Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware- type unknown, maybe related to rundll32.exe


  • Please log in to reply

#1
Lisheo

Lisheo

    New Member

  • Member
  • Pip
  • 7 posts
This happened previously to me. Essentially, my computer is detecting false usb devices that don't exist, and reinstall themselves whenever I uninstall them.
I couldn't find a solution, so I opened up task manager, and it detects rundll32.exe (two of them) running as processes whenever this happens.
MBAM doesn't detect any viruses, nor does AVG. Help, please, this is driving me insane.

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..

.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 7.0.6001.18000
Mozilla Firefox 3.0.11 (en-GB)
.
C:\ [Fixed-NTFS] .. ( Total:69 Go - Free:14 Go )
D:\ [Fixed-NTFS] .. ( Total:69 Go - Free:40 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 15:16.37
Path : C:\Users\Lisheo\Documents\Downloads\Rooter.exe
User : Lisheo ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (588)
Locked csrss.exe (656)
Locked wininit.exe (700)
Locked csrss.exe (712)
Locked services.exe (756)
Locked lsass.exe (768)
Locked lsm.exe (776)
Locked winlogon.exe (904)
Locked svchost.exe (1012)
Locked svchost.exe (1076)
Locked svchost.exe (1108)
Locked svchost.exe (1164)
Locked svchost.exe (1192)
Locked svchost.exe (1212)
Locked audiodg.exe (1376)
Locked SLsvc.exe (1412)
Locked svchost.exe (1440)
Locked svchost.exe (1600)
Locked spoolsv.exe (1796)
Locked svchost.exe (1824)
Locked agrsmsvc.exe (2008)
Locked avgwdsvc.exe (340)
Locked svchost.exe (392)
Locked Agentsvc.exe (388)
Locked CLHNService.exe (608)
Locked eDSService.exe (660)
Locked avgrsx.exe (872)
Locked avgnsx.exe (696)
Locked ETService.exe (1588)
Locked LSSrvc.exe (2264)
Locked MobilityService.exe (2316)
Locked BackupSvc.exe (2392)
Locked SchedulerSvc.exe (2476)
Locked svchost.exe (2496)
Locked RichVideo.exe (2528)
Locked svchost.exe (2552)
Locked svchost.exe (2636)
Locked SearchIndexer.exe (2668)
Locked avgemc.exe (2704)
Locked IAANTmon.exe (2744)
Locked avgcsrvx.exe (2864)
Locked taskeng.exe (3036)
Locked unsecapp.exe (3084)
Locked WmiPrvSE.exe (3112)
______ C:\Windows\system32\Dwm.exe (3644)
______ C:\Windows\system32\taskeng.exe (3696)
______ C:\Windows\Explorer.EXE (3756)
______ C:\Program Files\Windows Defender\MSASCui.exe (4004)
______ C:\Windows\RtHDVCpl.exe (4024)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (4048)
______ C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (1368)
______ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (840)
______ C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (2288)
______ C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (2276)
______ C:\Windows\System32\igfxtray.exe (2308)
______ C:\Windows\System32\hkcmd.exe (2004)
______ C:\Windows\System32\igfxpers.exe (2464)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2540)
______ C:\Windows\system32\igfxsrvc.exe (2696)
______ C:\Windows\system32\wbem\unsecapp.exe (3916)
Locked QtZgAcer.EXE (1352)
______ C:\Windows\PLFSetI.exe (1404)
______ C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (1276)
______ C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (3580)
______ C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (1560)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (2768)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (4060)
______ C:\Program Files\AVG\AVG8\avgtray.exe (3460)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3620)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (1356)
______ C:\Users\Lisheo\AppData\Local\Temp\RtkBtMnt.exe (1848)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1384)
______ C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe (3956)
______ C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (4192)
______ C:\Program Files\3\3Connect\AutoUpdateSrv.exe (4256)
______ C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (4436)
Locked igfxext.exe (4452)
Locked igfxsrvc.exe (4480)
Locked SynTPHelper.exe (752)
______ C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (4960)
Locked taskeng.exe (5428)
Locked sdclt.exe (4396)
Locked SearchProtocolHost.exe (5512)
Locked SearchFilterHost.exe (6128)
______ C:\Users\Lisheo\Documents\Downloads\Rooter.exe (5164)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:10737418240)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10738466816 | Length:74650222592)
\Device\Harddisk0\Partition3 (Start_Offset:85388689408 | Length:74651271168)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\Norton Security Scan for Lisheo.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:16.55
.
C:\Rooter$\Rooter_1.txt - (12/07/2009 | 15:16.55)

