F8753ED1}??-0?????? ??????????s????RasPppoe?????????????????????????i??????????LegacyDriver? ???????????k?k?1????X?????????????Volume??????Microsoft????????????????????h?h?ipi?????????????????t???T??SymIRON??????????????v?????s72?????????????????sC0???i?k???????????????????????????s?????????h???????e?????????????????s?????i??????????????@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????????volsnap?????Volume?????????? ????0??????Le??Volume????????N??????B???????????????????h???????????i?i? ?????????????i?&???V?h?i?i?????????????i?????????????????????????????????s?????????i???e???e??Volume???????}???????????$1?????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????i???e????????????????????X??j????????????X????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????z??????????????????? ?????????????????????0????????????????????? ??????????????????6.1.7600.16385????????????????V?????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????1??04??????????.NTAMD64????? ??????????????????????????????z??????l?l????????????X??????a??????6-21-2006????????????3??hi??6.1.7600.16385??????????????????????DiskDrive?????f????????g?????????????????????h??? ??????????????????????????????z?????#2e6??disk_install????\\?\storage#volume#_??_usbstor#disk&ven_kingston&prod_dt_101_ii&rev_1.00#001372982d2aa99186370060&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&0#??????wpdfs.inf:Microsoft.NTamd64:Basic_Install:6.1.7600.16385:wpdbusenum\fs??????STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_N97_DISK&PROD_&REV_#538253108059470&1#??????????????@disk.inf,%genmanufacturer%;(Standard disk drives)?m?k??????????????????\\?\WpdBusEnumRoot#UMB#2&37c186
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ?????o???????????U????????N??????d??????????????????volume.inf????????<??????1??????????0???? ??????????????????????????????????????????????????????? ????????????????????????????V?N?????0?????? ?????????????????????0????????????&????????????????????2??? ?????????????????????0????????????????????? ???????????????????f?0????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????0????????????????????? ???????????????????h?0??????????????????????$??????_???????????????z???3??E-??? ????????????????????????"???????~???????????o???????o?????????????{00000000-0000-0000-0000-000000000000}???????????????u???e???????????????????????????e??un???????????????????????????????????????d???d??.NT??&??? ??????????????????????????????N?????????????s?????Microsoft ISATAP Adapter #3??????????????????h??@nettun.inf,%msft%;Microsoft?B??????CI??????HP??????????Ndi-Mp-AsyncMac??4??????????? ??????????????????????????????????????????????0???? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@DhcpNetbiosOptions 2
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 5384
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@LeaseObtainedTime 1315298017
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@T1 1331066017
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@T2 1342892017
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}@LeaseTerminatesTime 1346834017
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@FrequencyCorrectRate 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PollAdjustFactor 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LargePhaseOffset 50000000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@SpikeWatchPeriod 900
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@LocalClockDispersion 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@HoldPeriod 5
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@PhaseCorrectRate 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@UpdateInterval 360000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@EventLogFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@AnnounceFlags 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@TimeJumpAuditOffset 28800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MinPollInterval 10
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPollInterval 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxNegPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxPosPhaseCorrection 54000
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\Config@MaxAllowedPhaseOffset 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@Enabled 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@InputProvider 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CrossSiteSyncFlags 2
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMinutes 15
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@ResolvePeerBackoffMaxTimes 7
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@CompatibilityFlags -2147483648
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@EventLogFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@LargeSampleSkew 3
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollInterval 604800
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7b97c3f???????????
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@DllName %systemroot%\system32\w32time.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@Enabled 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@InputProvider 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@AllowNonstandardModeCombinations 1
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@EventLogFlags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainEntryTimeout 16
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxEntries 128
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainMaxHostEntries 4
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainDisable 0
Reg HKLM\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer@ChainLoggingRate 30
Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@LeaseObtainedTime 1315298017
Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@T1 1331066017
Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@T2 1342892017
Reg HKLM\SYSTEM\CurrentControlSet\services\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}\Parameters\Tcpip@LeaseTerminatesTime 1346834017
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0cddeff66c31 0x12 0x62 0x4C 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@a87b3948391b 0x82 0x57 0x44 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@5ea5a51f6601 0x77 0xBB 0xCC 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@0021fc002299 0x82 0xC3 0xF3 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@6cab6cdc6601 0x68 0xE1 0xAB 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd19b7b@678fd6ed6601 0x1D 0xC1 0x37 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???n???????n????? ???????n?????n???????0????????????????????????????????t????n??*6to4mp??z??? ???????n???????????i?0?????????????????????????n??????p???SCSI Miniport????n???n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????N??????????????d???n?n?n?n?n?n94???????????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0??????????????????????P??n????????h??????????????????e??????????????t??????n????? ???????n?????n???????0????????????????????? ?n???n???n???n???n???n???n???n???n???n????????? ???????n???????????j?0????????????????????SCSI Miniport????n?????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????n??????????????????????????????????????????t????u?v???????n????? ???????n?????n???????0????????????????????? ???????n???????????j?0?????????????????????????n??????p???SCSI miniport????n???n?????n????? ???????fH????????????-??.????????????B????? ???????n?????????????-?????????????????????????o?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???n?????????i??????s??????????????????z???????n????@%systemroot%\system32\drivers\hwpolicy.sys,-101???????????????g????????????@cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive?ram???????????????????????????????0???m???e??????1????????????????A????????????????????<??s???????????????????????????????????????????????????????????????????p??t???????????localSystem??????n?n?n?n?n?n?????????????????l???????????????n????8??n????????h??????t?t?t???s???????????????????????????????????????p????????h?????????????{F3A42474-0891-4151-B44A-ED04B657432B}?\????Security Processor Loader Driver?????n???????????n??????t???? ???????n?????n?????m???? ???&????? ??????????????????????????????e ????????????????e?????????????M??????????????????????N??????f????D??/???????n??????????????????????????????t?????????????????????????????????????????N??n????????h?????\SystemRoot\system32\DRIVERS\iirsp.sys???????????????????????n??????p???SCSI Miniport?????R??n???????????d??iirsp.inf_amd64_neutral_25c14d33af7f54f1??????????????????????????T??n?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???n????Microsoft????p?p?p??? ??????????????????? 6??????m??????sl??cdrom???????? ???????n??????????????????????????????0????????????????????????????W?bCa????????????????????????????????E?????winmgmt??7???s?t?t??RSUSBSTOR??????????????????????????????g??????R??s?????????e????\SystemRoot\system32\DRIVERS\intelide.sys?????(??n??????p???System Bus Extender???????R??????????????d????N??n???o??????????\???? ???????n????????????????????V?n?????????????????????????????????.??o?????????e????Extended Base???System32\Drivers\ksecdd.sys??????????????_??????Tc??????Tc??????????????to???????????????????????????????????????????????????????n??? ???????n???????????n??????????????????1o???????????C?MWi???????????m????????????????????E:\W???=???????????????????e?F2\???????????????\???n?n?n?n?n?n?n??????? ???????n???????????n??????????????????2t???????????\?igw???????????????n???s??eF??tunnel??????????????LocalSystem?????????????Net??s???????????????????????B???????61??????????t????8??s????????h????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???i?????????/???1???e?????? ????}?????s?????????????0???r???????h???p??????? ??????????????????btwampfl????????????volsnap??????i?i?i?i?????????i????N??j????????D??????i?j?:???????????????????????i??Ndi-Mp-Ip???11???o??????????????????????????????????????????Microsoft????????????????????????????????????i??????s????????i???2???????i?ih???oem46.inf???????? ????X????????????????????????????????????????????????????????????????????????????????s????Microsoft???????????????s????????3???c?????reZ???????????? ??????4???????i?k?i???????????i??????????11????????4??i?????????e????? ??????????????D???????&???????????????????C:\ProgramData\Microsoft\MF?????????os???????????????????????????0??B&???????3???????????.??????????LegacyDriver??????^??n???+?????e?+???????h??????p????????}???n???l???????z???j?k?2??Volume?f????STORAGE\VolumeSnapshot????????X?????????????????????????????????????????????????????????Wi???r???????y???????????????n???????????????s??????p????????????????x???m???????????????5???3???k?k?i??LegacyDriver? ?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???8?????????l???????????????????l?l?3???????????o???????o???????j??????????? ???????l?????????????-?????????????????f??? ???????l?????l???????0??L????????? ??????????????l???l????? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????[?0?????????????????????????????????????????????????e?????????????l?????????????n??????6.1.7600.16385???????l??????????????? ???????l?????l???????0????????????&????????????????????????l?l?????l??????? ???????l?????l???????0????????????????????? ???????l???????????d?0??????????????????????:??l?????????????l????? ???????l?????l???????0???????????????????????l???l???l????????? ???????l???????????f?0?????????????????????????l???????????????????c?????????rli?????l????? ???????l?????l???????0????????????&??????????????????????????l???l????? ???????l?????l???????0????????????????????? ???????l???????????h?0?????????????????????l?l?l???????l???0??22???????l?????????????????????l????? ???????l?????l???????0???????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??po?s????(??n???????????m???????????o??????????????????????????????????? ??????????????????????????? ??????????????????mscoree.dll?????? ???n??????????s???? ???n??????????s???MS_BTHBRB???? ??????????????r????????????????????e??????????????????? ???????n?????n???????????????????? ???????????????????? ???????o???????????n?,?????????????????e??2e,00,4e,00,45,00,54,00,20,00,44,00,61,00,74,00,61,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,20,00,66,00,6f,00,72,00,20,00,53,00,71,00,6c,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,00,00?????? ???????o?????????????????????????????????e????HardConnectsPerSecond?HardDisconnectsPerSecond?SoftConnectsPerSecond?SoftDisconnectsPerSecond?NumberOfNonPooledConnections?NumberOfPooledConnections?NumberOfActiveConnectionPoolGroups?NumberOfInactiveConnectionPoolGroups?NumberOfActiveConnectionPools?NumberOfInactiveConnectionPools?NumberOfActiveConnections?NumberOfFreeConnections?NumberOfStasisConnections?NumberOfReclaimedConnections?????CollectPerformanceData?????????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x4E 0x03 0x10 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=C52B8C99 \xa0The Social Network (2010).exe 8

---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\TMP00000638B7A04889A36E0ED2 0 bytes

---- EOF - GMER 1.0.15 ----

 

[EHNN]

step 4 : done using DDS
log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by NECCO at 21:58:33 on 2011-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.286 [GMT 8:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Connectify\Connectifyd.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Time Lock\timelockfw.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Users\acer\Desktop\VPN\HHX1\HarmonyHackerX.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Expat Shield\bin\fbw.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
mStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: AutorunsDisabled - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
uRun: [<NO NAME>]
uRun: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
uRun: [Facebook Update] "C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\acer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device...
IE: Send page to &Bluetooth Device...
IE: YamicsoftDisabled
IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.203.8.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E445 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E44502E5E5 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56D67ED2-407C-45C0-9E02-19EFD91BBD43}\242594C4C49414E4452C0AE5E5 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD} : DhcpNameServer = 10.203.8.1
TCP: Interfaces\{5FD56E7F-07FA-4A3A-B57E-05C14796F73D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1} : NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{8BC605CD-C9FB-4EEC-8656-9EDA591D7D63} : NameServer = 192.168.2.1
TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9} : NameServer = 202.126.40.5 222.127.143.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
IFEO: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
BHO-X64: AutorunsDisabled - No File
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
IFEO-X64: dtswizard.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: landingpage.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: sqlwtsn.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
FF - prefs.js: network.proxy.ftp - 10.201.60.241
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.201.60.241
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.201.60.241
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-09-06 12:13:30 -------- d-----w- C:\Users\acer\AppData\Roaming\IDM
2011-09-06 12:12:53 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2011-09-06 05:27:50 -------- d-----w- C:\ProgramData\InterAction studios
2011-09-06 03:03:21 -------- d-----w- C:\Users\acer\AppData\Local\Connectify
2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-04 22:03:53 -------- d-----w- C:\Windows\pss
2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
2011-09-01 00:36:29 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-09-01 00:36:29 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-01 00:36:29 -------- d-----w- C:\Program Files (x86)\Expat Shield
2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
2011-08-31 10:54:00 -------- d-----w- C:\Program Files (x86)\Connectify
2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
2011-08-30 21:52:33 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2011-08-29 10:50:01 -------- d-----w- C:\ICC_Backup
2011-08-28 07:38:19 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
2011-08-27 17:00:55 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
2011-08-27 16:59:37 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
2011-08-27 13:00:06 -------- d-----w- C:\Program Files (x86)\AutocompletePro
2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
2011-08-26 03:15:19 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
2011-08-26 03:15:09 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-08-26 03:00:39 -------- d-----w- C:\ProgramData\BabylonUpdater
2011-08-26 03:00:26 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
2011-08-26 02:59:51 -------- d-----w- C:\Program Files (x86)\Easy Downloads
2011-08-25 01:49:10 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
2011-08-24 05:30:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-08-24 05:29:40 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-23 22:50:59 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
2011-08-23 22:34:25 -------- d-----w- C:\aircrack
2011-08-21 14:56:52 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-08-21 14:56:01 -------- d-----w- C:\Program Files (x86)\Cain
2011-08-21 11:07:08 -------- d-----w- C:\Expat Shield
2011-08-20 03:25:31 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
2011-08-19 23:34:35 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
2011-08-12 17:09:29 -------- d-----w- C:\ProgramData\Nero
2011-08-12 14:31:32 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-08-09 17:10:33 -------- d-----w- C:\Program Files (x86)\Ultrasurf
2011-08-09 17:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\System-G
2011-08-09 17:05:57 -------- d-----w- C:\Program Files (x86)\Connection Keeper
2011-08-09 16:48:31 -------- d-----w- C:\Users\acer\AppData\Roaming\DMCache
2011-08-08 20:02:53 -------- d-----w- C:\Windows\System32\SPReview
2011-08-08 19:59:24 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-08 19:50:20 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-08 19:50:20 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-08 19:49:33 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-08 19:49:11 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2011-08-08 19:49:10 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2011-08-08 19:49:10 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2011-08-08 19:49:09 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-08-08 19:49:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2011-08-08 19:46:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-08-08 19:45:59 1371136 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2011-08-08 19:44:59 630272 ----a-w- C:\Windows\System32\evr.dll
2011-08-08 19:43:59 223248 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2011-08-08 19:42:59 199168 ----a-w- C:\Windows\SysWow64\onex.dll
2011-08-08 19:41:59 155520 ----a-w- C:\Windows\System32\drivers\ataport.sys
2011-08-08 19:40:59 781312 ----a-w- C:\Windows\System32\wmdrmsdk.dll
2011-08-08 19:39:59 527872 ----a-w- C:\Windows\System32\wmdrmnet.dll
2011-08-08 19:38:59 44544 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2011-08-08 19:37:33 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\rdpwd.sys.mui
2011-08-08 19:37:31 3072 ----a-w- C:\Windows\System32\drivers\zh-TW\tsusbflt.sys.mui
2011-08-08 19:37:02 23552 ----a-w- C:\Windows\System32\drivers\zh-TW\usbport.sys.mui
2011-08-08 19:36:24 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-08-08 19:36:23 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-08-08 19:34:59 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2011-08-08 19:33:59 411496 ----a-w- C:\Windows\System32\xactengine2_9.dll
2011-08-08 19:23:11 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-08-08 19:23:11 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-08-08 19:23:10 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-08-08 19:22:24 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-08-08 19:21:56 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-08-08 19:18:16 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-08-08 19:18:13 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-08-08 19:07:02 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-08 19:07:00 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-08-08 19:07:00 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-08-08 19:07:00 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-08-08 19:07:00 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-08-08 19:07:00 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-08-08 19:07:00 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-08-08 19:07:00 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-08 19:07:00 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-08-08 19:07:00 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-08-08 18:42:41 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-08 18:35:30 -------- d-----w- C:\inetpub
2011-08-08 17:46:12 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-08-08 12:56:25 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-08-08 12:56:25 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-08-07 17:35:45 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
2011-08-07 17:35:45 108376 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll
2011-08-07 17:35:44 105816 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2011-08-07 16:13:18 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-07 16:09:37 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
.
==================== Find3M ====================
.
2011-09-06 08:37:20 77824 ----a-w- C:\Windows\KMSEmulator.exe
2011-08-24 01:03:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 20:35:57 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-08 20:35:54 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-06 11:56:17 111 ----a-w- C:\Windows\SysWow64\sysinter.drv
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-20 08:41:18 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-07-20 08:35:48 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-07-20 08:35:42 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-07-20 08:35:38 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-07-20 08:35:34 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-06 11:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-07-01 09:46:40 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 22:07:41.41 ===============