OTL logfile created on: 12/07/2009 15:22:55 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Lisheo\Documents\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 15.09 Gb Free Space | 21.71% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 40.75 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LISHEO-PC
Current User Name: Lisheo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/03/18 04:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/06 13:51:12 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/03/03 21:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/17 02:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/03/05 07:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2009/07/06 13:51:13 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/06 13:51:13 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/03/21 21:22:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2007/01/17 19:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/12/07 00:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2008/04/07 06:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 11:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/01/09 03:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PRC - [2009/07/08 08:42:07 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2008/07/21 01:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/07/06 13:51:13 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008/01/21 03:33:24 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/10 10:58:18 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 10:11:02 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/19 02:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/06/19 02:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/06/19 02:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/07/12 15:22:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Lisheo\Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/18 04:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/08 08:42:07 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/06 13:51:12 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/03/03 21:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/01/17 02:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/03/05 07:38:34 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008/03/21 21:22:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2008/01/21 03:33:18 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/25 10:05:58 | 00,024,064 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100 [On_Demand | Stopped])
SRV - [2009/05/06 00:06:04 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9cdd623f68be0 [Auto | Stopped])
SRV - [2009/05/18 04:47:38 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/07/21 01:45:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/17 19:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2007/12/07 00:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/07 06:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/04 11:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/09 03:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2008/01/21 03:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/21 03:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/15 03:20:48 | 00,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\System32\DRIVERS\AVerA310USB.sys -- (A310 [On_Demand | Stopped])
DRV - [2008/01/21 03:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/21 03:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/21 03:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/21 03:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2008/02/29 08:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/21 03:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/21 03:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/21 03:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/07/08 08:42:11 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/06 13:51:17 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/06 13:51:24 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/03/28 12:44:56 | 00,210,432 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Running])
DRV - [2008/04/15 03:20:38 | 00,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap [On_Demand | Stopped])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/21 03:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/07/02 03:52:00 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2008/01/21 03:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/21 03:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/01/03 09:04:06 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\DRIVERS\gmer.sys -- (gmer [On_Demand | Stopped])
DRV - [2008/01/21 03:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/03/17 10:05:30 | 00,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2008/07/21 01:44:44 | 00,324,120 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/21 03:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/09/02 11:05:00 | 02,381,312 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/03/21 18:48:24 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2008/04/28 09:26:42 | 02,127,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/09/02 11:07:00 | 00,112,128 | ---- | M] (Intel® Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/04/21 04:07:00 | 00,081,296 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\System32\DRIVERS\jmcr.sys -- (JMCR [On_Demand | Running])
DRV - [2008/01/21 03:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/21 03:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/21 03:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/21 03:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/21 03:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/04/27 23:29:26 | 03,658,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/01/30 10:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2008/01/17 02:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel [Auto | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/21 03:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/21 03:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2008/03/05 07:38:42 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2008/03/05 07:38:44 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running])
DRV - [2008/03/05 07:38:44 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running])
DRV - [2008/01/21 03:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/21 03:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/05/18 04:33:37 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/18 04:31:26 | 00,196,784 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/30 10:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2008/01/21 03:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/21 03:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/01/21 03:32:52 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008/01/21 03:33:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2008/01/21 03:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/21 03:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/03/28 15:51:40 | 00,043,008 | ---- | M] (Winbond Electronics Corporation) -- C:\Windows\System32\DRIVERS\winbondcir.sys -- (winbondcir [On_Demand | Running])
DRV - [2008/05/09 20:03:58 | 00,061,424 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_7730

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_7730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {bb6bc1bb-f824-4702-90cd-35e2fb24f25c}:0.2.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.5
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/05/17 16:00:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/06 13:51:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/07 03:08:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/13 21:03:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/02 21:13:38 | 00,000,000 | ---D | M]

[2008/12/25 11:16:34 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Extensions
[2008/12/25 11:16:34 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/12 12:49:50 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions
[2009/06/29 22:00:47 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/06/28 20:04:32 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/06/30 00:22:28 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/29 22:00:47 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/06/29 02:41:30 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/06/28 20:04:32 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c}
[2009/07/02 01:13:48 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/25 06:08:22 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/06/28 20:58:13 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/02 01:13:47 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/06/10 14:19:01 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\[email protected]
[2009/06/10 15:04:55 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\[email protected]
[2009/06/10 14:15:14 | 00,000,000 | ---D | M] -- C:\Users\Lisheo\AppData\Roaming\mozilla\Firefox\Profiles\vs83y7a5.default\extensions\[email protected]
[2009/05/18 04:46:39 | 00,002,399 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\daemon-search.xml
[2009/06/21 19:20:39 | 00,002,606 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\insurgency-wiki-en.xml
[2009/06/11 18:05:20 | 00,002,261 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\obliviowiki-en.xml
[2009/06/20 17:54:35 | 00,002,594 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\partyvan-wiki-en.xml
[2009/06/12 15:05:59 | 00,001,125 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\the-elder-scrolls-constr.xml
[2009/06/14 17:30:08 | 00,001,336 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\wiktionary-en.xml
[2009/04/26 18:59:39 | 00,000,945 | ---- | M] () -- C:\Users\Lisheo\AppData\Roaming\Mozilla\FireFox\Profiles\vs83y7a5.default\searchplugins\youtube-video-search.xml
[2009/07/12 14:53:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/13 21:03:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/12 14:52:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/13 21:03:25 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/13 21:03:25 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/13 21:03:26 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{096e08b4-d263-11dd-b0a3-001e68ebdf58}\Shell - "" = AutoRun
O33 - MountPoints2\{096e08b4-d263-11dd-b0a3-001e68ebdf58}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{36dd3a5b-1f6a-11de-befa-001e68ebdf58}\Shell\AutoRun\command - "" = SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe
O33 - MountPoints2\{36dd3a5b-1f6a-11de-befa-001e68ebdf58}\Shell\open\command - "" = SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe
O33 - MountPoints2\{b4caadaa-666c-11de-94ad-001b9e106f1b}\Shell\AutoRun\command - "" = NADFOLDER\autorun.exe
O33 - MountPoints2\{b4caadaa-666c-11de-94ad-001b9e106f1b}\Shell\open\command - "" = NADFOLDER\autorun.exe
O33 - MountPoints2\{b73c7ef8-435d-11de-9d33-001e68ebdf58}\Shell - "" = AutoRun
O33 - MountPoints2\{b73c7ef8-435d-11de-9d33-001e68ebdf58}\Shell\AutoRun\command - "" = F:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{e2f7fb8b-4af9-11de-adef-001e68ebdf58}\Shell - "" = AutoRun
O33 - MountPoints2\{e2f7fb8b-4af9-11de-adef-001e68ebdf58}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e2f7fbb5-4af9-11de-adef-001e68ebdf58}\Shell - "" = AutoRun
O33 - MountPoints2\{e2f7fbb5-4af9-11de-adef-001e68ebdf58}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/12 15:16:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/07 03:10:58 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/07 03:05:25 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/07 03:05:25 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/07 03:05:24 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/07 03:05:24 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/07 03:05:24 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/07 03:05:24 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/07 03:05:23 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/07 03:05:22 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/07 03:00:51 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/07 03:00:48 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/07 03:00:48 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/07/07 03:00:38 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/07 03:00:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/06 14:19:23 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/06 13:51:27 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/07/06 13:51:25 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/06 13:51:24 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/06 13:51:18 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/06 13:51:17 | 38,072,861 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/06 13:51:17 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/06 13:51:17 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/06 13:51:17 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/06 13:51:17 | 00,025,155 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/06 13:51:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/07/06 13:51:11 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/06 13:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/06 09:20:55 | 00,011,286 | ---- | C] () -- C:\Users\Lisheo\Documents\Null propaganda.docx
[2009/07/02 21:13:23 | 00,000,975 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/07/01 07:59:31 | 00,010,042 | ---- | C] () -- C:\Users\Lisheo\Documents\Null ideas.docx
[2009/07/01 05:05:32 | 00,016,405 | ---- | C] () -- C:\Users\Lisheo\Documents\Anonymous chapter X.docx
[2009/06/29 22:00:52 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\Documents\iMacros
[2009/06/28 17:40:54 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/28 17:40:53 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/25 05:49:53 | 00,012,092 | ---- | C] () -- C:\Users\Lisheo\Documents\AnonymousChap1.docx
[2009/06/22 05:50:32 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\AppData\Roaming\gtk-2.0
[2009/06/22 05:49:21 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\AppData\Roaming\.purple
[2009/06/22 05:47:00 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/06/22 05:46:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/06/20 15:27:54 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\AppData\Roaming\tor
[2009/06/20 15:27:40 | 00,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2009/06/20 15:27:38 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\AppData\Roaming\Vidalia
[2009/06/20 15:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2009/06/20 10:50:39 | 00,000,079 | ---- | C] () -- C:\Users\Lisheo\Desktop\Huntersoft Free Download.url
[2009/06/20 10:50:35 | 00,000,916 | ---- | C] () -- C:\Users\Lisheo\Desktop\Unknown Device Identifier.lnk
[2009/06/20 10:50:35 | 00,000,000 | ---D | C] -- C:\Program Files\Unknown Device Identifier
[2009/06/17 18:08:57 | 00,000,000 | ---D | C] -- C:\Users\Lisheo\AppData\Roaming\WinRAR
[2009/06/17 17:57:27 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/06/13 00:46:17 | 00,011,975 | ---- | C] () -- C:\Users\Lisheo\Documents\Novella.docx
[2009/05/18 06:08:25 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/05/18 04:33:37 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/19 13:47:30 | 00,000,808 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/01/03 09:04:13 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009/01/03 09:04:06 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2008/12/25 20:41:09 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/25 20:41:09 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/05 14:13:16 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/10/05 14:13:16 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/09/03 09:28:46 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/09/03 09:28:40 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/07/22 09:01:25 | 00,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2008/04/17 17:09:32 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/17 17:09:32 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/17 17:08:48 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/17 16:38:04 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/04/17 16:34:50 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/04/17 16:24:51 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/03/30 00:00:40 | 00,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 00:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Lisheo\AppData\Local\*.tmp files]
[2009/07/12 14:54:37 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/12 14:54:37 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/12 14:54:37 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/12 14:52:06 | 00,000,079 | ---- | M] () -- C:\Users\Lisheo\Desktop\Huntersoft Free Download.url
[2009/07/12 14:49:45 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/12 14:49:40 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/07/12 14:49:34 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/12 14:49:34 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/12 14:49:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/12 14:49:25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/12 14:49:22 | 31,466,41408 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/12 14:38:14 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/07/12 13:45:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/12 10:41:32 | 38,072,861 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/12 10:41:32 | 00,025,155 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/12 03:24:53 | 03,736,825 | -H-- | M] () -- C:\Users\Lisheo\AppData\Local\IconCache.db
[2009/07/10 19:38:44 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Lisheo.job
[2009/07/08 08:42:11 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/07 09:45:35 | 00,071,680 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/07/07 03:20:13 | 00,298,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/06 13:52:27 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/06 13:51:27 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/07/06 13:51:25 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/06 13:51:24 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/06 13:51:17 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/06 13:51:17 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/06 09:20:56 | 00,011,286 | ---- | M] () -- C:\Users\Lisheo\Documents\Null propaganda.docx
[2009/07/03 00:16:11 | 00,026,112 | ---- | M] () -- C:\Users\Lisheo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/02 21:13:33 | 00,000,939 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2009/07/02 21:13:23 | 00,000,975 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2009/07/02 21:12:51 | 00,001,399 | ---- | M] () -- C:\Users\Lisheo\Desktop\DivX Movies.lnk
[2009/07/01 09:09:00 | 00,016,405 | ---- | M] () -- C:\Users\Lisheo\Documents\Anonymous chapter X.docx
[2009/07/01 07:59:32 | 00,010,042 | ---- | M] () -- C:\Users\Lisheo\Documents\Null ideas.docx
[2009/06/25 06:47:37 | 00,012,092 | ---- | M] () -- C:\Users\Lisheo\Documents\AnonymousChap1.docx
[2009/06/23 22:13:21 | 00,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/06/20 15:27:40 | 00,000,979 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2009/06/20 12:07:53 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/06/20 10:50:35 | 00,000,916 | ---- | M] () -- C:\Users\Lisheo\Desktop\Unknown Device Identifier.lnk
[2009/06/17 19:01:15 | 00,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/14 02:21:44 | 00,011,975 | ---- | M] () -- C:\Users\Lisheo\Documents\Novella.docx
< End of report >