i also want to ask for help is my problem about "This version of windows is not genuine" it always shows, that's why i create shortcut of Activate windows just to remove that message at the bottom right of my monitor..
kinda curious about it, why is it showing even though i have a licence windows 7 home premium x64bit OS,

another i want to share is, i just noticed while watching on youtube, the video is seem laggy. like playing slow mo..

thank you for your time reading my concern..
i will really appreciate your help..
thank you! and God Speed

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[EHNN]

sorry for the delay sir.. i just got home from school..
this morning, i just do what you ask me to do..
i finished the scan process, but i have some little problem with the combofix, the scan was good but the processing of the log for this combofix takes so long..i wait maybe half an hour.. still no progress.. i didnt know if the app hangs or what i didnt see any progress when it will be finished.. so for now i only have the aswMBR log file.. ooops! just want to share what happen while doing the scan process..
i already have the aswMBR.exe, i install then start scan, while scanning some error occured then suddenly gone blockout then restarted.. so, i run the aswMBR.exe again, and the log file is as follows :


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-08 06:08:09
-----------------------------
06:08:09.659 OS Version: Windows x64 6.1.7601 Service Pack 1
06:08:09.659 Number of processors: 2 586 0x170A
06:08:09.661 ComputerName: NECCO UserName: NECCO
06:08:13.869 Initialize success
06:08:27.165 AVAST engine defs: 11090700
06:08:59.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:09:00.020 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
06:09:00.037 Disk 0 MBR read error 0
06:09:00.042 Disk 0 MBR scan
06:09:00.050 Disk 0 unknown MBR code
06:09:00.056 MBR BIOS signature not found 0
06:09:00.062 Service scanning
06:09:04.657 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
06:09:05.764 Modules scanning
06:09:05.776 Disk 0 trace - called modules:
06:09:05.826 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spih.sys
06:09:05.833 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027fa790]
06:09:05.841 3 CLASSPNP.SYS[fffff88001dc143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800268c050]
06:09:07.331 AVAST engine scan C:\Windows
06:09:19.253 AVAST engine scan C:\Windows\system32
06:13:21.259 AVAST engine scan C:\Windows\system32\drivers
06:13:45.993 AVAST engine scan C:\Users\acer
06:25:36.931 AVAST engine scan C:\ProgramData
06:29:22.478 Scan finished successfully
06:30:32.679 Disk 0 MBR has been saved successfully to "C:\Users\acer\Desktop\MBR.dat"
06:30:32.688 The log file has been saved successfully to "C:\Users\acer\Desktop\aswMBR.txt"


ill try to rerun the combofix and post the log after ..

 

[Broni]

Go ahead........

 

[EHNN]

at last !

combofix log:

ComboFix 11-09-08.03 - NECCO 09/09/2011 7:17:57.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.537 [GMT 8:00]
Running from: C:\Users\acer\Desktop\techspot\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active



((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))


2011-09-08 23:37:00 . 2011-09-08 23:37:00 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2011-09-08 23:37:00 . 2011-09-08 23:37:00 -------- d-----w- C:\Users\DURAN\AppData\Local\temp
2011-09-07 02:57:14 . 2011-09-07 03:02:10 -------- d-----w- C:\Users\acer\AppData\Roaming\TS3Client
2011-09-07 02:56:34 . 2011-09-07 02:56:52 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2011-09-06 05:27:50 . 2011-09-06 05:27:50 -------- d-----w- C:\ProgramData\InterAction studios
2011-09-06 03:03:21 . 2011-09-07 03:03:49 -------- d-----w- C:\Users\acer\AppData\Local\Connectify
2011-09-05 05:00:41 . 2011-09-05 05:00:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-02 23:11:18 . 2011-09-02 23:11:18 -------- d-----w- C:\Users\DURAN\AppData\Local\Diagnostics
2011-09-01 01:57:45 . 2011-09-01 01:57:45 -------- d-----w- C:\ProgramData\hssff
2011-09-01 00:36:29 . 2011-09-01 00:40:46 -------- d-----w- C:\Program Files (x86)\Expat Shield
2011-09-01 00:36:29 . 2011-06-22 22:05:58 755016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-01 00:36:29 . 2011-06-22 22:05:52 756552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-08-31 11:05:45 . 2011-08-31 11:05:45 0 ---ha-w- C:\Users\acer\AppData\Local\BITF061.tmp
2011-08-31 10:54:00 . 2011-09-08 10:37:33 -------- d-----w- C:\Program Files (x86)\Connectify
2011-08-30 21:52:33 . 2011-08-30 21:52:34 -------- d-----w- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
2011-08-30 21:52:33 . 2011-08-30 21:52:34 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2011-08-30 21:52:33 . 2011-08-30 21:52:33 -------- d-----w- C:\Users\acer\AppData\Local\PACE Anti-Piracy
2011-08-29 17:26:40 . 2011-08-31 22:32:46 -------- d-----w- C:\Users\EHNN
2011-08-29 10:50:01 . 2011-08-31 22:29:29 -------- d-----w- C:\ICC_Backup
2011-08-28 08:44:16 . 2011-08-28 08:44:17 -------- d-----w- C:\Users\DURAN\AppData\Local\Yahoo
2011-08-28 08:44:16 . 2011-08-28 08:44:16 -------- d-----w- C:\Users\DURAN\AppData\Roaming\Yahoo!
2011-08-28 08:37:51 . 2011-08-28 08:37:51 -------- d-----w- C:\Users\DURAN\AppData\Roaming\skypePM
2011-08-28 07:38:19 . 2011-09-05 10:04:25 -------- d-----w- C:\Users\acer\AppData\Local\Facebook
2011-08-27 17:00:55 . 2011-08-27 17:00:56 -------- d-----w- C:\Users\acer\AppData\Roaming\MozillaControl
2011-08-27 16:59:37 . 2011-08-31 11:07:30 -------- d-----w- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
2011-08-26 03:47:53 . 2011-08-26 03:47:53 -------- d-----w- C:\ProgramData\Uniblue
2011-08-26 03:15:19 . 2011-08-26 03:34:58 -------- d-----w- C:\Users\acer\AppData\Roaming\Uniblue
2011-08-26 03:15:09 . 2011-08-26 03:28:24 -------- d-----w- C:\Program Files (x86)\Uniblue
2011-08-26 03:00:26 . 2011-08-31 22:16:36 -------- d-----w- C:\Users\acer\AppData\Local\Babylon
2011-08-26 03:00:23 . 2011-08-26 03:00:23 -------- d-----w- C:\ProgramData\Babylon
2011-08-26 03:00:21 . 2011-08-26 03:00:21 -------- d-----w- C:\Users\acer\AppData\Roaming\Babylon
2011-08-26 02:59:51 . 2011-08-27 00:13:36 -------- d-----w- C:\Program Files (x86)\Easy Downloads
2011-08-25 01:49:10 . 2011-08-12 04:10:01 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
2011-08-24 05:30:59 . 2011-07-16 05:21:04 6144 ---ha-w- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-24 05:29:40 . 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-23 22:50:59 . 2011-09-01 00:29:15 -------- d-----w- C:\Program Files (x86)\CommViewWiFi
2011-08-23 22:34:25 . 2011-08-23 22:34:47 -------- d-----w- C:\aircrack
2011-08-21 14:56:52 . 2011-08-21 14:56:55 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-08-21 14:56:01 . 2011-08-22 10:55:51 -------- d-----w- C:\Program Files (x86)\Cain
2011-08-21 11:07:08 . 2011-09-01 00:40:45 -------- d-----w- C:\Expat Shield
2011-08-20 03:25:31 . 2011-08-21 03:55:40 -------- d-----w- C:\Program Files (x86)\Sun Broadband Wireless
2011-08-19 23:34:35 . 2011-08-21 03:56:12 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6
2011-08-12 17:09:29 . 2011-08-12 17:17:54 -------- d-----w- C:\ProgramData\Nero
2011-08-12 14:31:32 . 2011-08-12 14:31:41 -------- d-----w- C:\Program Files (x86)\Ask.com
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-08 12:13:30 . 2011-07-16 11:04:31 77824 ----a-w- C:\Windows\KMSEmulator.exe
2011-08-24 01:03:19 . 2011-07-17 10:09:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 20:35:57 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-08 20:35:54 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2011-08-08 17:10:22 . 2011-08-08 17:10:22 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-08-08 17:10:22 . 2011-08-08 17:10:22 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-08-08 17:10:21 . 2011-08-08 17:10:21 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-08-08 17:10:21 . 2011-08-08 17:10:21 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2011-08-08 17:10:21 . 2011-08-08 17:10:21 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-08-08 17:10:21 . 2011-08-08 17:10:21 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
2011-08-08 17:10:21 . 2011-08-08 17:10:21 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2011-08-08 17:10:21 . 2011-08-08 17:10:21 367104 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-08 17:10:21 . 2011-08-08 17:10:21 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-08 17:10:21 . 2011-08-08 17:10:21 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
2011-08-08 17:10:21 . 2011-08-08 17:10:21 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2011-08-08 17:10:21 . 2011-08-08 17:10:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-08-08 17:10:21 . 2011-08-08 17:10:21 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2011-08-08 17:10:20 . 2011-08-08 17:10:20 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-08-08 17:10:20 . 2011-08-08 17:10:20 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
2011-08-08 17:10:20 . 2011-08-08 17:10:20 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-08-08 17:10:20 . 2011-08-08 17:10:20 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2011-08-08 17:10:20 . 2011-08-08 17:10:20 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2011-08-08 17:10:19 . 2011-08-08 17:10:19 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2011-08-08 17:10:19 . 2011-08-08 17:10:19 76800 ----a-w- C:\Windows\system32\tdc.ocx
2011-08-08 17:10:19 . 2011-08-08 17:10:19 49664 ----a-w- C:\Windows\system32\imgutil.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 222208 ----a-w- C:\Windows\system32\msls31.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2011-08-08 17:10:19 . 2011-08-08 17:10:19 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 12288 ----a-w- C:\Windows\system32\mshta.exe
2011-08-08 17:10:19 . 2011-08-08 17:10:19 114176 ----a-w- C:\Windows\system32\admparse.dll
2011-08-08 17:10:19 . 2011-08-08 17:10:19 111616 ----a-w- C:\Windows\system32\iesysprep.dll
2011-08-08 17:10:18 . 2011-08-08 17:10:18 85504 ----a-w- C:\Windows\system32\iesetup.dll
2011-08-08 17:10:18 . 2011-08-08 17:10:18 603648 ----a-w- C:\Windows\system32\vbscript.dll
2011-08-08 17:10:18 . 2011-08-08 17:10:18 448512 ----a-w- C:\Windows\system32\html.iec
2011-08-08 17:10:18 . 2011-08-08 17:10:18 30720 ----a-w- C:\Windows\system32\licmgr10.dll
2011-08-08 17:10:18 . 2011-08-08 17:10:18 165888 ----a-w- C:\Windows\system32\iexpress.exe
2011-08-08 17:10:18 . 2011-08-08 17:10:18 160256 ----a-w- C:\Windows\system32\wextract.exe
2011-08-08 17:10:18 . 2011-08-08 17:10:18 1492992 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-08-08 14:11:14 . 2011-07-15 02:33:03 2136512 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-08-06 11:13:42 . 2011-08-06 11:14:39 196608 ----a-w- C:\Windows\system32\drivers\ew_juwwanecm.sys
2011-08-06 11:13:42 . 2011-08-06 11:14:28 999936 ----a-w- C:\Windows\system32\drivers\mod7700.sys
2011-08-06 11:13:42 . 2011-08-06 11:14:28 13952 ----a-w- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:39 93696 ----a-w- C:\Windows\system32\drivers\ew_jucdcacm.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:39 85504 ----a-w- C:\Windows\system32\drivers\ew_jubusenum.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:39 55296 ----a-w- C:\Windows\system32\drivers\ew_jucdcecm.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:39 29184 ----a-w- C:\Windows\system32\drivers\ew_juextctrl.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:27 256000 ----a-w- C:\Windows\system32\drivers\ewusbnet.sys
2011-08-06 11:13:41 . 2011-08-06 11:14:12 117248 ----a-w- C:\Windows\system32\drivers\ew_hwusbdev.sys
2011-08-06 11:13:40 . 2011-08-06 11:14:39 1490656 ----a-w- C:\Windows\system32\WdfCoInstaller01007.dll
2011-08-06 11:13:40 . 2011-08-06 11:14:39 1490656 ----a-w- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
2011-08-06 11:13:40 . 2011-08-06 11:14:27 32768 ----a-w- C:\Windows\system32\drivers\ewdcsc.sys
2011-08-06 11:13:40 . 2011-08-06 11:14:27 121600 ----a-w- C:\Windows\system32\drivers\ewusbmdm.sys
2011-08-06 11:13:37 . 2011-08-06 11:13:44 363008 ----a-w- C:\Windows\system32\drivers\UMDF\hwgpssensor.dll
2011-07-20 08:41:18 . 2011-04-28 01:04:40 34624 ----a-w- C:\Windows\system32\TURegOpt.exe
2011-07-20 08:35:48 . 2011-04-28 01:04:31 25920 ----a-w- C:\Windows\system32\authuitu.dll
2011-07-20 08:35:42 . 2011-04-28 01:04:29 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-07-20 08:35:38 . 2011-04-28 01:04:32 36160 ----a-w- C:\Windows\system32\uxtuneup.dll
2011-07-20 08:35:34 . 2011-04-28 01:04:31 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-07-16 04:26:00 . 2011-08-24 05:31:08 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-06 11:52:42 . 2011-03-24 03:42:52 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 . 2011-03-24 03:42:33 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-07-05 10:37:00 . 2011-07-05 10:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 10:37:00 . 2011-07-05 10:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-07-01 09:46:40 . 2011-07-01 09:46:40 31232 ----a-w- C:\Windows\system32\drivers\tap0901.sys
2011-06-11 03:07:25 . 2011-07-24 06:28:38 3137536 ----a-w- C:\Windows\system32\win32k.sys
2010-07-08 02:37:14 . 2010-07-08 02:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe


((((((((((((((((((((((((((((( SnapShot@2011-09-07_22.56.35 )))))))))))))))))))))))))))))))))))))))))

+ 2011-09-04 22:10:04 . 2011-09-08 12:09:08 32768 C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-04 22:10:04 . 2011-09-07 22:03:02 32768 C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-04 22:10:04 . 2011-09-07 22:03:02 16384 C:\Windows\Temp\History\History.IE5\index.dat
+ 2011-09-04 22:10:04 . 2011-09-08 12:09:08 16384 C:\Windows\Temp\History\History.IE5\index.dat
+ 2011-09-04 22:10:04 . 2011-09-08 12:09:08 16384 C:\Windows\Temp\Cookies\index.dat
- 2011-09-04 22:10:04 . 2011-09-07 22:03:02 16384 C:\Windows\Temp\Cookies\index.dat
+ 2010-07-31 02:35:48 . 2011-09-08 10:37:07 12646 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-07-31 02:35:48 . 2011-09-07 01:14:22 12646 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-07-14 05:10:35 . 2011-09-07 22:05:46 60292 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2011-09-08 12:12:22 60292 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-10 09:42:15 . 2011-09-08 04:10:11 28132 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2915824604-787655904-4174257227-1000_UserData.bin
- 2009-07-14 05:30:40 . 2011-09-06 03:01:29 86016 C:\Windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30:40 . 2011-09-08 23:15:12 86016 C:\Windows\system32\DriverStore\infpub.dat
+ 2010-06-04 01:32:32 . 2011-09-08 10:37:05 14878 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-07-31 09:28:12 . 2011-09-08 07:30:50 5366 C:\Windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
- 2011-09-07 11:58:06 . 2011-09-07 22:02:19 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-08 12:08:33 . 2011-09-08 12:08:33 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-08 12:08:33 . 2011-09-08 12:08:33 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-07 11:58:06 . 2011-09-07 22:02:19 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-11 00:01:09 . 2011-09-08 07:30:45 525366 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-05 06:21:17 . 2011-09-08 10:36:24 474936 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-04-13 23:05:24 . 2011-09-08 12:12:17 108944 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-06-04 16:41:04 . 2011-09-07 08:29:48 481560 C:\Windows\system32\prfh0404.dat
+ 2010-06-04 16:41:04 . 2011-09-08 13:51:49 481560 C:\Windows\system32\prfh0404.dat
+ 2010-06-04 16:41:04 . 2011-09-08 13:51:49 151844 C:\Windows\system32\prfc0404.dat
- 2010-06-04 16:41:04 . 2011-09-07 08:29:48 151844 C:\Windows\system32\prfc0404.dat
- 2009-07-14 02:36:59 . 2011-09-07 08:29:48 738742 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-09-08 13:51:49 738742 C:\Windows\system32\perfh009.dat
+ 2009-07-14 02:36:59 . 2011-09-08 13:51:49 151844 C:\Windows\system32\perfc009.dat
- 2009-07-14 02:36:59 . 2011-09-07 08:29:48 151844 C:\Windows\system32\perfc009.dat
- 2009-07-14 05:30:40 . 2011-09-06 03:01:29 239616 C:\Windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30:40 . 2011-09-08 23:15:12 239616 C:\Windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30:40 . 2011-09-08 23:15:12 143360 C:\Windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30:40 . 2011-09-06 03:01:28 143360 C:\Windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01:48 . 2011-09-08 10:37:09 541956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01:48 . 2011-09-07 11:39:56 541956 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-16 08:58:15 . 2011-09-07 04:23:06 5473648 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
+ 2011-02-16 08:58:15 . 2011-09-08 10:37:10 5473648 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41:14 233288 ----a-w- C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 08:50:26 1197448 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 08:50:26 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-27 22:23:59 1239040]
"PowerSuite"="C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" [2011-07-18 08:08:22 67448]
"Facebook Update"="C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 10:00:46 137536]
"Connectify"="C:\Program Files (x86)\Connectify\Connectify.exe" [2011-03-09 22:17:14 1532992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-11-01 23:39:48 1094736]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 04:59:52 254696]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 11:52:38 449584]

C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

R1 bftpznfz;bftpznfz; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 05:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 06:27:14 138576]
R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2011-08-06 11:13:34 218624]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:51 135664]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 11:52:38 366640]
R2 stimelock;Time Lock;C:\Time Lock\timelockfw.exe [2010-01-13 13:01:32 743424]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys [x]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]
R3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-07-01 18:40:38 58013]
R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:51 135664]
R3 huawei_cdcecm;huawei_cdcecm;C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 09:51:12 30963576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys [x]
R3 NETw5s64;?? Windows 7 64 Bit ? Intel(R) Wireless WiFi Link ???????;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 05:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 08:17:44 61976]
R4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 04:33:26 430424]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 04:55:28 64952]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-03-09 22:17:16 892992]
S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 18:30:12 107016]
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 08:41:42 810144]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [x]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-26 03:56:10 782880]
S2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2011-07-01 18:37:24 298824]
S2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-05-24 23:40:12 363336]
S2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [2011-05-25 00:54:54 329544]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 09:38:58 1150496]
S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2010-11-16 13:38:16 339456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 09:00:42 13336]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x]
S2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 07:44:14 158240]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 08:52:58 260640]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 23:27:36 243232]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 18:12:42 539032]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 12:34:24 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc

Contents of the 'Scheduled Tasks' folder

2011-09-08 C:\Windows\Tasks\AutoKMS.job
- C:\Windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04:53 . 2011-07-16 11:04:53]

2011-09-08 C:\Windows\Tasks\AutoKMSDaily.job
- C:\Windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04:53 . 2011-07-16 11:04:53]

2011-09-05 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:01:02 . 2011-09-05 10:00:46]

2011-09-06 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:01:02 . 2011-09-05 10:00:46]

2011-09-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:54 . 2010-08-23 08:10:51]

2011-09-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10:54 . 2010-08-23 08:10:51]

2011-08-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core1cc542decbe9360.job
- C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:14:42 . 2010-10-23 10:43:26]

2011-09-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
- C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:14:42 . 2010-10-23 10:43:26]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41:14 287048 ----a-w- C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2011-01-12 08:41:26 2917632]
"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-26 03:56:12 496160]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-09 05:50:30 387608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

------- Supplementary Scan -------

uStart Page = about:blank
mStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device...
IE: Send page to &Bluetooth Device...
IE: YamicsoftDisabled
IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: YamicsoftDisabled\Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.202.48.1
TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
FF - prefs.js: network.proxy.ftp - 10.201.60.241
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.201.60.241
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.201.60.241
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-HijackThis - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

[Broni]

You forgot to post Attach.txt part of DDS...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/10/2010 5:40:25 PM
System Uptime: 09/05/2011 6:08:50 AM (8 hours ago)
.
Motherboard: Acer | | Aspire 4810T
Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz | CPU | 1196/800mhz
.
==== Disk Partitions =========================
.
A: is CDROM ()
C: is FIXED (NTFS) - 226 GiB total, 129.213 GiB free.
D: is FIXED (NTFS) - 227 GiB total, 117.182 GiB free.
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0010
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #11
PNP Device ID: ROOT\*6TO4MP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0036
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #37
PNP Device ID: ROOT\*6TO4MP\0036
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0011
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #12
PNP Device ID: ROOT\*6TO4MP\0011
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0037
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #38
PNP Device ID: ROOT\*6TO4MP\0037
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0012
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #13
PNP Device ID: ROOT\*6TO4MP\0012
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0038
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #39
PNP Device ID: ROOT\*6TO4MP\0038
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: HUAWEI Mobile CMCC Connect - Network Adapter
Device ID: ROOT\NET\0001
Manufacturer: HUAWEI
Name: HUAWEI Mobile CMCC Connect - Network Adapter
PNP Device ID: ROOT\NET\0001
Service: huawei_cdcecm
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0013
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #14
PNP Device ID: ROOT\*6TO4MP\0013
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0039
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #40
PNP Device ID: ROOT\*6TO4MP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #15
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0040
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #41
PNP Device ID: ROOT\*6TO4MP\0040
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0015
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #16
PNP Device ID: ROOT\*6TO4MP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0041
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #42
PNP Device ID: ROOT\*6TO4MP\0041
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0016
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #17
PNP Device ID: ROOT\*6TO4MP\0016
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0042
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #43
PNP Device ID: ROOT\*6TO4MP\0042
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #18
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Microsoft Windows SideShow-compatible device
Device ID: ROOT\SIDESHOW\0000
Manufacturer: Microsoft
Name: Microsoft Windows SideShow-compatible device
PNP Device ID: ROOT\SIDESHOW\0000
Service: WUDFRd
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0043
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #44
PNP Device ID: ROOT\*6TO4MP\0043
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0018
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #19
PNP Device ID: ROOT\*6TO4MP\0018
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0044
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #45
PNP Device ID: ROOT\*6TO4MP\0044
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0019
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #20
PNP Device ID: ROOT\*6TO4MP\0019
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0045
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #46
PNP Device ID: ROOT\*6TO4MP\0045
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #21
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0046
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #47
PNP Device ID: ROOT\*6TO4MP\0046
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #22
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0047
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #48
PNP Device ID: ROOT\*6TO4MP\0047
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0022
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #23
PNP Device ID: ROOT\*6TO4MP\0022
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0023
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #24
PNP Device ID: ROOT\*6TO4MP\0023
Service: tunnel
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0024
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #25
PNP Device ID: ROOT\*6TO4MP\0024
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #26
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0026
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #27
PNP Device ID: ROOT\*6TO4MP\0026
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #28
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0028
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #29
PNP Device ID: ROOT\*6TO4MP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #30
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #5
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0030
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #31
PNP Device ID: ROOT\*6TO4MP\0030
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #6
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0031
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #32
PNP Device ID: ROOT\*6TO4MP\0031
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0032
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #33
PNP Device ID: ROOT\*6TO4MP\0032
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0033
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #34
PNP Device ID: ROOT\*6TO4MP\0033
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0008
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #9
PNP Device ID: ROOT\*6TO4MP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0034
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #35
PNP Device ID: ROOT\*6TO4MP\0034
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0009
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #10
PNP Device ID: ROOT\*6TO4MP\0009
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0035
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #36
PNP Device ID: ROOT\*6TO4MP\0035
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
1.1.1.5
2007 Microsoft Office Suite Service Pack 2 (SP2)
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
Accurate Personality Test 1.0
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader X (10.1.0)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.6
BlueJ 3.0.4
BufferChm
Bullzip MS Access to MySQL 3.0.0.148
Cain & Abel v4.9.42
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
CommView for WiFi
Connection Keeper
ConvertHelper 2.2
Dark Parables-The Exiled Prince Collector's Edition
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceDiscovery
DocMgr
DocProc
Driver Genius Professional Edition
eSobi v2
Expat Shield 2.06
Fax
Garena - League of Legends PH
Garena 2010
Garena Messenger
Globe Tattoo Broadband
Google Chrome
Google Update Helper
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
HPProductAssistant
Imagicon
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 21
JCreator LE 5.00
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Full)
Kalydo Player 3.10.04
Launch Manager
Learning Essentials for Microsoft Office
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Math
Microsoft MSDN 2005 Express Edition - ENU
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio Macro Tools
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
Mystery Case Files 13th Skull Collectors Edition 1.00
MyWinLocker Suite
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
OpenVPN 2.2.1
Optical Drive Power Management
PDF Settings CS5
Photo Transport
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PowerISO
PX Profile Update
PxMergeModule
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Shredder
Skype™ 5.2
SMART BRO
SmartWebPrinting
SolutionCenter
SQLyog Community 8.4 Beta1
Status
Suite Shared Configuration CS4
swMSM
Technology in the Class for Learning Essentials
Toolbox
Total Video Converter 3.71 100812
TrayApp
Treasure Seekers: The Time Has Come Collector's Edition
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232)
Update for Outlook 2007 Junk Email Filter (KB2586924)
USB Safely Remove 4.5
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.7
WebReg
Welch's Project Reference 6.6.8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Writer
Windows Movie Maker 2.6
WinPcap 4.1.2
Yahoo! Messenger
Yahoo! Software Update
yEd Graph Editor 3.7.0.2
.
==== Event Viewer Messages From Past Week ========
.
09/05/2011 6:10:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Globe Tattoo Broadband. OUC service to connect.
09/05/2011 6:10:08 AM, Error: Service Control Manager [7000] - The Globe Tattoo Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/05/2011 5:51:52 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:49:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
09/05/2011 5:48:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
09/05/2011 5:48:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
09/05/2011 5:48:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/05/2011 5:48:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09/05/2011 5:47:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ehdrv mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd tdx vwififlt Wanarpv6 WfpLwf
09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:47:47 AM, Error: Service Control Manager [7001] - The Expat Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/05/2011 5:47:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
09/05/2011 5:47:13 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
09/04/2011 8:45:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
09/04/2011 7:05:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
.
==== End Of File ===========================

 

[Broni]

Uninstall all Uniblue programs, which actually can be part of your problem:
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=============================================================

Uninstall Ask Toolbar, typical foistware.

=======================================================

Make sure you post a whole Combofix log this time.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Users\acer\AppData\Local\BITF061.tmp


DDS::
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = 127.0.0.1:9666
Trusted Zone: microsoft.com\v6.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download

Driver::
bftpznfz

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[EHNN]

sir.. i already removed
Ask Toolbar
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC

done also scanning using Combofix as what you instructed me to do..
sad to say, the Log processing is not yet finished up to now.. still no clues for almost 2 hours waiting..
is it normal sir? :/

ill report again later, need to go school first
thank you, God Bless

 

[EHNN]

yeeppe!

just now, the log pop out at last...

here it is



ComboFix 11-09-08.03 - NECCO 09/09/2011 11:14:28.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.428 [GMT 8:00]
Running from: c:\users\acer\Desktop\techspot\ComboFix.exe
Command switches used :: c:\users\acer\Desktop\techspot\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\acer\AppData\Local\BITF061.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bftpznfz
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 03:36 . 2011-09-09 03:36 0 ---ha-w- c:\users\acer\AppData\Local\BIT7FF8.tmp
2011-09-09 03:31 . 2011-09-09 03:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-09 03:31 . 2011-09-09 03:31 -------- d-----w- c:\users\DURAN\AppData\Local\temp
2011-09-07 02:57 . 2011-09-07 03:02 -------- d-----w- c:\users\acer\AppData\Roaming\TS3Client
2011-09-07 02:56 . 2011-09-07 02:56 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-09-06 05:27 . 2011-09-06 05:27 -------- d-----w- c:\programdata\InterAction studios
2011-09-06 03:03 . 2011-09-07 03:03 -------- d-----w- c:\users\acer\AppData\Local\Connectify
2011-09-05 05:00 . 2011-09-05 05:00 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-02 23:11 . 2011-09-02 23:11 -------- d-----w- c:\users\DURAN\AppData\Local\Diagnostics
2011-09-01 01:57 . 2011-09-01 01:57 -------- d-----w- c:\programdata\hssff
2011-09-01 00:36 . 2011-09-01 00:40 -------- d-----w- c:\program files (x86)\Expat Shield
2011-09-01 00:36 . 2011-06-22 22:05 755016 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-01 00:36 . 2011-06-22 22:05 756552 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-08-31 11:05 . 2011-08-31 11:05 0 ---ha-w- c:\users\acer\AppData\Local\BITF061.tmp
2011-08-31 10:54 . 2011-09-09 03:32 -------- d-----w- c:\program files (x86)\Connectify
2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\users\acer\AppData\Roaming\PACE Anti-Piracy
2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\programdata\PACE Anti-Piracy
2011-08-30 21:52 . 2011-08-30 21:52 -------- d-----w- c:\users\acer\AppData\Local\PACE Anti-Piracy
2011-08-29 17:26 . 2011-08-31 22:32 -------- d-----w- c:\users\EHNN
2011-08-29 10:50 . 2011-08-31 22:29 -------- d-----w- C:\ICC_Backup
2011-08-28 08:44 . 2011-08-28 08:44 -------- d-----w- c:\users\DURAN\AppData\Local\Yahoo
2011-08-28 08:44 . 2011-08-28 08:44 -------- d-----w- c:\users\DURAN\AppData\Roaming\Yahoo!
2011-08-28 08:37 . 2011-08-28 08:37 -------- d-----w- c:\users\DURAN\AppData\Roaming\skypePM
2011-08-28 07:38 . 2011-09-05 10:04 -------- d-----w- c:\users\acer\AppData\Local\Facebook
2011-08-27 17:00 . 2011-08-27 17:00 -------- d-----w- c:\users\acer\AppData\Roaming\MozillaControl
2011-08-27 16:59 . 2011-08-31 11:07 -------- d-----w- c:\program files (x86)\'Full Speed' Internet Booster + Performance Tests
2011-08-26 03:47 . 2011-08-26 03:47 -------- d-----w- c:\programdata\Uniblue
2011-08-26 03:15 . 2011-09-09 03:06 -------- d-----w- c:\program files (x86)\Uniblue
2011-08-26 03:00 . 2011-08-31 22:16 -------- d-----w- c:\users\acer\AppData\Local\Babylon
2011-08-26 03:00 . 2011-08-26 03:00 -------- d-----w- c:\programdata\Babylon
2011-08-26 03:00 . 2011-08-26 03:00 -------- d-----w- c:\users\acer\AppData\Roaming\Babylon
2011-08-26 02:59 . 2011-08-27 00:13 -------- d-----w- c:\program files (x86)\Easy Downloads
2011-08-25 01:49 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDB8CB2E-E597-4A1E-9075-E93945C890F2}\mpengine.dll
2011-08-24 05:30 . 2011-07-16 05:21 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-24 05:29 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-23 22:50 . 2011-09-01 00:29 -------- d-----w- c:\program files (x86)\CommViewWiFi
2011-08-23 22:34 . 2011-08-23 22:34 -------- d-----w- C:\aircrack
2011-08-21 14:56 . 2011-08-21 14:56 -------- d-----w- c:\program files (x86)\WinPcap
2011-08-21 14:56 . 2011-08-22 10:55 -------- d-----w- c:\program files (x86)\Cain
2011-08-21 11:07 . 2011-09-01 00:40 -------- d-----w- C:\Expat Shield
2011-08-20 03:25 . 2011-08-21 03:55 -------- d-----w- c:\program files (x86)\Sun Broadband Wireless
2011-08-19 23:34 . 2011-08-21 03:56 -------- d-----w- c:\program files (x86)\Cheat Engine 6
2011-08-12 17:09 . 2011-08-12 17:17 -------- d-----w- c:\programdata\Nero
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 03:39 . 2011-09-09 03:39 0 ---ha-w- c:\users\acer\AppData\Local\BIT124D.tmp
2011-09-09 03:38 . 2011-07-16 11:04 77824 ----a-w- c:\windows\KMSEmulator.exe
2011-08-24 01:03 . 2011-07-17 10:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 20:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-08 20:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-08 17:10 . 2011-08-08 17:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-08 17:10 . 2011-08-08 17:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-08 17:10 . 2011-08-08 17:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-08 17:10 . 2011-08-08 17:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-08 17:10 . 2011-08-08 17:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-08 17:10 . 2011-08-08 17:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-08 17:10 . 2011-08-08 17:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-08 17:10 . 2011-08-08 17:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-08 17:10 . 2011-08-08 17:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-08 17:10 . 2011-08-08 17:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-08 17:10 . 2011-08-08 17:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-08 17:10 . 2011-08-08 17:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-08 17:10 . 2011-08-08 17:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-08 17:10 . 2011-08-08 17:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-08 17:10 . 2011-08-08 17:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-08 17:10 . 2011-08-08 17:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-08 17:10 . 2011-08-08 17:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-08 17:10 . 2011-08-08 17:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-08 17:10 . 2011-08-08 17:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-08 17:10 . 2011-08-08 17:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-08 17:10 . 2011-08-08 17:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-08 17:10 . 2011-08-08 17:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-08 17:10 . 2011-08-08 17:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-08 17:10 . 2011-08-08 17:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-08 17:10 . 2011-08-08 17:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-08 17:10 . 2011-08-08 17:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-08 17:10 . 2011-08-08 17:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-08 17:10 . 2011-08-08 17:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-08 17:10 . 2011-08-08 17:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-08 17:10 . 2011-08-08 17:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-08 17:10 . 2011-08-08 17:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-08 17:10 . 2011-08-08 17:10 448512 ----a-w- c:\windows\system32\html.iec
2011-08-08 17:10 . 2011-08-08 17:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-08 17:10 . 2011-08-08 17:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-08 17:10 . 2011-08-08 17:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-08 17:10 . 2011-08-08 17:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-08 14:11 . 2011-07-15 02:33 2136512 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-08-06 11:13 . 2011-08-06 11:14 196608 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-08-06 11:13 . 2011-08-06 11:14 999936 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-06 11:13 . 2011-08-06 11:14 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-08-06 11:13 . 2011-08-06 11:14 93696 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-08-06 11:13 . 2011-08-06 11:14 85504 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-08-06 11:13 . 2011-08-06 11:14 55296 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-08-06 11:13 . 2011-08-06 11:14 29184 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-08-06 11:13 . 2011-08-06 11:14 256000 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-08-06 11:13 . 2011-08-06 11:14 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-08-06 11:13 . 2011-08-06 11:14 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-06 11:13 . 2011-08-06 11:14 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-08-06 11:13 . 2011-08-06 11:14 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-06 11:13 . 2011-08-06 11:14 121600 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-06 11:13 . 2011-08-06 11:13 363008 ----a-w- c:\windows\system32\drivers\UMDF\hwgpssensor.dll
2011-07-20 08:41 . 2011-04-28 01:04 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-20 08:35 . 2011-04-28 01:04 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-07-20 08:35 . 2011-04-28 01:04 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-07-20 08:35 . 2011-04-28 01:04 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-07-20 08:35 . 2011-04-28 01:04 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-07-16 04:26 . 2011-08-24 05:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 11:52 . 2011-03-24 03:42 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 11:52 . 2011-03-24 03:42 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-07-01 09:46 . 2011-07-01 09:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-07-08 02:37 . 2010-07-08 02:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-07_22.56.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-04 22:10 . 2011-09-09 03:34 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-04 22:10 . 2011-09-07 22:03 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-04 22:10 . 2011-09-07 22:03 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-09-04 22:10 . 2011-09-09 03:34 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2011-09-04 22:10 . 2011-09-09 03:34 16384 c:\windows\Temp\Cookies\index.dat
- 2011-09-04 22:10 . 2011-09-07 22:03 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-07-31 02:35 . 2011-09-08 10:37 12646 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-07-31 02:35 . 2011-09-07 01:14 12646 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-07-14 05:10 . 2011-09-07 22:05 60292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-09 03:37 60292 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-10 09:42 . 2011-09-09 03:37 28274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2915824604-787655904-4174257227-1000_UserData.bin
- 2009-07-14 05:30 . 2011-09-06 03:01 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-09-08 23:15 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-06-04 01:32 . 2011-09-08 10:37 14878 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-07-31 09:28 . 2011-09-08 07:30 5366 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
- 2011-09-07 11:58 . 2011-09-07 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-09 03:34 . 2011-09-09 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-09 03:34 . 2011-09-09 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-07 11:58 . 2011-09-07 22:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-11 00:01 . 2011-09-08 07:30 525366 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-08-05 06:21 . 2011-09-08 10:36 474936 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-04-13 23:05 . 2011-09-08 12:12 108944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-06-04 16:41 . 2011-09-07 08:29 481560 c:\windows\system32\prfh0404.dat
+ 2010-06-04 16:41 . 2011-09-08 13:51 481560 c:\windows\system32\prfh0404.dat
+ 2010-06-04 16:41 . 2011-09-08 13:51 151844 c:\windows\system32\prfc0404.dat
- 2010-06-04 16:41 . 2011-09-07 08:29 151844 c:\windows\system32\prfc0404.dat
- 2009-07-14 02:36 . 2011-09-07 08:29 738742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-08 13:51 738742 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-08 13:51 151844 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-07 08:29 151844 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-09-06 03:01 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-08 23:15 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-08 23:15 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-09-06 03:01 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-09-09 03:32 541956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-07 11:39 541956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-16 08:58 . 2011-09-07 04:23 5473648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
+ 2011-02-16 08:58 . 2011-09-09 03:32 5473648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2915824604-787655904-4174257227-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files (x86)\USB Safely Remove\USBSafelyRemove.exe" [2011-01-27 1239040]
"Facebook Update"="c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-05 137536]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-03-09 1532992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe [2011-08-06 218624]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-07-01 58013]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 135664]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NETw5s64;?? Windows 7 64 Bit ? Intel(R) Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-26 782880]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-05-24 363336]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2011-05-25 329544]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 stimelock;Time Lock;c:\time lock\timelockfw.exe [2010-01-13 743424]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files (x86)\USB Safely Remove\USBSRService.exe [2011-01-27 539032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-09 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04]
.
2011-09-09 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-07-16 11:04]
.
2011-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
- c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:00]
.
2011-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
- c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 10:00]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10]
.
2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-23 08:10]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core1cc542decbe9360.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:43]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2917632]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-26 496160]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608]
"combofix"="c:\combofix\CF9920.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device...
IE: Send page to &Bluetooth Device...
IE: YamicsoftDisabled
IE: YamicsoftDisabled\Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: YamicsoftDisabled\Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 10.204.24.1
TCP: Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fb.me/
FF - prefs.js: network.proxy.ftp - 10.201.60.241
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.201.60.241
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.201.60.241
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-PowerSuite - c:\progra~2\Uniblue\POWERS~1\launcher.exe
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):19,9a,7f,10,97,de,d3,55,2b,8a,89,01,fb,03,d2,87,77,17,27,6c,8d,
2a,ac,e4,f5,02,18,bb,84,38,0d,c4,05,50,a3,48,14,1f,73,3a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000_Classes\Wow6432Node\CLSID\{fea775ac-13c3-4e75-822d-b5860013a99b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f9
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,00,8b,b7,a0,86,d5,49,bb,d8,b4,55,54,ea,d1,38,1e,be,25,0a,94,65,24,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{C0D93E4E-0866-43C8-A104-BF41A803EA84}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="0003BFE44DCAFAB7"
"ScannerBuild"=dword:000025fe
"ScannerVersionId"=dword:000018cf
"ScannerVersion"="Open window for status."
"ei2"=hex(b):e0,3b,9a,c8,55,ca,03,2e
"ei1"=hex(b):00,26,2d,a6,72,b0,00,00
"ei3"=hex(b):77,bf,12,4e,00,00,00,00
"ei4"=dword:00000002
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile]
@Denied: (2) (LocalSystem)
"SelfdefenceEnabled"=dword:00000001
"ScanUnwantedApp"=dword:00000000
"WUWarningLevel"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\programdata\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\program files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
c:\program files (x86)\Expat Shield\bin\openvpntray.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Expat Shield\bin\openvpn.exe
c:\program files (x86)\Expat Shield\bin\fbw.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\acer\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-09-09 13:15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 05:15
.
Pre-Run: 134,227,980,288 bytes free
Post-Run: 133,226,590,208 bytes free
.
- - End Of File - - B814B33DC1D11CD79A1E0BF0D5F30195


sorry for not following what combofix needs me to do..
im bored waiting so i open chrome + expatshield + tattoo broadband for me to surf
hope this does not do anything worse,

another thing sir, lately the MBAM has error opening .. dunno why
hope we also fix my not genuine issue,

until later sir

 

[Broni]

hope we also fix my not genuine issue,

This will be a subject to a different forum, when we're done here.

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[EHNN]

tdsskiller log

2011/09/10 08:28:07.0885 0260 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 08:28:09.0892 0260 ================================================================================
2011/09/10 08:28:09.0893 0260 SystemInfo:
2011/09/10 08:28:09.0893 0260
2011/09/10 08:28:09.0893 0260 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/10 08:28:09.0893 0260 Product type: Workstation
2011/09/10 08:28:09.0893 0260 ComputerName: NECCO
2011/09/10 08:28:09.0894 0260 UserName: NECCO
2011/09/10 08:28:09.0894 0260 Windows directory: C:\Windows
2011/09/10 08:28:09.0894 0260 System windows directory: C:\Windows
2011/09/10 08:28:09.0894 0260 Running under WOW64
2011/09/10 08:28:09.0894 0260 Processor architecture: Intel x64
2011/09/10 08:28:09.0894 0260 Number of processors: 2
2011/09/10 08:28:09.0894 0260 Page size: 0x1000
2011/09/10 08:28:09.0894 0260 Boot type: Normal boot
2011/09/10 08:28:09.0894 0260 ================================================================================
2011/09/10 08:28:13.0526 0260 Initialize success
2011/09/10 08:28:21.0036 4052 ================================================================================
2011/09/10 08:28:21.0036 4052 Scan started
2011/09/10 08:28:21.0036 4052 Mode: Manual;
2011/09/10 08:28:21.0036 4052 ================================================================================
2011/09/10 08:28:25.0406 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/10 08:28:25.0751 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/10 08:28:26.0058 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/10 08:28:26.0393 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/10 08:28:27.0108 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/10 08:28:27.0626 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/10 08:28:27.0882 4052 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/10 08:28:28.0249 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/10 08:28:28.0580 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/10 08:28:28.0901 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/10 08:28:29.0137 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/10 08:28:29.0548 4052 amdkmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/09/10 08:28:30.0478 4052 amdkmdap (95fdd2d085013d34bc27daa5e900ed86) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/10 08:28:30.0714 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/10 08:28:30.0973 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/10 08:28:31.0404 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/10 08:28:31.0667 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/10 08:28:32.0039 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/10 08:28:32.0324 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/10 08:28:32.0640 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/10 08:28:32.0910 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/10 08:28:33.0154 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/10 08:28:33.0823 4052 athrusb6 (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\athrxu6.sys
2011/09/10 08:28:34.0460 4052 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/10 08:28:35.0435 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/10 08:28:35.0665 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/10 08:28:36.0000 4052 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/09/10 08:28:36.0493 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/10 08:28:36.0772 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/10 08:28:37.0060 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/10 08:28:37.0410 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/10 08:28:37.0566 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/10 08:28:37.0737 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/10 08:28:38.0006 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/10 08:28:38.0249 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/10 08:28:38.0455 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/10 08:28:38.0640 4052 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/09/10 08:28:38.0888 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/10 08:28:39.0243 4052 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/10 08:28:39.0552 4052 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/09/10 08:28:39.0815 4052 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/10 08:28:40.0279 4052 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
2011/09/10 08:28:40.0515 4052 btwampfl (73a1c54749fe4f0019241e36c796ab86) C:\Windows\system32\drivers\btwampfl.sys
2011/09/10 08:28:40.0881 4052 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
2011/09/10 08:28:41.0061 4052 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
2011/09/10 08:28:41.0255 4052 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/10 08:28:41.0432 4052 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/10 08:28:41.0656 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/10 08:28:41.0847 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/10 08:28:42.0418 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/10 08:28:42.0649 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/10 08:28:43.0122 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/10 08:28:43.0317 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/10 08:28:43.0534 4052 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/10 08:28:43.0865 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/10 08:28:44.0140 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/10 08:28:44.0370 4052 connctfy (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
2011/09/10 08:28:45.0223 4052 connctfyMP (23244e9703b61cca447aca48d4e49511) C:\Windows\system32\DRIVERS\connctfy.sys
2011/09/10 08:28:45.0388 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/10 08:28:45.0642 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/10 08:28:45.0813 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/10 08:28:46.0208 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/10 08:28:46.0917 4052 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/10 08:28:47.0172 4052 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/09/10 08:28:47.0369 4052 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/10 08:28:47.0650 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/10 08:28:47.0938 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/10 08:28:48.0295 4052 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
2011/09/10 08:28:48.0931 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/10 08:28:49.0374 4052 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/09/10 08:28:49.0826 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/10 08:28:50.0033 4052 epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
2011/09/10 08:28:50.0511 4052 Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/09/10 08:28:50.0851 4052 epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/09/10 08:28:51.0313 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/10 08:28:51.0690 4052 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/09/10 08:28:51.0934 4052 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/09/10 08:28:52.0356 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/10 08:28:52.0937 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/10 08:28:53.0271 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/10 08:28:53.0628 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/10 08:28:53.0829 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/10 08:28:54.0241 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/10 08:28:54.0570 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/10 08:28:55.0239 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/10 08:28:55.0537 4052 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/09/10 08:28:55.0819 4052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/10 08:28:56.0077 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/10 08:28:57.0194 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/10 08:28:57.0875 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/10 08:28:58.0140 4052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/09/10 08:28:58.0367 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/10 08:28:58.0585 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/10 08:28:58.0875 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/10 08:28:59.0118 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/10 08:28:59.0413 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/09/10 08:28:59.0738 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/10 08:28:59.0965 4052 HssDrv (80b0c0d39178e80905e30fa92c0f6d43) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/09/10 08:29:00.0823 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/10 08:29:01.0116 4052 huawei_cdcecm (4919c5492dca2cca36d6b8902713c8d0) C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
2011/09/10 08:29:01.0366 4052 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/09/10 08:29:01.0583 4052 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/09/10 08:29:02.0381 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/10 08:29:02.0684 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/09/10 08:29:02.0932 4052 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/10 08:29:03.0224 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/10 08:29:03.0717 4052 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/10 08:29:04.0734 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/10 08:29:05.0101 4052 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/10 08:29:05.0687 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/10 08:29:06.0414 4052 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
2011/09/10 08:29:06.0941 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/10 08:29:07.0165 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/10 08:29:07.0389 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/10 08:29:07.0768 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/10 08:29:08.0090 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/10 08:29:08.0278 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/10 08:29:08.0496 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/10 08:29:08.0707 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/09/10 08:29:08.0856 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/09/10 08:29:09.0056 4052 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/10 08:29:09.0228 4052 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/10 08:29:09.0390 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/10 08:29:09.0660 4052 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/09/10 08:29:10.0040 4052 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/09/10 08:29:10.0357 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/10 08:29:10.0688 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/10 08:29:10.0942 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/10 08:29:11.0183 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/10 08:29:11.0471 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/10 08:29:11.0866 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/10 08:29:12.0655 4052 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/09/10 08:29:13.0056 4052 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/09/10 08:29:13.0418 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/10 08:29:14.0063 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/10 08:29:15.0230 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/10 08:29:15.0466 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/10 08:29:15.0715 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/09/10 08:29:15.0917 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/10 08:29:16.0112 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/10 08:29:16.0563 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/10 08:29:16.0856 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/10 08:29:17.0246 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/10 08:29:17.0569 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/10 08:29:17.0962 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/10 08:29:18.0302 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/10 08:29:18.0597 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/10 08:29:19.0277 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/10 08:29:19.0853 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/10 08:29:20.0191 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/10 08:29:20.0380 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/10 08:29:21.0000 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/10 08:29:21.0258 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/10 08:29:21.0489 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/10 08:29:21.0864 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/10 08:29:22.0179 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/09/10 08:29:22.0484 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/10 08:29:23.0311 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/10 08:29:23.0639 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/10 08:29:23.0908 4052 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/09/10 08:29:24.0186 4052 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/09/10 08:29:24.0425 4052 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/09/10 08:29:24.0702 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/10 08:29:25.0107 4052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/10 08:29:25.0456 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/10 08:29:25.0736 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/10 08:29:25.0935 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/10 08:29:26.0102 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/10 08:29:26.0332 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/10 08:29:26.0797 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/10 08:29:27.0052 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/10 08:29:27.0462 4052 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/09/10 08:29:27.0964 4052 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/09/10 08:29:28.0997 4052 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/09/10 08:29:29.0687 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/10 08:29:30.0323 4052 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/09/10 08:29:30.0809 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/10 08:29:31.0265 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/10 08:29:31.0591 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/10 08:29:33.0100 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/10 08:29:33.0482 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/10 08:29:33.0894 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/10 08:29:34.0363 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/10 08:29:34.0822 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/10 08:29:36.0146 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/10 08:29:37.0376 4052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/10 08:29:38.0015 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/10 08:29:38.0717 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/10 08:29:39.0054 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/10 08:29:39.0346 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/10 08:29:39.0677 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/10 08:29:40.0357 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/10 08:29:41.0029 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/10 08:29:52.0084 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/10 08:29:52.0330 4052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/10 08:29:52.0705 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/10 08:29:52.0945 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/10 08:29:53.0146 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/10 08:29:53.0385 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/10 08:29:53.0642 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/10 08:29:54.0306 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/10 08:29:54.0764 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/10 08:29:54.0955 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/10 08:29:55.0177 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/10 08:29:55.0810 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/10 08:29:56.0291 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/10 08:29:56.0559 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/10 08:29:56.0742 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/10 08:29:56.0903 4052 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/10 08:29:57.0180 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/10 08:29:57.0473 4052 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/10 08:29:57.0754 4052 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/10 08:29:58.0058 4052 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/09/10 08:29:58.0375 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/10 08:29:58.0617 4052 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/10 08:29:58.0945 4052 RT73 (3b5809e9d3b8995fb65a82cb92745072) C:\Windows\system32\DRIVERS\Dr71WU.sys
2011/09/10 08:29:59.0679 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/10 08:29:59.0960 4052 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/09/10 08:30:00.0204 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/10 08:30:01.0204 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/10 08:30:01.0488 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/10 08:30:01.0768 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/10 08:30:02.0364 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/10 08:30:02.0703 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/10 08:30:02.0920 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/10 08:30:03.0141 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/10 08:30:03.0336 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/10 08:30:03.0596 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/10 08:30:03.0884 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/10 08:30:04.0200 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/10 08:30:04.0527 4052 SNP2UVC (a415c67b40dfb903accc1d40fbee3269) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/09/10 08:30:04.0914 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/10 08:30:05.0259 4052 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/09/10 08:30:05.0259 4052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/09/10 08:30:05.0281 4052 sptd - detected LockedFile.Multi.Generic (1)
2011/09/10 08:30:05.0503 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/10 08:30:05.0818 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/10 08:30:06.0043 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/10 08:30:06.0267 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/10 08:30:06.0538 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/09/10 08:30:06.0864 4052 SynTP (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/10 08:30:07.0161 4052 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
2011/09/10 08:30:07.0506 4052 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/09/10 08:30:07.0803 4052 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/10 08:30:08.0293 4052 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/10 08:30:08.0542 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/10 08:30:08.0792 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/10 08:30:09.0009 4052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/10 08:30:09.0248 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/10 08:30:09.0465 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/09/10 08:30:09.0826 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/10 08:30:10.0019 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/10 08:30:10.0387 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/10 08:30:10.0661 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/10 08:30:10.0890 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/10 08:30:11.0136 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/10 08:30:11.0393 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/09/10 08:30:11.0663 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/10 08:30:11.0950 4052 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/09/10 08:30:12.0203 4052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/10 08:30:12.0592 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/10 08:30:12.0760 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/10 08:30:12.0985 4052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/10 08:30:13.0227 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/09/10 08:30:13.0462 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/10 08:30:13.0762 4052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/10 08:30:13.0929 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/10 08:30:14.0113 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/10 08:30:14.0340 4052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/10 08:30:14.0642 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/10 08:30:14.0976 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/10 08:30:15.0150 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/10 08:30:15.0377 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/10 08:30:15.0612 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/10 08:30:15.0823 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/10 08:30:16.0295 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/10 08:30:16.0480 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/10 08:30:16.0796 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/10 08:30:17.0074 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/10 08:30:17.0336 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/10 08:30:17.0534 4052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/10 08:30:17.0818 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/10 08:30:18.0022 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/10 08:30:18.0121 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/10 08:30:18.0385 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/10 08:30:18.0598 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/10 08:30:18.0927 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/10 08:30:19.0174 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/10 08:30:19.0538 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/09/10 08:30:19.0830 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/10 08:30:20.0191 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/10 08:30:20.0492 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/10 08:30:20.0763 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/10 08:30:21.0120 4052 ZTEusbmdm6k (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/09/10 08:30:21.0377 4052 ZTEusbnmea (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/09/10 08:30:21.0615 4052 ZTEusbser6k (0835c10fdb25daf7bcaaf138423826f3) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/09/10 08:30:21.0885 4052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/10 08:30:21.0922 4052 Boot (0x1200) (aae757f9982a2b1883f7b896b55898c5) \Device\Harddisk0\DR0\Partition0
2011/09/10 08:30:22.0045 4052 Boot (0x1200) (11fcf77a610fc58c908ecbeab5b24eba) \Device\Harddisk0\DR0\Partition1
2011/09/10 08:30:22.0106 4052 Boot (0x1200) (615cb1e6851d6b163caa67276dda49cd) \Device\Harddisk0\DR0\Partition2
2011/09/10 08:30:22.0122 4052 ================================================================================
2011/09/10 08:30:22.0122 4052 Scan finished
2011/09/10 08:30:22.0122 4052 ================================================================================
2011/09/10 08:30:22.0160 2068 Detected object count: 1
2011/09/10 08:30:22.0160 2068 Actual detected object count: 1
2011/09/10 08:31:05.0604 2068 LockedFile.Multi.Generic(sptd) - User select action: Skip

 

[Broni]

How is computer doing?

As for MBAM...
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

===========================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[EHNN]

my MBAM is now okay sir..

OTL log


OTL logfile created on: 09/11/2011 06:21:03 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\acer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000464 | Country: Philippines | Language: FPO | Date Format: MM/dd/yyyy

1.93 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 50.05% Memory free
4.86 Gb Paging File | 3.12 Gb Available in Paging File | 64.22% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.46 Gb Total Space | 123.98 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
Drive D: | 226.51 Gb Total Space | 114.89 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NECCO | User Name: NECCO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/11 06:19:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Downloads\OTL.exe
PRC - [2011/09/05 18:00:46 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2011/08/06 19:13:52 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
PRC - [2011/08/06 19:13:34 | 000,218,624 | ---- | M] () -- C:\ProgramData\Globe Tattoo Broadband\OnlineUpdate\ouc.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/02 02:40:30 | 000,122,184 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
PRC - [2011/07/02 02:37:24 | 000,298,824 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
PRC - [2011/07/02 02:36:48 | 000,609,096 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpn.exe
PRC - [2011/06/23 06:12:18 | 000,873,800 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\FBW.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
PRC - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
PRC - [2011/03/10 06:17:16 | 000,892,992 | ---- | M] (Connectify) -- C:\Program Files (x86)\Connectify\Connectifyd.exe
PRC - [2011/01/28 06:23:59 | 001,239,040 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
PRC - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/11/16 21:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 07:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 21:01:32 | 000,743,424 | ---- | M] () -- C:\Time Lock\timelockfw.exe
PRC - [2009/11/02 07:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () -- C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe
PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/25 02:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/06 19:13:52 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Globe Tattoo Broadband.exe
MOD - [2011/08/06 19:13:40 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\XFramePlugin.dll
MOD - [2011/08/06 19:13:40 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\XCodec.dll
MOD - [2011/08/06 19:13:40 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\USSDSrvPlugin.dll
MOD - [2011/08/06 19:13:40 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Win7Support.dll
MOD - [2011/08/06 19:13:39 | 000,808,960 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SMSUIPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SmsAppPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,315,904 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\StatusBarMgrPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,246,784 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\ToolBarMgrPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\SmsSrvPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\STKSrvPlugin.dll
MOD - [2011/08/06 19:13:39 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Trace.dll
MOD - [2011/08/06 19:13:38 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtGui4.dll
MOD - [2011/08/06 19:13:38 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtCore4.dll
MOD - [2011/08/06 19:13:38 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\QtNetwork4.dll
MOD - [2011/08/06 19:13:38 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\PluginContainer.dll
MOD - [2011/08/06 19:13:38 | 000,381,952 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Proxy.dll
MOD - [2011/08/06 19:13:38 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qtiff4.dll
MOD - [2011/08/06 19:13:38 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qmng4.dll
MOD - [2011/08/06 19:13:38 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\sdk.dll
MOD - [2011/08/06 19:13:38 | 000,235,008 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetSrvPlugin.dll
MOD - [2011/08/06 19:13:38 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qjpeg4.dll
MOD - [2011/08/06 19:13:38 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSDialup.dll
MOD - [2011/08/06 19:13:38 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSNDIS.dll
MOD - [2011/08/06 19:13:38 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSAdapt.dll
MOD - [2011/08/06 19:13:38 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NotifyServicePlugin.dll
MOD - [2011/08/06 19:13:38 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qgif4.dll
MOD - [2011/08/06 19:13:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\plugins\imageformats\qico4.dll
MOD - [2011/08/06 19:13:38 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSPowerMgr.dll
MOD - [2011/08/06 19:13:38 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\OSCall.dll
MOD - [2011/08/06 19:13:37 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NDISAPI.dll
MOD - [2011/08/06 19:13:37 | 000,483,328 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoUIExPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,333,312 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetConnectPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoSrvPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\MenuMgrPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,250,880 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetInfoRecordUIPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,239,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\LiveUpdateInterface.dll
MOD - [2011/08/06 19:13:37 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NDISPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\NetConnectSrvPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\LayoutPlugin.dll
MOD - [2011/08/06 19:13:37 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\libgcc_s_dw2-1.dll
MOD - [2011/08/06 19:13:37 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\mingwm10.dll
MOD - [2011/08/06 19:13:36 | 000,495,104 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceMgrUIPlugin.dll
MOD - [2011/08/06 19:13:36 | 000,428,032 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DialupUIPlugin.dll
MOD - [2011/08/06 19:13:36 | 000,428,032 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\core.dll
MOD - [2011/08/06 19:13:36 | 000,338,432 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceAppPlugin.dll
MOD - [2011/08/06 19:13:36 | 000,301,056 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DeviceSrvPlugin.dll
MOD - [2011/08/06 19:13:36 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\Common.dll
MOD - [2011/08/06 19:13:36 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DialUpPlugin.dll
MOD - [2011/08/06 19:13:36 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\DataServicePlugin.dll
MOD - [2011/08/06 19:13:35 | 000,739,328 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookUIPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,645,120 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallUIPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,550,400 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallAppPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallLogSrvPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,406,528 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallLogUIPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookSrvPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AtCodec.dll
MOD - [2011/08/06 19:13:35 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\CallSrvPlugin.dll
MOD - [2011/08/06 19:13:35 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\ATR2SMgr.dll
MOD - [2011/08/06 19:13:34 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\Globe Tattoo Broadband\AddrBookPlugin.dll
MOD - [2011/07/02 02:40:30 | 000,122,184 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
MOD - [2011/07/02 02:40:00 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll
MOD - [2011/06/23 06:12:18 | 000,873,800 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\FBW.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/20 16:35:38 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/26 11:56:10 | 000,782,880 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 07:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/09/09 15:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/04 15:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/06 19:13:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Globe Tattoo Broadband\UpdateDog\ouc.exe -- (Globe Tattoo Broadband. RunOuc)
SRV - [2011/08/06 06:51:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/20 16:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/02 02:40:38 | 000,058,013 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe -- (ExpatTrayService)
SRV - [2011/07/02 02:37:24 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2011/07/01 17:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 08:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2011/05/25 07:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2011/03/10 06:17:16 | 000,892,992 | ---- | M] (Connectify) [Auto | Running] -- C:\Program Files (x86)\Connectify\Connectifyd.exe -- (Connectify)
SRV - [2011/01/28 02:12:42 | 000,539,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/01/12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/11/20 20:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 20:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/26 01:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/13 21:01:32 | 000,743,424 | ---- | M] () [Auto | Running] -- C:\Time Lock\timelockfw.exe -- (stimelock)
SRV - [2009/10/11 01:16:06 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)
SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 02:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/26 12:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2011/08/06 19:13:41 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2011/08/06 19:13:41 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/08/06 19:13:41 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/08/06 19:13:41 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2011/08/06 19:13:40 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/01 17:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/05/25 07:40:10 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011/05/25 07:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/12 13:19:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 02:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfyMP)
DRV:64bit: - [2011/03/08 02:20:14 | 000,034,880 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\connctfy.sys -- (connctfy)
DRV:64bit: - [2011/01/12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/12/21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/29 23:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/18 17:21:31 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/26 07:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/26 07:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/26 07:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/26 07:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/26 07:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/26 01:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/04/21 15:47:48 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/16 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/09/16 04:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) 用於 Windows 7 64 Bit 的 Intel(R)
DRV:64bit: - [2009/09/09 16:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/09 16:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/09/09 15:05:12 | 000,142,848 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/09/09 13:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/09 13:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/18 00:52:02 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 10:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 04:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/11 04:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 10:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 10:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 10:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/05 15:03:06 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/05/05 15:02:34 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/05/05 15:01:48 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/01/16 10:18:12 | 000,610,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dr71WU.sys -- (RT73)
DRV:64bit: - [2007/08/07 08:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2007/07/05 02:58:36 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxu6.sys -- (athrusb6)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_4810t&r=273607101706l04g8z1j5t4671b347
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\acer\Desktop\Downloads
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 00 7A 71 F5 55 CC 01 [binary data]
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://fb.me/"
FF - prefs.js..extensions.enabledItems: DefaultManager@Microsoft:2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.backup.ftp: "10.201.42.146"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "10.201.42.146"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "10.201.42.146"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "10.201.60.241"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.201.60.241"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "10.201.60.241"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer3.10.04: C:\Users\acer\AppData\Roaming\Kalydo\KalydoPlayer\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 07:54:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/07/31 21:08:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 03:07:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/22 14:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/07/14 07:55:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/14 07:54:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\acer\AppData\Roaming\IDM\idmmzcc5

[2010/09/12 02:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2010/09/12 02:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/09/01 06:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions
[2011/09/01 06:30:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/01 06:30:25 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\DefaultManager@Microsoft
[2011/09/01 06:28:31 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\l1klormg.default\extensions\support@predictad.com
[2011/03/19 06:38:07 | 000,001,018 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\l1klormg.default\searchplugins\facebook.xml
[2011/09/01 08:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/01 08:36:29 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L1KLORMG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/08 15:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/26 11:00:33 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/05 14:46:44 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011/09/09 11:35:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Public Files\Program Files\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [Facebook Update] C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/01 06:30:25 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

 

[EHNN]

O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.203.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DF5E1FA-3943-4034-ABAD-16866D6A1FDD}: DhcpNameServer = 10.203.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A7D8241-19A5-4FE2-B26E-F93BEC902BA1}: NameServer = 202.126.40.5 222.127.143.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E765B085-F525-4AA0-9320-BF430A12C1E9}: NameServer = 202.126.40.5 222.127.143.5
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/16 08:11:12 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/07/16 08:11:18 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/11/17 05:37:37 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/12/21 09:42:30 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Zen of Sudoku
[2011/09/10 13:33:05 | 000,000,000 | ---D | C] -- C:\New folder
[2011/09/10 12:45:45 | 000,118,784 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys
[2011/09/10 12:45:44 | 000,118,784 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys
[2011/09/09 14:59:59 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\compile
[2011/09/09 11:36:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/08 16:16:02 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\pcsp v0.5.2
[2011/09/08 09:43:50 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\games
[2011/09/08 06:36:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/08 06:36:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/08 06:36:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/08 06:36:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/08 06:36:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/08 06:06:15 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\techspot
[2011/09/07 11:30:37 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\psp
[2011/09/07 10:57:14 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\TS3Client
[2011/09/07 10:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/09/07 10:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011/09/06 13:56:04 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\LogInExample
[2011/09/06 13:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\InterAction studios
[2011/09/06 13:26:34 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\Chicken Invaders 4 - Ultimate Omelette
[2011/09/06 11:06:20 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\test
[2011/09/06 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Connectify
[2011/09/06 11:03:03 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify
[2011/09/05 13:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/05 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/05 06:03:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/02 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\raffle
[2011/09/02 09:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2011/09/02 09:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLyog Community
[2011/09/01 09:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/09/01 08:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
[2011/09/01 08:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Expat Shield
[2011/08/31 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
[2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\PACE Anti-Piracy
[2011/08/31 05:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/08/29 18:50:01 | 000,000,000 | ---D | C] -- C:\ICC_Backup
[2011/08/28 15:38:19 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Facebook
[2011/08/28 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\MozillaControl
[2011/08/28 00:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\'Full Speed' Internet Booster + Performance Tests
[2011/08/27 19:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Connection Counter
[2011/08/26 12:17:46 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2011/08/26 11:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/08/26 11:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/08/26 11:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/08/26 11:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
[2011/08/26 11:00:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Babylon
[2011/08/26 11:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/08/26 11:00:21 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Babylon
[2011/08/26 10:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Downloads
[2011/08/25 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/08/24 06:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi
[2011/08/24 06:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommViewWiFi
[2011/08/24 06:34:25 | 000,000,000 | ---D | C] -- C:\aircrack
[2011/08/22 20:04:26 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\ae
[2011/08/22 02:50:28 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\VPN
[2011/08/22 02:22:10 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/21 22:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/08/21 22:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/08/21 22:56:19 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2011/08/21 22:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2011/08/21 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
[2011/08/21 19:07:08 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2011/08/21 13:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011/08/20 22:11:16 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\Poker Superstars II Documents
[2011/08/20 11:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sun Broadband Wireless
[2011/08/20 11:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun Broadband Wireless
[2011/08/20 07:34:45 | 000,000,000 | ---D | C] -- C:\Users\acer\Documents\My Cheat Tables
[2011/08/20 07:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6
[2011/08/18 12:13:20 | 000,000,000 | ---D | C] -- C:\Users\acer\Desktop\My Music
[2011/08/13 01:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010/06/04 09:00:03 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/11 06:26:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/11 05:02:29 | 001,209,110 | ---- | M] () -- C:\Users\acer\Desktop\vision.rar
[2011/09/10 21:24:59 | 001,517,364 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/10 21:24:59 | 000,738,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/10 21:24:59 | 000,481,560 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/09/10 21:24:59 | 000,151,844 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/09/10 21:24:59 | 000,151,844 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/10 21:13:20 | 000,022,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 21:13:20 | 000,022,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/10 18:26:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 18:07:12 | 000,000,216 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/09/10 18:07:11 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2011/09/10 18:06:27 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2011/09/10 18:01:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/10 18:01:10 | 1556,180,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 12:39:13 | 525,806,555 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/10 12:27:35 | 000,001,098 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/09 11:35:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/08 07:55:56 | 000,000,086 | ---- | M] () -- C:\Windows\SysNative\RegRuns00-X64
[2011/09/08 07:55:54 | 000,002,053 | ---- | M] () -- C:\Windows\SysNative\mSIOI00-X64
[2011/09/08 07:55:53 | 000,004,098 | ---- | M] () -- C:\Windows\SysNative\ToolB-01-X64
[2011/09/08 07:55:50 | 000,000,153 | ---- | M] () -- C:\Windows\SysNative\ToolB-00-X64
[2011/09/07 11:47:15 | 000,000,000 | ---- | M] () -- C:\Users\acer\Documents\dbact.sql
[2011/09/07 10:39:43 | 000,000,702 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/09/07 05:56:19 | 000,001,096 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/09/06 09:42:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
[2011/09/06 09:06:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
[2011/09/05 20:12:36 | 000,000,193 | ---- | M] () -- C:\Windows\popcinfo.dat
[2011/09/05 18:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
[2011/09/04 07:05:00 | 000,000,000 | ---- | M] () -- C:\Users\acer\AppData\Local\{7E3364A0-F95B-4240-B4D1-5810D05E6AA0}
[2011/09/02 21:35:34 | 000,000,600 | ---- | M] () -- C:\Users\acer\PUTTY.RND
[2011/09/02 09:23:14 | 000,458,752 | ---- | M] () -- C:\Users\acer\Documents\Database3.mdb
[2011/09/02 09:04:58 | 000,001,087 | ---- | M] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\SQLyog Community.lnk
[2011/09/01 08:23:08 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/09/01 06:40:54 | 000,000,911 | ---- | M] () -- C:\Users\acer\Desktop\School.lnk
[2011/09/01 05:34:15 | 000,560,982 | ---- | M] () -- C:\Users\acer\Documents\SysInspector-NECCO-110901-0526.zip
[2011/08/31 19:06:05 | 000,000,000 | ---- | M] () -- C:\Users\acer\AppData\Local\{3D26E813-51FD-4FBE-B664-EA957DB584D1}
[2011/08/27 15:15:37 | 000,054,327 | ---- | M] () -- C:\Users\acer\Documents\Level 0 revise.graphml
[2011/08/27 14:22:22 | 000,021,245 | ---- | M] () -- C:\Users\acer\Documents\Level 1 Returned MOdule revised.graphml
[2011/08/27 14:19:54 | 000,027,586 | ---- | M] () -- C:\Users\acer\Documents\leve 1 Borrow Module.graphml
[2011/08/26 12:17:46 | 000,009,216 | ---- | M] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\massfilter.sys
[2011/08/26 10:44:57 | 000,016,494 | ---- | M] () -- C:\Users\acer\Documents\Level 1 Update Module revised.graphml
[2011/08/25 13:08:05 | 005,268,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/25 09:46:21 | 001,516,080 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/23 02:18:07 | 030,519,015 | ---- | M] () -- C:\Users\acer\Documents\20questions.wma
[2011/08/23 01:29:54 | 001,971,595 | ---- | M] () -- C:\Users\acer\Documents\Untitled (2).wma
[2011/08/23 01:26:07 | 000,040,895 | ---- | M] () -- C:\Users\acer\Documents\Untitled.wma
[2011/08/21 23:14:14 | 000,237,568 | ---- | M] () -- C:\Users\acer\Documents\db2.mdb
[2011/08/21 23:13:36 | 000,352,256 | ---- | M] () -- C:\Users\acer\Documents\db21.mdb
[2011/08/21 23:13:10 | 000,397,312 | ---- | M] () -- C:\Users\acer\Documents\Database2.accdb
[2011/08/21 23:07:04 | 000,569,344 | ---- | M] () -- C:\Users\acer\Documents\Database1.accdb
[2011/08/21 19:06:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
[2011/08/21 14:46:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/08/21 14:44:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_09_00.Wdf
[2011/08/21 14:40:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/08/21 14:32:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_hwgpssensor_01_09_00.Wdf
[2011/08/19 21:19:51 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/08/18 12:36:44 | 000,032,610 | ---- | M] () -- C:\Users\acer\DURAN, Necco.jpg
[2011/08/13 08:35:25 | 000,401,934 | ---- | M] () -- C:\Users\acer\Documents\Image (2).rtf
[1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 05:02:28 | 001,209,110 | ---- | C] () -- C:\Users\acer\Desktop\vision.rar
[2011/09/10 12:27:35 | 000,001,098 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/08 07:55:55 | 000,000,086 | ---- | C] () -- C:\Windows\SysNative\RegRuns00-X64
[2011/09/08 07:55:54 | 000,002,053 | ---- | C] () -- C:\Windows\SysNative\mSIOI00-X64
[2011/09/08 07:55:53 | 000,004,098 | ---- | C] () -- C:\Windows\SysNative\ToolB-01-X64
[2011/09/08 07:55:50 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\ToolB-00-X64
[2011/09/08 06:36:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/08 06:36:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/08 06:36:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/08 06:36:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/08 06:36:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/07 11:47:14 | 000,000,000 | ---- | C] () -- C:\Users\acer\Documents\dbact.sql
[2011/09/07 08:34:23 | 525,806,555 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/07 05:56:19 | 000,001,096 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/09/05 18:01:10 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
[2011/09/05 18:01:07 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
[2011/09/04 07:05:00 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Local\{7E3364A0-F95B-4240-B4D1-5810D05E6AA0}
[2011/09/02 09:04:58 | 000,001,087 | ---- | C] () -- C:\Users\acer\Application Data\Microsoft\Internet Explorer\Quick Launch\SQLyog Community.lnk
[2011/09/02 08:25:43 | 000,458,752 | ---- | C] () -- C:\Users\acer\Documents\Database3.mdb
[2011/09/01 06:40:54 | 000,000,911 | ---- | C] () -- C:\Users\acer\Desktop\School.lnk
[2011/09/01 05:34:14 | 000,560,982 | ---- | C] () -- C:\Users\acer\Documents\SysInspector-NECCO-110901-0526.zip
[2011/08/31 19:05:25 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Local\{3D26E813-51FD-4FBE-B664-EA957DB584D1}
[2011/08/27 14:22:21 | 000,021,245 | ---- | C] () -- C:\Users\acer\Documents\Level 1 Returned MOdule revised.graphml
[2011/08/27 14:19:19 | 000,027,586 | ---- | C] () -- C:\Users\acer\Documents\leve 1 Borrow Module.graphml
[2011/08/23 02:18:06 | 030,519,015 | ---- | C] () -- C:\Users\acer\Documents\20questions.wma
[2011/08/23 01:29:53 | 001,971,595 | ---- | C] () -- C:\Users\acer\Documents\Untitled (2).wma
[2011/08/23 01:26:04 | 000,040,895 | ---- | C] () -- C:\Users\acer\Documents\Untitled.wma
[2011/08/22 14:02:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/21 19:06:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/08/21 14:46:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/08/21 14:44:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_09_00.Wdf
[2011/08/21 14:40:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2011/08/21 14:32:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_hwgpssensor_01_09_00.Wdf
[2011/08/21 12:09:50 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/08/19 21:19:51 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/08/18 12:36:42 | 000,032,610 | ---- | C] () -- C:\Users\acer\DURAN, Necco.jpg
[2011/08/13 08:35:12 | 000,401,934 | ---- | C] () -- C:\Users\acer\Documents\Image (2).rtf
[2011/08/06 19:56:17 | 000,000,111 | ---- | C] () -- C:\Windows\SysWow64\sysinter.drv
[2011/08/04 06:56:44 | 000,000,193 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/07/27 16:01:45 | 000,011,875 | ---- | C] () -- C:\Windows\UN091114.INI
[2011/07/24 12:38:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/22 09:53:27 | 000,000,132 | ---- | C] () -- C:\Users\acer\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/16 19:04:31 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/07/15 06:54:36 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Roaming\debuggee.mdmp
[2011/07/15 06:07:04 | 000,000,702 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/15 06:07:04 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/27 20:57:30 | 000,000,132 | ---- | C] () -- C:\Users\acer\AppData\Roaming\Adobe AIFF Format CS5 Prefs
[2011/04/01 17:03:20 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2011/03/16 21:24:40 | 000,000,000 | ---- | C] () -- C:\Users\acer\AppData\Roaming\wklnhst.dat
[2011/03/11 22:51:44 | 000,151,040 | ---- | C] () -- C:\Windows\SysWow64\wimadll.dll
[2011/03/04 01:13:55 | 000,031,831 | ---- | C] () -- C:\Users\acer\AppData\Roaming\UserTile.png
[2011/03/01 06:28:20 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2011/03/01 06:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2011/03/01 06:28:20 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2011/02/16 22:22:57 | 000,007,600 | ---- | C] () -- C:\Users\acer\AppData\Local\resmon.resmoncfg
[2010/10/09 20:14:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/10/09 20:14:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/10/09 20:14:45 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/09 20:14:45 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/09 20:14:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/30 21:52:26 | 000,204,498 | ---- | C] () -- C:\Windows\hpwins26.dat
[2010/09/11 16:23:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/02 19:34:42 | 000,013,312 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/23 16:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/21 09:32:49 | 001,516,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/06/26 01:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/05 00:29:34 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/06/05 00:29:34 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/06/05 00:29:34 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/05 00:29:33 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/06/05 00:29:33 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/05 00:28:19 | 000,001,787 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/06/04 09:22:50 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/06/04 09:00:03 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/06/04 09:00:03 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/06/04 09:00:03 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/06/04 09:00:03 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/06/04 09:00:03 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/06/04 08:56:56 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/06/04 08:53:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/14 07:39:43 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/14 07:39:43 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/14 07:39:43 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/08/18 14:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/20 23:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\myodbc3i.exe
[2008/11/20 23:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\myodbc3m.exe
[2006/11/07 22:03:36 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\REWCACHE.DAT
[2006/05/19 19:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\REGTLIB.EXE
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL

========== LOP Check ==========

[2011/04/04 21:27:30 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Artogon
[2011/08/26 11:00:21 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Babylon
[2011/03/03 03:53:47 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Big Fish Games
[2011/02/18 10:05:41 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitComet
[2011/09/01 06:20:17 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitDefender
[2011/03/10 08:31:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Blue Tea Games
[2011/07/17 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Bullzip
[2011/08/01 20:21:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/23 15:46:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/23 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\CometNetwork
[2010/10/11 01:25:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\CometPlayer
[2011/03/12 14:00:07 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DAEMON Tools Lite
[2011/09/07 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DMCache
[2011/03/13 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DriverCure
[2011/03/13 05:30:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Dropbox
[2010/09/13 14:49:12 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/18 14:36:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ESET
[2011/02/16 18:19:44 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\eSobi
[2011/02/17 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\fizzy
[2011/09/01 06:20:18 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FlashGet
[2011/03/26 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\GetRightToGo
[2011/09/01 06:30:23 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Hide IP NG
[2010/10/11 14:54:56 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\iLike
[2010/09/22 12:23:34 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\IMVUClient
[2011/03/03 07:01:12 | 000,000,000 | RHSD | M] -- C:\Users\acer\AppData\Roaming\install
[2011/03/08 02:46:58 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\JCreator
[2011/09/01 06:20:19 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Kalydo
[2011/02/27 21:22:28 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\LolClient
[2011/02/27 05:55:32 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\MysteriousCaseOfJekyllAndHyde
[2011/09/01 06:20:38 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Opera
[2011/08/31 05:52:34 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PACE Anti-Piracy
[2011/03/13 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ParetoLogic
[2010/11/06 18:41:12 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PlayFirst
[2011/03/13 23:36:49 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\QuickScan
[2011/08/12 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Rovio
[2011/09/01 06:30:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Softouch
[2011/09/07 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\SQLyog
[2011/07/09 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/01 06:20:39 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Synaptics
[2011/03/16 21:25:46 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Template
[2011/09/01 06:20:39 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Thinstall
[2010/12/26 00:15:05 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TigerPlayer
[2011/09/01 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Transcend
[2011/09/07 11:02:10 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TS3Client
[2011/09/01 06:21:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\TuneUp Software
[2011/02/16 14:33:36 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\USBSafelyRemove
[2011/09/05 06:00:32 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\uTorrent
[2011/08/04 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WildTangent
[2011/08/06 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\yWorks
[2011/09/10 17:06:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Zen of Sudoku
[2011/02/28 09:39:35 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Zentimo
[2011/09/01 06:21:08 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ZIP RAR ACE Password Recovery
[2011/07/14 08:24:02 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\ESET
[2011/08/04 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\funkitron
[2011/07/14 07:56:17 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Kalydo
[2011/08/04 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Rovio
[2011/07/14 07:56:17 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\SQLyog
[2011/07/30 16:54:24 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/26 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Synaptics
[2011/07/14 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\TuneUp Software
[2011/07/14 08:23:56 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\USBSafelyRemove
[2011/08/04 18:40:35 | 000,000,000 | ---D | M] -- C:\Users\DURAN\AppData\Roaming\Zen of Sudoku
[2011/08/30 01:28:04 | 000,000,000 | ---D | M] -- C:\Users\EHNN\AppData\Roaming\ESET
[2011/08/30 01:28:02 | 000,000,000 | ---D | M] -- C:\Users\EHNN\AppData\Roaming\Synaptics
[2011/09/10 18:07:12 | 000,000,216 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/09/10 18:07:11 | 000,000,218 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2011/09/05 18:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000Core.job
[2011/09/06 09:06:00 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915824604-787655904-4174257227-1000UA.job
[2011/08/26 13:52:24 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/08/19 21:19:51 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/28 04:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/09/09 13:15:47 | 000,041,435 | ---- | M] () -- C:\ComboFix.txt
[2011/09/10 18:01:10 | 1556,180,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/10 18:01:20 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2010/04/20 23:34:44 | 000,021,629 | RHS- | M] () -- C:\Patch.rev
[2010/07/10 17:40:46 | 000,000,216 | RHS- | M] () -- C:\Preload.rev
[2011/09/10 08:37:10 | 000,151,106 | ---- | M] () -- C:\TDSSKiller.2.5.20.0_10.09.2011_08.28.07_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 13:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 13:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 04:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/03/04 22:23:38 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/09 01:26:20 | 000,000,221 | -HS- | M] () -- C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/19 19:53:02 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/09/02 10:49:03 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/09/02 10:49:03 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/06/04 08:50:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/06/04 08:50:38 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/09/02 10:49:03 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/08/09 10:36:33 | 000,000,402 | -HS- | M] () -- C:\Users\acer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Acer Crystal Eye webcam.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2011/03/15 12:20:12 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/03/15 12:18:33 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2010/07/10 17:40:36 | 000,000,000 | -HSD | M](C:\Users\acer\[??] ???) -- C:\Users\acer\[開始] 功能表
[2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
[2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
[2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
[2010/07/10 17:38:43 | 000,000,000 | -HSD | M](C:\ProgramData\??) -- C:\ProgramData\桌面
(C:\Users\acer\[??] ???) -- C:\Users\acer\[開始] 功能表
(C:\ProgramData\[??] ???) -- C:\ProgramData\[開始] 功能表
(C:\ProgramData\??) -- C:\ProgramData\桌面

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0207454C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B0456F0C
@Alternate Data Stream - 1236 bytes -> C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp5AD7675

< End of report >

 

[EHNN]

Extra


OTL Extras logfile created on: 09/11/2011 06:21:03 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\acer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000464 | Country: Philippines | Language: FPO | Date Format: MM/dd/yyyy

1.93 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 50.05% Memory free
4.86 Gb Paging File | 3.12 Gb Available in Paging File | 64.22% Paging File free
Paging file location(s): c:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.46 Gb Total Space | 123.98 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
Drive D: | 226.51 Gb Total Space | 114.89 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
Drive E: | 32.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NECCO | User Name: NECCO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Public Files\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Public Files\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2CF025A4-321E-C776-B04C-3AC66DC50907}" = ATI AVIVO64 Codecs
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7B02BD23-7843-4481-5778-B20110993E0D}" = WMV9/VC-1 Video Playback
"{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E3ECAA6-4975-17E7-E443-960F8E3F9136}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90A1F0ED-BC6F-EBD4-2101-885AB084499C}" = ATI Catalyst Install Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0C690C8-F335-4BA4-A2AD-675EAD1DFA90}" = Microsoft SQL Server 2008 Setup Support Files
"{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
"{C3AF5BD8-30D5-41F5-AF61-705D98146B0F}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBA3236F-BE5E-4565-952D-31C36E721CD1}" = Windows 7 Manager
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Connectify" = Connectify
"DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09041881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Student with Encarta Premium 2009
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40928C54-F8EE-420D-BD80-07F2F78CFB0D}" = MySQL Connector/ODBC 3.51
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5A4FB792-D98F-409C-24B6-BD2A80D30E3A}" = Catalyst Control Center Graphics Previews Common
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{896C5024-AA39-12E8-D6C2-D818B7E3D58F}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFEE9BF-D99C-4FEB-7E33-EFBBE25A8ABC}" = Catalyst Control Center InstallProxy
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OMUI.zh-tw_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.zh-tw_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98245074-479E-4882-9D8B-66D6C4863FAE}" = MySQL Server 5.1
"{9A22BB09-8086-691D-F409-3AF74D9E3BF0}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B4D5767-98CE-D0F0-8156-4E3601826F3F}" = PX Profile Update
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DCB676D-64F8-43E0-9A11-295710F335DC}_is1" = 1.1.1.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ADEEF3E4-15A4-F286-38EE-675A8EF0212B}" = Catalyst Control Center InstallProxy
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6FB0C12-6429-4d4d-A30B-B680FB7C5F5A}" = Microsoft Works
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDCE4881-8336-4475-A8FD-349AE29C1DA4}_is1" = Welch's Project Reference 6.6.8
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"{Technology in the Class_8B2E6736-24F1-4272-B94D-A423E6DE8813}" = Technology in the Class for Learning Essentials
"3309-7404-0599-8908" = yEd Graph Editor 3.7.0.2
"Accurate Personality Test_is1" = Accurate Personality Test 1.0
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Audacity_is1" = Audacity 1.2.6
"BFG-Treasure Seekers - The Time Has Come Collector's Edition" = Treasure Seekers: The Time Has Come Collector's Edition
"BlueJ_is1" = BlueJ 3.0.4
"Bullzip MS Access to MySQL_is1" = Bullzip MS Access to MySQL 3.0.0.148
"Cain & Abel v4.9.42" = Cain & Abel v4.9.42
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CommView for WiFi" = CommView for WiFi
"Connection Keeper" = Connection Keeper
"Dark Parables-The Exiled Prince Collector's Edition1.0" = Dark Parables-The Exiled Prince Collector's Edition
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpatShield" = Expat Shield 2.06
"Garena" = Garena 2010
"Globe Tattoo Broadband" = Globe Tattoo Broadband
"HijackThis" = HijackThis 2.0.2
"im" = Garena Messenger
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"JCreator LE_is1" = JCreator LE 5.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"LE_CDK" =
"LManager" = Launch Manager
"LoLPH" = Garena - League of Legends PH
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"Mystery Case Files 13th Skull Collectors Edition 1.00" = Mystery Case Files 13th Skull Collectors Edition 1.00
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenVPN" = OpenVPN 2.2.1
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"SQLyog Community" = SQLyog Community 8.4 Beta1
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"USB Safely Remove_is1" = USB Safely Remove 4.5
"uTorrent" = µTorrent
"Visual Basic 6.0 Enterprise Edition" = Microsoft Visual Basic 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Imagicon" = Imagicon
"KalydoPlayer" = Kalydo Player 3.10.04

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

Good news

1.93 Gb Total Physical Memory

With your 64-bit system I'd suggest getting another 2GB of RAM.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
  FF - prefs.js..network.proxy.backup.ftp: "10.201.42.146"
  FF - prefs.js..network.proxy.backup.ftp_port: 80
  FF - prefs.js..network.proxy.backup.socks: "10.201.42.146"
  FF - prefs.js..network.proxy.backup.socks_port: 80
  FF - prefs.js..network.proxy.backup.ssl: "10.201.42.146"
  FF - prefs.js..network.proxy.backup.ssl_port: 80
  FF - prefs.js..network.proxy.ftp: "10.201.60.241"
  FF - prefs.js..network.proxy.ftp_port: 80
  FF - prefs.js..network.proxy.http_port: 80
  FF - prefs.js..network.proxy.no_proxies_on: ""
  FF - prefs.js..network.proxy.share_proxy_settings: true
  FF - prefs.js..network.proxy.socks: "10.201.60.241"
  FF - prefs.js..network.proxy.socks_port: 80
  FF - prefs.js..network.proxy.ssl: "10.201.60.241"
  FF - prefs.js..network.proxy.ssl_port: 80
  FF - prefs.js..network.proxy.type: 0
  FF - user.js..network.proxy.type: 0
  FF - user.js..network.proxy.http: ""
  FF - user.js..network.proxy.http_port:
  FF - user.js..network.proxy.no_proxies_on: ""
  FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKU\S-1-5-21-2915824604-787655904-4174257227-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
  O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
  O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
  O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
  O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
  O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
  O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
  [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
  @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:697DDE2B
  @Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:8E5EA40F
  @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2
  @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
  @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E36F5B57
  @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABE89FFE
  @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0207454C
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728
  @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0
  @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:B0456F0C
  @Alternate Data Stream - 1236 bytes -> C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ
  @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:D5AD7675
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[EHNN]

09122011_061818.log


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Prefs.js: "10.201.42.146" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "10.201.42.146" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "10.201.42.146" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "10.201.60.241" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "10.201.60.241" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "10.201.60.241" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\acer\AppData\Roaming\Mozilla\FireFox\Profiles\l1klormg.default\user.js moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2915824604-787655904-4174257227-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
C:\Users\acer\AppData\Local\BITF061.tmp deleted successfully.
ADS C:\ProgramData\Temp:697DDE2B deleted successfully.
ADS C:\ProgramData\Temp:8E5EA40F deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:0207454C deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:B0456F0C deleted successfully.
ADS C:\Users\acer\AppData\Local\Temp:hDR8O7GyPXCLHMY5K7YpAS81NPCQ deleted successfully.
ADS C:\ProgramData\Temp5AD7675 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2832074 bytes
->Java cache emptied: 493312 bytes
->FireFox cache emptied: 67974236 bytes
->Google Chrome cache emptied: 341543257 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 61639 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: DURAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 72363 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66808333 bytes
->Flash cache emptied: 1344 bytes

User: EHNN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1709866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 27525962 bytes

Total Files Cleaned = 485.00 mb


[EMPTYFLASH]

User: acer
->Flash cache emptied: 0 bytes

User: Default

User: DURAN
->Flash cache emptied: 0 bytes

User: EHNN

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09122011_061818

Files\Folders moved on Reboot...
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully.
C:\Users\acer\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

Registry entries deleted on Reboot...

 

[EHNN]

checkup.text


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java(TM) 6 Update 27
Java(TM) SE Development Kit 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader X (10.1.0)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Globe Tattoo Broadband OnlineUpdate ouc.exe
``````````End of Log````````````

 

[Broni]

What happened to ESET Smart Security?

Uninstall Java(TM) SE Development Kit 6 Update 21

 

[EHNN]

TFC.exe is not a valid Win32 application..
i try to troubleshoot this using troubleshoot compatibility but still can't..