OTL Extras logfile created on: 12/07/2009 15:22:55 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Lisheo\Documents\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 91.26% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 15.09 Gb Free Space | 21.71% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 40.75 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LISHEO-PC
Current User Name: Lisheo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/03/05 07:38:26 | 00,651,824 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
[2008/03/05 07:38:38 | 00,926,256 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
[2008/03/05 07:38:22 | 00,932,400 | ---- | M] ( Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
[2008/03/05 07:38:34 | 00,485,936 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
[2008/03/05 07:39:14 | 00,752,688 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
File not found -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
[2008/03/05 07:39:16 | 00,512,048 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27
"AVG8Uninstall" = AVG Free 8.5
"Blender" = Blender (remove only)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Nokia PC Suite" = Nokia PC Suite
"NSSSetup.{6FF543AB-99B3-4120-902C-70A38314ABD8}" = Norton Security Scan (Symantec Corporation)
"Pidgin" = Pidgin
"Privoxy" = Privoxy 3.0.6
"RealPlayer 6.0" = RealPlayer
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.0.34
"Unknown Device Identifier_is1" = Unknown Device Identifier 6.01
"Vidalia" = Vidalia 0.1.10
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2009 22:08:58 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/06/2009 11:28:05 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2009 05:49:56 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2009 11:45:00 | Computer Name = Lisheo-PC | Source = Google Update | ID = 20
Description =

Error - 30/06/2009 12:45:00 | Computer Name = Lisheo-PC | Source = Google Update | ID = 20
Description =

Error - 30/06/2009 13:45:00 | Computer Name = Lisheo-PC | Source = Google Update | ID = 20
Description =

Error - 30/06/2009 22:44:09 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/07/2009 14:27:32 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/07/2009 02:11:52 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/07/2009 20:23:06 | Computer Name = Lisheo-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 03/07/2009 00:49:15 | Computer Name = Lisheo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001B9E106F1B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/07/2009 02:11:07 | Computer Name = Lisheo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001E68EBDF58 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/07/2009 02:11:08 | Computer Name = Lisheo-PC | Source = HTTP | ID = 15016
Description =

Error - 03/07/2009 20:22:23 | Computer Name = Lisheo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:19:04 on 04/07/2009 was unexpected.

Error - 03/07/2009 20:22:25 | Computer Name = Lisheo-PC | Source = HTTP | ID = 15016
Description =

Error - 04/07/2009 12:28:36 | Computer Name = Lisheo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001B9E106F1B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/07/2009 20:22:24 | Computer Name = Lisheo-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001E68EBDF58 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/07/2009 04:41:54 | Computer Name = Lisheo-PC | Source = HTTP | ID = 15016
Description =

Error - 06/07/2009 07:43:06 | Computer Name = Lisheo-PC | Source = HTTP | ID = 15016
Description =

Error - 06/07/2009 08:38:19 | Computer Name = Lisheo-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Malwarebytes' Anti-Malware 1.38
Database version: 2412
Windows 6.0.6001 Service Pack 1

12/07/2009 15:29:47
mbam-log-2009-07-12 (15-29-47).txt

Scan type: Quick Scan
Objects scanned: 77184
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Lisheo, 12 July 2009 - 08:30 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP