[Lukas_93]

Almost every single thing i search in google, it will redirect me to pornography, or Advertising.

My Hijack This log is attached.

PLEASE HELP ME!

Attached Files

•  hijackthis.log   14.29KB   139 downloads

[Advertisements]

Hi, Lukas_93! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

PLease follow the steps below:

GMER Rootkit Scanner

• Download GMER from HERE.
• Extract the contents of zipped file to your desktop.
• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.
• Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries 1

Step 2

OTL Default Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Under the Extra Registry section, check Use SafeList
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• Content of ark.txt
  
• Contet of OTL.txt and Extras.txt logs
  
• Tell me if you are being redirected in both browsers IE and FF?
  

[Render]

Hi, Lukas_93! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

PLease follow the steps below:

GMER Rootkit Scanner

• Download GMER from HERE.
• Extract the contents of zipped file to your desktop.
• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED:
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.
• Please copy and paste the report into your Post.

Caution - Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries 1

Step 2

OTL Default Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Under the Extra Registry section, check Use SafeList
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• Content of ark.txt
  
• Contet of OTL.txt and Extras.txt logs
  
• Tell me if you are being redirected in both browsers IE and FF?
  

[Lukas_93]

Ark.txt
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-13 22:48:32
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076c05f26
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076c05f26@0022a99d3cda 0x4F 0x4C 0x8B 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076c05f26@506313fb8760 0xA9 0x12 0xDA 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076c05f26@0025d0c1ebcd 0xF7 0x19 0x83 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076c05f26 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076c05f26@0022a99d3cda 0x4F 0x4C 0x8B 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076c05f26@506313fb8760 0xA9 0x12 0xDA 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076c05f26@0025d0c1ebcd 0xF7 0x19 0x83 0xAB ...

---- EOF - GMER 1.0.15 ----

OTL Report
OTL logfile created on: 1/13/2011 11:39:41 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Lukes\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.38 Gb Total Space | 432.45 Gb Free Space | 74.13% Space Free | Partition Type: NTFS

Computer Name: LUKES-PC | User Name: Lukes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
PRC - [2011/01/06 23:42:50 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/12/12 20:53:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 20:53:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Lukes\Desktop\gmer.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/21 10:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/13 14:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/11/02 10:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/10/29 22:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 10:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/25 10:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/11 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/11 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 20:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/05 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 14:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/29 17:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/09/11 16:42:00 | 000,268,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\sysenv.dll
MOD - [2009/09/11 16:41:42 | 000,120,104 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
MOD - [2009/07/14 12:16:20 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2009/07/14 12:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMASF.DLL
MOD - [2009/07/14 12:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2009/07/14 12:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009/07/14 12:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMVCORE.DLL
MOD - [2009/07/14 12:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PortableDeviceApi.dll
MOD - [2009/07/14 12:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2009/07/14 12:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll
MOD - [2009/07/14 12:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IconCodecService.dll
MOD - [2009/07/14 12:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorAPI.dll
MOD - [2009/07/14 12:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009/07/14 12:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009/07/14 12:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2009/07/14 12:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009/07/14 12:14:57 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\audiodev.dll
MOD - [2009/07/14 12:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2008/11/12 13:16:38 | 000,133,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\xmllite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\efsadu32.exe -- (NetTcpPortSharing32)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\drmv2clt32.exe -- (BDESVC32)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/11/12 17:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/03 07:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/03 13:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/10/01 09:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/28 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/01/05 15:09:22 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/23 16:08:14 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/25 10:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/11 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 20:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/11 08:30:24 | 000,033,848 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV:64bit: - [2010/07/08 20:40:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/11/12 19:31:44 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/03 07:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/03 18:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/18 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/30 05:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/30 05:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/14 06:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/06 23:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/23 09:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 22:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/25 13:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/20 13:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 07:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/03 14:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 14:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 14:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 14:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 11:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 11:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/09 01:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...c8z175t59i1d63q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z175t59i1d63q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z175t59i1d63q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EB F5 F5 06 80 1F 13 4B A6 1D 9E B6 F8 90 98 CB [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.aiu"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {ea0969b3-6e12-4ac0-b6c9-148e81247954}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {f0a8a365-4c85-40a9-928d-c365a6bc2149}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "5.6.7.8"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "5.6.7.8"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/01 18:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/18 19:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/22 15:01:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/16 12:10:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/16 12:10:25 | 000,000,000 | ---D | M]

[2010/05/14 21:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Extensions
[2011/01/13 23:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions
[2010/12/13 13:23:53 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/08/29 22:00:30 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Toolbar) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2010/10/16 22:54:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}
[2010/12/13 13:23:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\[email protected]
[2010/07/09 15:26:10 | 000,000,570 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\searchplugins\bing.xml
[2010/06/10 22:32:22 | 000,002,022 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\searchplugins\romulation-rom-search.xml
[2010/12/28 17:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/16 00:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/08 20:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 16:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/21 12:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/10/18 19:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/10 12:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll

O1 HOSTS File: ([2009/06/11 08:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (acf94b77) - {10570BDB-1D7D-F675-4496-E075CB34AD59} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {20CABF67-A0A9-6D77-0DD5-F1F6CDC7CC91} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {20D83215-A50E-4DB0-AE95-B01C0D4A503A} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {2EFD4DB5-8ECD-EEDD-AEC4-F3BF4140228C} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {35E07624-516D-6D6E-5EF0-78D4D3D157F4} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (acf94b77) - {5C28B90A-B469-AD2B-A5B1-60CA5CA672FF} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {5C343410-3918-7409-514E-C971DE57DCEF} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {5CAF6F99-44FF-3954-4039-955780EA6B5C} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {5E9B8998-061B-F353-6D24-FE228FEE4C6C} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {6858A3DF-F320-1679-24FA-678B4D2919EE} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {68D601D3-56EF-0A1C-F5C1-A1684E9BA9CC} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {6EC4D9EE-4FD9-47F9-2CFF-2F15B4D3B7B5} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {75D1F3C6-5E82-41EF-E90B-81FDA352944C} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {7A4434E3-3358-B870-92E3-893CE1A37B0A} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {8216773D-ABDA-EC96-15CC-02830426C021} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {835705E6-1007-602D-9539-7670E21BBA2C} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {933BD53A-2C60-7F1D-2874-AAE8FFF16B40} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {963E2CD9-89D1-7F97-817C-F5FB883795E7} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {989E2ACE-F1DA-F5C4-987F-0C8DC072269F} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {98D59224-FE15-8416-864D-81801F1A9129} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {9D2DCF4E-D020-C406-DD45-E3B89C79343E} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {A750944E-5C6F-66B9-846C-DB484728DCE9} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {AC577416-19E1-899A-945D-F63D607E4195} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {AF095954-C9C9-CF91-848F-9BD9298D1459} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {B43B4755-0B39-08E8-710D-21DCB7320C50} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {BFAEC6D6-8A5C-52A5-80CA-1D8268E88061} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {C365EB1E-53FA-CD7D-2825-34617B3719A6} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {C76CCBE6-106B-F05E-3816-4F57958C7E52} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {D0DA98C5-03EE-8426-49D1-5E36632B98F4} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {D41A82C5-3A54-2803-680F-9B61FADFD4F7} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {E2451F36-03CB-07F3-134A-05667DB6FC07} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {EFFA2510-E4A8-F065-1878-3DF2B5F414CA} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {F12088C6-6120-6E26-4176-B786D94D9405} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {F8A55D11-EA6F-7647-0824-CB92F7C7CE08} - C:\Windows\SysWow64\dsauth32.dll File not found
O2 - BHO: (acf94b77) - {FF9C7B08-5AF7-A03C-C708-12C0C632678D} - C:\Windows\SysWow64\dsauth32.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [dfmirage-Install] C:\Windows\temp\DFI-8I38JO.exe (DemoForge, LLC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [New Value #1] C:\Users\Lukes\Desktop\KeyLogger\KeyLogger\obj\Debug\Keylogger.exe File not found
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/01/13 23:21:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
[2011/01/13 01:55:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lukes\Desktop\HijackThis.exe
[2011/01/12 12:11:22 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/12 12:11:22 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/12 12:11:21 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/12 12:11:21 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/12 12:11:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/12 12:11:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/12 12:11:21 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/12 12:11:21 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/12 12:11:21 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/12 12:11:20 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/12 12:11:20 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/12 12:11:20 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/12 12:11:20 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 12:11:20 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 12:11:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/12 12:11:20 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/12 12:11:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/12 12:11:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/12 12:11:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/12 12:11:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/12 12:11:14 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 12:11:14 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/06 23:42:06 | 000,396,152 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Lukes\Desktop\utorrent.exe
[2011/01/03 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/01/03 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/01/03 20:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2011/01/03 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/01/03 17:21:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/03 17:18:02 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Malwarebytes
[2011/01/03 17:17:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/03 17:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 17:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/03 17:17:55 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/03 17:15:31 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lukes\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Incomplete
[2011/01/01 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Documents\FrostWire
[2010/12/30 12:47:12 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Documents\My Chat Logs
[2010/12/30 12:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/12/30 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger Plus! Live
[2010/12/28 17:41:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Tracing
[2010/12/28 17:19:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\PriceGong
[2010/12/28 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/28 16:30:02 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Desktop\Music
[2010/12/27 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2010/12/25 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Local\Western_Digital
[2010/12/25 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Western Digital
[2010/12/25 18:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2010/12/25 18:29:55 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Local\Western Digital
[2010/12/21 12:14:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/21 12:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/21 12:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PKR
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKR
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PKR
[2010/12/16 12:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/16 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/16 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/12/16 12:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/16 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/16 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/15 09:44:11 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/15 09:44:10 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/15 09:44:10 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/15 09:44:10 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/15 09:44:10 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/15 09:44:10 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/15 09:44:10 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/15 09:44:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/15 09:44:07 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/15 09:44:07 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/15 09:44:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/15 09:44:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/15 09:44:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/15 09:44:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/15 09:44:04 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/15 09:43:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 09:43:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 09:43:56 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/15 09:43:56 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 09:43:56 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 09:43:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/15 09:43:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 09:43:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 09:43:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 09:43:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 09:43:56 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 09:43:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 09:43:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 09:43:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/18 22:08:40 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2010/07/08 20:40:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lukes\AppData\Roaming\pcouffin.sys
[2009/11/05 14:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/13 23:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/13 23:37:57 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
[2011/01/13 15:29:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/13 03:26:29 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 03:26:29 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/13 03:18:35 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 02:41:47 | 000,001,182 | ---- | M] () -- C:\Users\Lukes\Desktop\ Mabinogi .lnk
[2011/01/13 01:55:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lukes\Desktop\HijackThis.exe
[2011/01/11 23:13:07 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/01/06 23:42:50 | 000,000,935 | ---- | M] () -- C:\Users\Lukes\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/06 23:42:50 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/01/06 23:42:11 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lukes\Desktop\utorrent.exe
[2011/01/04 01:56:57 | 587,746,188 | ---- | M] () -- C:\Users\Lukes\Desktop\www.downloadost.com - mabinogi-ost.rar
[2011/01/03 17:21:08 | 468,288,638 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 17:17:58 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 17:15:35 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lukes\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/25 18:30:51 | 000,870,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/25 18:30:51 | 000,725,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/25 18:30:51 | 000,145,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/25 18:30:42 | 000,001,377 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/25 18:30:41 | 000,001,322 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/17 09:40:35 | 000,343,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/16 11:09:53 | 000,000,008 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_2
[2010/12/16 10:57:33 | 000,000,173 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\D2Info0
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 16:27:54 | 000,296,448 | ---- | C] () -- C:\Users\Lukes\Desktop\gmer.exe
[2011/01/11 23:13:07 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/01/06 23:42:50 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/01/04 23:07:25 | 000,001,182 | ---- | C] () -- C:\Users\Lukes\Desktop\ Mabinogi .lnk
[2011/01/04 01:25:50 | 587,746,188 | ---- | C] () -- C:\Users\Lukes\Desktop\www.downloadost.com - mabinogi-ost.rar
[2011/01/03 17:21:08 | 468,288,638 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/03 17:17:58 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/25 18:30:41 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/25 18:30:41 | 000,001,322 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/02 21:11:11 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_5
[2010/12/02 12:23:07 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_4
[2010/11/28 18:23:57 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_3
[2010/11/28 16:28:32 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/28 16:28:32 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/28 15:27:11 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_1
[2010/11/28 15:24:43 | 000,000,173 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\D2Info0
[2010/11/28 15:24:43 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_2
[2010/11/26 17:03:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/10/16 22:55:15 | 000,000,300 | -HS- | C] () -- C:\ProgramData\215632754
[2010/10/16 22:55:14 | 000,001,185 | ---- | C] () -- C:\ProgramData\753950814
[2010/10/16 22:54:23 | 000,000,234 | ---- | C] () -- C:\ProgramData\sl1832638944
[2010/10/16 22:54:11 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/09/07 00:41:38 | 000,864,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/20 13:24:36 | 000,000,000 | ---- | C] () -- C:\Users\Lukes\AppData\Local\prvlcl.dat
[2010/07/08 20:41:03 | 000,000,033 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.log
[2010/07/08 20:40:29 | 000,099,384 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\inst.exe
[2010/07/08 20:40:29 | 000,007,859 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.cat
[2010/07/08 20:40:29 | 000,001,167 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.inf
[2010/05/18 18:11:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/30 22:40:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/30 22:27:41 | 000,008,276 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/12/30 22:26:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/30 22:26:32 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/30 22:13:31 | 000,001,676 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/05 14:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/11/05 11:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/05 11:21:23 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/05 11:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 12:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DDEB08FD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F63A059B

< End of report >

extras Log
OTL Extras logfile created on: 1/13/2011 11:39:41 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Lukes\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.38 Gb Total Space | 432.45 Gb Free Space | 74.13% Space Free | Partition Type: NTFS

Computer Name: LUKES-PC | User Name: Lukes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8B963746-228D-35B2-BAFC-EFB79B4DF053}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E4E8CCFD-621C-E05A-47FB-AB96E4F5CB50}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B3689FB-8AF1-7C0E-58AF-C9B7CDC0D3AE}" = CCC Help Czech
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1178262C-BA31-9A27-8507-0143DD55BCDD}" = CCC Help Hungarian
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250DA7DE-37D3-ED70-90D6-90B99EE0D110}" = CCC Help Turkish
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2E32576B-75F7-2D13-4809-FF14DA271930}" = CCC Help Dutch
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33E5C80C-8D37-541E-74A6-51D527336A31}" = CCC Help Portuguese
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F62782D-2798-4540-B493-F6472197900E}" = Microsoft Search Enhancement Pack
"{43BB11DF-96BE-011A-46C4-338B7432E278}" = CCC Help English
"{43D494C7-3F5B-BD67-7C09-323725A7DBA0}" = CCC Help Korean
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{54DF7BDA-1058-4D53-B3D4-2344C69B7D0C}" = Ragnarok Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57D89CD5-09D1-6775-5D28-FBF8E62D5906}" = CCC Help Danish
"{584E5DA5-F6A4-90EA-C9D6-9D36638055A6}" = CCC Help Norwegian
"{593A6D1B-DC94-38F5-3158-A3861F7360C9}" = Catalyst Control Center InstallProxy
"{59569A68-C301-4EDD-2DEC-A555851AEE5E}" = Catalyst Control Center Localization All
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{6510C671-1D30-7669-18A8-2F13DC818E4B}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68A6DB8D-478D-41C9-BE5C-43B2C4E9C143}" = BrightShadow
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D863265-A79F-9214-9F2A-C4D1FC8FDFF6}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76DC93F5-9C94-79F6-B39F-11055EF7A582}" = CCC Help Thai
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7BEB1F41-755A-C8CB-45B0-C5DEBEA241C9}" = CCC Help Chinese Traditional
"{7F5DD739-DB41-DA6A-9912-89C04E20C130}" = CCC Help Finnish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{830ECBA3-2D98-2174-93A4-DDF90A2C41D5}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D0DF06F-6AC2-D9C3-B29F-810CB9E836D8}" = CCC Help Swedish
"{8DFE0123-0723-165C-29CF-28409D8E462C}" = CCC Help French
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{901AB58E-FB3C-1F64-7795-5BE7F7DB66A6}" = CCC Help Russian
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A18B2647-60E3-0A6E-AF17-2FD9DF46DC41}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B0559ABA-D32C-55AD-5943-3E8BF9E6D749}" = Catalyst Control Center Graphics Full New
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1AC5371-C952-99DC-1C0C-2C0BE8A0F1F8}" = CCC Help Chinese Standard
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7F9F9C6-8F06-2E00-63E2-DC8F1E73EE54}" = CCC Help Polish
"{C3E67109-58DF-1C4A-BB9A-14BEC5787BFC}" = Catalyst Control Center Graphics Full Existing
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE4120DD-97B3-78AD-2535-00031F6ED246}" = Catalyst Control Center Graphics Light
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DAD9BED2-5833-4EA2-57EC-550F94F8588B}" = Catalyst Control Center Graphics Previews Vista
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E48F1CB2-4D52-B847-5442-7C3897983BBD}" = CCC Help Spanish
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB646CCD-FA56-CEC6-A91A-C18EF9D5C3B5}" = CCC Help German
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FACE7F75-E485-06CA-01AA-C1633F43667F}" = CCC Help Japanese
"{FBA1239D-189F-4855-88B6-4DBE606D30A5}" = Fiesta
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"18_is1" = RBO Extra Scenario Vol.1
"35_is1" = RBO Extra Scenario Vol.2
"36_is1" = RBO Extra Scenario Vol.3
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Combat Arms" = Combat Arms
"Dream Of Mirror Online" = Dream Of Mirror Online
"FLVCodec" = PlayFLV
"FrostWire" = FrostWire 4.20.6
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"LastChaos" = LastChaos
"LManager" = Launch Manager
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MythwarII1.0.4.35" = MythwarII
"PKR" = PKR
"Ragnarok Battle Offline" = Ragnarok Battle Offline
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spiral Knights" = Spiral Knights

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2011 3:17:49 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9173

Error - 1/5/2011 3:17:49 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9173

Error - 1/5/2011 3:17:50 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 3:17:50 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10171

Error - 1/5/2011 3:17:50 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10171

Error - 1/5/2011 3:17:51 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 3:17:51 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11186

Error - 1/5/2011 3:17:51 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11186

Error - 1/5/2011 3:17:52 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/5/2011 3:17:52 AM | Computer Name = Lukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12200

[ Media Center Events ]
Error - 8/2/2010 5:44:55 PM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 7:44:55 AM - Error connecting to the internet. 7:44:55 AM - Unable
to contact server..

Error - 8/2/2010 5:52:26 PM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 7:52:04 AM - Error connecting to the internet. 7:52:04 AM - Unable
to contact server..

Error - 8/24/2010 10:52:55 PM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 12:52:48 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 9/12/2010 7:57:15 PM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 9:57:15 AM - Error connecting to the internet. 9:57:15 AM - Unable
to contact server..

Error - 9/12/2010 7:57:53 PM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 9:57:44 AM - Error connecting to the internet. 9:57:44 AM - Unable
to contact server..

Error - 9/13/2010 2:41:39 AM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 4:41:39 PM - Failed to retrieve SportsV2 (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 9/13/2010 2:41:41 AM | Computer Name = Lukes-PC | Source = MCUpdate | ID = 0
Description = 4:41:39 PM - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

[ OSession Events ]
Error - 7/4/2010 2:27:16 AM | Computer Name = Lukes-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/28/2010 5:55:40 PM | Computer Name = Lukes-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:53:26 AM on ?9/?29/?2010 was unexpected.

Error - 9/28/2010 5:55:48 PM | Computer Name = Lukes-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 9/29/2010 10:11:34 PM | Computer Name = Lukes-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
Software Shadow Copy Provider service to connect.

Error - 9/29/2010 10:11:34 PM | Computer Name = Lukes-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Software Shadow Copy Provider service failed to start
due to the following error: %%1053

Error - 9/29/2010 10:11:40 PM | Computer Name = Lukes-PC | Source = DCOM | ID = 10005
Description =

Error - 9/30/2010 8:47:33 PM | Computer Name = Lukes-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 10/3/2010 5:06:43 AM | Computer Name = Lukes-PC | Source = DCOM | ID = 10010
Description =

Error - 10/3/2010 6:08:44 AM | Computer Name = Lukes-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 10/4/2010 6:15:58 AM | Computer Name = Lukes-PC | Source = DCOM | ID = 10010
Description =

Error - 10/6/2010 9:01:35 PM | Computer Name = Lukes-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Both FF and IE, and even Google Chrome are being redirected

Edited by Lukas_93, 13 January 2011 - 08:44 AM.

[Render]

Hi, Lukas_93

I noticed you are using P2P programs (uTorrent, FrostWire), please either uninstall, or do not use them while we are working to clean your computer. P2P programs are known to bring malware to computer.

Are there any reasons why you do not use any antivirus program?

Are you being redirected in both browsers: Internet Explorer and Firefox?

Step 1

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  :OTL
  FF - prefs.js..browser.startup.homepage: "http://www.google.com.aiu"
  FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
  FF - prefs.js..network.proxy.backup.ftp_port: 8080
  FF - prefs.js..network.proxy.backup.gopher: "5.6.7.8"
  FF - prefs.js..network.proxy.backup.gopher_port: 8080
  FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
  FF - prefs.js..network.proxy.backup.socks_port: 1080
  FF - prefs.js..network.proxy.backup.ssl: ""
  FF - prefs.js..network.proxy.backup.ssl_port: 8080
  FF - prefs.js..network.proxy.ftp: "127.0.0.1"
  FF - prefs.js..network.proxy.ftp_port: 8080
  FF - prefs.js..network.proxy.gopher: "5.6.7.8"
  FF - prefs.js..network.proxy.gopher_port: 8080
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 8080
  FF - prefs.js..network.proxy.share_proxy_settings: true
  FF - prefs.js..network.proxy.socks: "127.0.0.1"
  FF - prefs.js..network.proxy.socks_port: 1080
  FF - prefs.js..network.proxy.ssl_port: 8080
  FF - prefs.js..network.proxy.type: 0
  O2 - BHO: (acf94b77) - {10570BDB-1D7D-F675-4496-E075CB34AD59} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {20CABF67-A0A9-6D77-0DD5-F1F6CDC7CC91} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {20D83215-A50E-4DB0-AE95-B01C0D4A503A} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {2EFD4DB5-8ECD-EEDD-AEC4-F3BF4140228C} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {35E07624-516D-6D6E-5EF0-78D4D3D157F4} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {5C28B90A-B469-AD2B-A5B1-60CA5CA672FF} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {5C343410-3918-7409-514E-C971DE57DCEF} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {5CAF6F99-44FF-3954-4039-955780EA6B5C} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {5E9B8998-061B-F353-6D24-FE228FEE4C6C} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {6858A3DF-F320-1679-24FA-678B4D2919EE} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {68D601D3-56EF-0A1C-F5C1-A1684E9BA9CC} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {6EC4D9EE-4FD9-47F9-2CFF-2F15B4D3B7B5} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {75D1F3C6-5E82-41EF-E90B-81FDA352944C} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {7A4434E3-3358-B870-92E3-893CE1A37B0A} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {8216773D-ABDA-EC96-15CC-02830426C021} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {835705E6-1007-602D-9539-7670E21BBA2C} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {933BD53A-2C60-7F1D-2874-AAE8FFF16B40} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {963E2CD9-89D1-7F97-817C-F5FB883795E7} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {989E2ACE-F1DA-F5C4-987F-0C8DC072269F} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {98D59224-FE15-8416-864D-81801F1A9129} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {9D2DCF4E-D020-C406-DD45-E3B89C79343E} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {A750944E-5C6F-66B9-846C-DB484728DCE9} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {AC577416-19E1-899A-945D-F63D607E4195} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {AF095954-C9C9-CF91-848F-9BD9298D1459} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {B43B4755-0B39-08E8-710D-21DCB7320C50} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {BFAEC6D6-8A5C-52A5-80CA-1D8268E88061} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {C365EB1E-53FA-CD7D-2825-34617B3719A6} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {C76CCBE6-106B-F05E-3816-4F57958C7E52} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {D0DA98C5-03EE-8426-49D1-5E36632B98F4} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {D41A82C5-3A54-2803-680F-9B61FADFD4F7} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {E2451F36-03CB-07F3-134A-05667DB6FC07} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {EFFA2510-E4A8-F065-1878-3DF2B5F414CA} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {F12088C6-6120-6E26-4176-B786D94D9405} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {F8A55D11-EA6F-7647-0824-CB92F7C7CE08} - C:\Windows\SysWow64\dsauth32.dll File not found
  O2 - BHO: (acf94b77) - {FF9C7B08-5AF7-A03C-C708-12C0C632678D} - C:\Windows\SysWow64\dsauth32.dll File not found
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4:64bit: - HKLM..\Run: [New Value #1] C:\Users\Lukes\Desktop\KeyLogger\KeyLogger\obj\Debug\Keylogger.exe File not found
  O33 - MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
  O33 - MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  O33 - MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\Shell - "" = AutoRun
  O33 - MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
  
  :Files
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware.
• Select the Update tab.
• Click on Check for Updates button.
• Click on OK.
• Select the Scanner tab.
• Select Perform quick scan, then click on Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Check the boxes beside LOP Check and Purity Check.
• Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the textbox.
  
  

  netsvcs
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  %systemroot%\AppPatch\Custom\*.*
  %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
  %PROGRAMFILES%\PC-Doctor\Downloads\*.*
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %systemroot%\ADDINS\*.*
  %systemroot%\assembly\*.bak2
  %systemroot%\Config\*.*
  %systemroot%\REPAIR\*.bak2
  %systemroot%\SECURITY\Database\*.sdb /x
  %systemroot%\SYSTEM\*.bak2
  %systemroot%\Web\*.bak2
  %systemroot%\Driver Cache\*.*
  %PROGRAMFILES%\Mozilla Firefox\0*.exe
  %ProgramFiles%\Microsoft Common\*.*
  %ProgramFiles%\TinyProxy.
  %USERPROFILE%\Favorites\*.url /x
  %systemroot%\system32\*.bk
  %systemroot%\*.te
  %systemroot%\system32\system32\*.*
  %ALLUSERSPROFILE%\*.dat /x
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

When completed the above, please post back the following in the order asked for:

• OTL fix log
  
• MBAM log
  
• OTL.txt log
  

[Lukas_93]

OTL Fix Log

All processes killed
========== OTL ==========
Prefs.js: "http://www.google.com.aiu" removed from browser.startup.homepage
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "5.6.7.8" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 1080 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "5.6.7.8" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 1080 removed from network.proxy.socks_port
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10570BDB-1D7D-F675-4496-E075CB34AD59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10570BDB-1D7D-F675-4496-E075CB34AD59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20CABF67-A0A9-6D77-0DD5-F1F6CDC7CC91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20CABF67-A0A9-6D77-0DD5-F1F6CDC7CC91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20D83215-A50E-4DB0-AE95-B01C0D4A503A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D83215-A50E-4DB0-AE95-B01C0D4A503A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EFD4DB5-8ECD-EEDD-AEC4-F3BF4140228C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EFD4DB5-8ECD-EEDD-AEC4-F3BF4140228C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35E07624-516D-6D6E-5EF0-78D4D3D157F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35E07624-516D-6D6E-5EF0-78D4D3D157F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C28B90A-B469-AD2B-A5B1-60CA5CA672FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C28B90A-B469-AD2B-A5B1-60CA5CA672FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C343410-3918-7409-514E-C971DE57DCEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C343410-3918-7409-514E-C971DE57DCEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CAF6F99-44FF-3954-4039-955780EA6B5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CAF6F99-44FF-3954-4039-955780EA6B5C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E9B8998-061B-F353-6D24-FE228FEE4C6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E9B8998-061B-F353-6D24-FE228FEE4C6C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6858A3DF-F320-1679-24FA-678B4D2919EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6858A3DF-F320-1679-24FA-678B4D2919EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68D601D3-56EF-0A1C-F5C1-A1684E9BA9CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68D601D3-56EF-0A1C-F5C1-A1684E9BA9CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC4D9EE-4FD9-47F9-2CFF-2F15B4D3B7B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC4D9EE-4FD9-47F9-2CFF-2F15B4D3B7B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75D1F3C6-5E82-41EF-E90B-81FDA352944C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75D1F3C6-5E82-41EF-E90B-81FDA352944C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A4434E3-3358-B870-92E3-893CE1A37B0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A4434E3-3358-B870-92E3-893CE1A37B0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8216773D-ABDA-EC96-15CC-02830426C021}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8216773D-ABDA-EC96-15CC-02830426C021}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{835705E6-1007-602D-9539-7670E21BBA2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{835705E6-1007-602D-9539-7670E21BBA2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{933BD53A-2C60-7F1D-2874-AAE8FFF16B40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{933BD53A-2C60-7F1D-2874-AAE8FFF16B40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963E2CD9-89D1-7F97-817C-F5FB883795E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963E2CD9-89D1-7F97-817C-F5FB883795E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{989E2ACE-F1DA-F5C4-987F-0C8DC072269F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{989E2ACE-F1DA-F5C4-987F-0C8DC072269F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98D59224-FE15-8416-864D-81801F1A9129}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D59224-FE15-8416-864D-81801F1A9129}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D2DCF4E-D020-C406-DD45-E3B89C79343E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D2DCF4E-D020-C406-DD45-E3B89C79343E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A750944E-5C6F-66B9-846C-DB484728DCE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A750944E-5C6F-66B9-846C-DB484728DCE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC577416-19E1-899A-945D-F63D607E4195}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC577416-19E1-899A-945D-F63D607E4195}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF095954-C9C9-CF91-848F-9BD9298D1459}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF095954-C9C9-CF91-848F-9BD9298D1459}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B43B4755-0B39-08E8-710D-21DCB7320C50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43B4755-0B39-08E8-710D-21DCB7320C50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFAEC6D6-8A5C-52A5-80CA-1D8268E88061}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFAEC6D6-8A5C-52A5-80CA-1D8268E88061}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C365EB1E-53FA-CD7D-2825-34617B3719A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C365EB1E-53FA-CD7D-2825-34617B3719A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C76CCBE6-106B-F05E-3816-4F57958C7E52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C76CCBE6-106B-F05E-3816-4F57958C7E52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0DA98C5-03EE-8426-49D1-5E36632B98F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0DA98C5-03EE-8426-49D1-5E36632B98F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D41A82C5-3A54-2803-680F-9B61FADFD4F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D41A82C5-3A54-2803-680F-9B61FADFD4F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2451F36-03CB-07F3-134A-05667DB6FC07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2451F36-03CB-07F3-134A-05667DB6FC07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFFA2510-E4A8-F065-1878-3DF2B5F414CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFFA2510-E4A8-F065-1878-3DF2B5F414CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F12088C6-6120-6E26-4176-B786D94D9405}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F12088C6-6120-6E26-4176-B786D94D9405}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8A55D11-EA6F-7647-0824-CB92F7C7CE08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8A55D11-EA6F-7647-0824-CB92F7C7CE08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF9C7B08-5AF7-A03C-C708-12C0C632678D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF9C7B08-5AF7-A03C-C708-12C0C632678D}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\New Value #1 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822d3-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822d3-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822d3-7128-11df-85f1-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822d5-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822d5-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822d5-7128-11df-85f1-00262d7aa02e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822e2-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{590822e2-7128-11df-85f1-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{590822e2-7128-11df-85f1-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6207ab86-7455-11df-889b-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6207ab86-7455-11df-889b-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6207ab86-7455-11df-889b-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6207ab9b-7455-11df-889b-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6207ab9b-7455-11df-889b-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6207ab9b-7455-11df-889b-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661e9031-0965-11e0-9c78-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{661e9031-0965-11e0-9c78-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661e9031-0965-11e0-9c78-00262d7aa02e}\ not found.
File E:\WD SmartWare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{664e3213-7fde-11df-8ae8-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{664e3213-7fde-11df-8ae8-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{664e3213-7fde-11df-8ae8-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed51846-7ae0-11df-abef-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aed51846-7ae0-11df-abef-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed51846-7ae0-11df-abef-00262d7aa02e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed51972-7ae0-11df-abef-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aed51972-7ae0-11df-abef-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed51972-7ae0-11df-abef-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f0bb2d-6bcd-11df-9854-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f0bb33-6bcd-11df-9854-00262d7aa02e}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lukes\Desktop\cmd.bat deleted successfully.
C:\Users\Lukes\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lukes
->Temp folder emptied: 181276034 bytes
->Temporary Internet Files folder emptied: 87802575 bytes
->Java cache emptied: 9511043 bytes
->FireFox cache emptied: 120365122 bytes
->Google Chrome cache emptied: 86544695 bytes
->Flash cache emptied: 1488906 bytes

User: Public

%systemdrive% .tmp files removed: 5575902 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46468070 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 276478 bytes

Total Files Cleaned = 514.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lukes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.20.1 log created on 01142011_134447

Files\Folders moved on Reboot...
C:\Users\Lukes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5522

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/15/2011 1:10:27 PM
mbam-log-2011-01-15 (13-10-27).txt

Scan type: Quick scan
Objects scanned: 156973
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt Log
OTL logfile created on: 1/15/2011 1:12:04 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Lukes\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.38 Gb Total Space | 435.38 Gb Free Space | 74.63% Space Free | Partition Type: NTFS

Computer Name: LUKES-PC | User Name: Lukes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
PRC - [2011/01/06 23:42:50 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/12 20:53:05 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 20:53:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/21 10:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/13 14:29:08 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/11/02 10:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/10/29 22:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/03 13:39:46 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 10:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/25 10:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/11 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/11 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 20:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/05 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 14:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\efsadu32.exe -- (NetTcpPortSharing32)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\drmv2clt32.exe -- (BDESVC32)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/11/12 17:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/03 07:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/03 13:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/10/01 09:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 13:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/28 13:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/01/05 15:09:22 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
SRV - [2010/11/23 16:08:14 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/01 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/25 10:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/11 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 20:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/11 08:30:24 | 000,033,848 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV:64bit: - [2010/07/08 20:40:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/26 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/21 03:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 03:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/11/12 19:31:44 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/03 07:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/03 18:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/18 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/30 05:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/30 05:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/14 06:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/08/06 23:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/07/23 09:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/14 12:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 22:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/25 13:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/20 13:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 07:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 07:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 07:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 13:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/03 14:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 14:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 14:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 14:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 11:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 11:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/09 01:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...c8z175t59i1d63q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z175t59i1d63q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z175t59i1d63q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EB F5 F5 06 80 1F 13 4B A6 1D 9E B6 F8 90 98 CB [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {ea0969b3-6e12-4ac0-b6c9-148e81247954}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {f0a8a365-4c85-40a9-928d-c365a6bc2149}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=WLEM&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/01 18:01:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/18 19:34:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/22 15:01:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/16 12:10:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/16 12:10:25 | 000,000,000 | ---D | M]

[2010/05/14 21:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Extensions
[2011/01/15 00:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions
[2010/12/13 13:23:53 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/08/29 22:00:30 | 000,000,000 | ---D | M] (Messenger Plus Live Australia Toolbar) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
[2010/10/16 22:54:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}
[2010/12/13 13:23:53 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\[email protected]
[2010/07/09 15:26:10 | 000,000,570 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\searchplugins\bing.xml
[2010/06/10 22:32:22 | 000,002,022 | ---- | M] () -- C:\Users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\searchplugins\romulation-rom-search.xml
[2010/12/28 17:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/16 00:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/08 20:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 16:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/21 12:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/10/18 19:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/10 12:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll

O1 HOSTS File: ([2011/01/14 13:45:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [dfmirage-Install] C:\Windows\temp\DFI-8I38JO.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Desktop\Mums Photos
[2011/01/14 13:44:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/13 23:21:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
[2011/01/13 01:55:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lukes\Desktop\HijackThis.exe
[2011/01/12 12:11:22 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/12 12:11:22 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/12 12:11:21 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/12 12:11:21 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/12 12:11:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/12 12:11:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/12 12:11:21 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/12 12:11:21 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/12 12:11:21 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/12 12:11:20 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/12 12:11:20 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/12 12:11:20 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/12 12:11:20 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/12 12:11:20 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/12 12:11:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/12 12:11:20 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/12 12:11:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/12 12:11:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/12 12:11:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/12 12:11:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/12 12:11:14 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 12:11:14 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/06 23:42:06 | 000,396,152 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Lukes\Desktop\utorrent.exe
[2011/01/03 20:01:11 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/01/03 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2011/01/03 20:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2011/01/03 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/01/03 17:21:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/03 17:18:02 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Malwarebytes
[2011/01/03 17:17:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/03 17:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/03 17:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/03 17:17:55 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/03 17:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/03 17:15:31 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lukes\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/01 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Incomplete
[2011/01/01 23:48:58 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Documents\FrostWire
[2010/12/30 12:47:12 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Documents\My Chat Logs
[2010/12/30 12:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/12/30 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Messenger Plus! Live
[2010/12/28 17:41:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Tracing
[2010/12/28 17:19:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\PriceGong
[2010/12/28 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/28 16:30:02 | 000,000,000 | ---D | C] -- C:\Users\Lukes\Desktop\Music
[2010/12/27 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2010/12/25 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Local\Western_Digital
[2010/12/25 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Western Digital
[2010/12/25 18:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2010/12/25 18:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2010/12/25 18:29:55 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Local\Western Digital
[2010/12/21 12:14:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/21 12:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/21 12:14:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\Users\Lukes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PKR
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PKR
[2010/12/18 20:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PKR
[2010/09/18 22:08:40 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2010/07/08 20:40:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lukes\AppData\Roaming\pcouffin.sys
[2009/11/05 14:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2011/01/15 12:37:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/15 12:10:25 | 000,870,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/15 12:10:25 | 000,725,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/15 12:10:25 | 000,145,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/15 12:09:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 12:09:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/15 11:15:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 11:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 00:57:53 | 000,001,182 | ---- | M] () -- C:\Users\Lukes\Desktop\ Mabinogi .lnk
[2011/01/14 13:55:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 13:45:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
[2011/01/13 01:55:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lukes\Desktop\HijackThis.exe
[2011/01/11 23:13:07 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/01/06 23:42:50 | 000,000,935 | ---- | M] () -- C:\Users\Lukes\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/06 23:42:50 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/01/06 23:42:11 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lukes\Desktop\utorrent.exe
[2011/01/04 01:56:57 | 587,746,188 | ---- | M] () -- C:\Users\Lukes\Desktop\www.downloadost.com - mabinogi-ost.rar
[2011/01/03 17:21:08 | 468,288,638 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/03 17:17:58 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/03 17:15:35 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lukes\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/25 18:30:42 | 000,001,377 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/25 18:30:41 | 000,001,322 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/17 09:40:35 | 000,343,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/13 16:27:54 | 000,296,448 | ---- | C] () -- C:\Users\Lukes\Desktop\gmer.exe
[2011/01/11 23:13:07 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2011/01/06 23:42:50 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/01/04 23:07:25 | 000,001,182 | ---- | C] () -- C:\Users\Lukes\Desktop\ Mabinogi .lnk
[2011/01/04 01:25:50 | 587,746,188 | ---- | C] () -- C:\Users\Lukes\Desktop\www.downloadost.com - mabinogi-ost.rar
[2011/01/03 17:21:08 | 468,288,638 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/03 17:17:58 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/25 18:30:41 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/25 18:30:41 | 000,001,322 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/02 21:11:11 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_5
[2010/12/02 12:23:07 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_4
[2010/11/28 18:23:57 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_3
[2010/11/28 16:28:32 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/11/28 16:28:32 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/11/28 15:27:11 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_1
[2010/11/28 15:24:43 | 000,000,173 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\D2Info0
[2010/11/28 15:24:43 | 000,000,008 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\DofusAppId0_2
[2010/11/26 17:03:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/10/16 22:55:15 | 000,000,300 | -HS- | C] () -- C:\ProgramData\215632754
[2010/10/16 22:55:14 | 000,001,185 | ---- | C] () -- C:\ProgramData\753950814
[2010/10/16 22:54:23 | 000,000,234 | ---- | C] () -- C:\ProgramData\sl1832638944
[2010/10/16 22:54:11 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/09/07 00:41:38 | 000,864,702 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/20 13:24:36 | 000,000,000 | ---- | C] () -- C:\Users\Lukes\AppData\Local\prvlcl.dat
[2010/07/08 20:41:03 | 000,000,033 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.log
[2010/07/08 20:40:29 | 000,099,384 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\inst.exe
[2010/07/08 20:40:29 | 000,007,859 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.cat
[2010/07/08 20:40:29 | 000,001,167 | ---- | C] () -- C:\Users\Lukes\AppData\Roaming\pcouffin.inf
[2010/05/18 18:11:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/30 22:40:41 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/12/30 22:27:41 | 000,008,276 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/12/30 22:26:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/30 22:26:32 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/30 22:13:31 | 000,001,676 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/11/05 14:32:42 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/11/05 11:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/11/05 11:21:23 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/11/05 11:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 12:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== LOP Check ==========

[2010/09/29 08:08:06 | 000,000,000 | -HSD | M] -- C:\Users\Lukes\AppData\Roaming\.#
[2010/11/28 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\app
[2010/12/28 17:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dev-Cpp
[2010/12/16 10:59:27 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus 2
[2010/11/28 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/28 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/12/02 12:23:07 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/12/02 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/11/28 15:27:11 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/07/10 22:10:53 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\eSobi
[2010/06/28 00:41:33 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Facebook
[2011/01/02 01:00:33 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\FrostWire
[2010/09/29 08:08:12 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\GameConsole
[2010/10/04 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\GetRightToGo
[2010/11/16 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\NCH Swift Sound
[2010/07/10 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\PlayFirst
[2010/12/28 17:19:13 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\PriceGong
[2010/08/01 04:50:13 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Publish Providers
[2010/11/28 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2010/08/01 04:50:05 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Sony
[2010/11/26 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Three Rings Design
[2010/05/16 02:02:22 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Thunderbird
[2011/01/15 13:05:49 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\uTorrent
[2010/07/10 22:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\ViquaSoft
[2010/07/08 21:32:28 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Vso
[2010/12/25 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Western Digital
[2010/09/28 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\Lukes\AppData\Roaming\Windows Live Writer
[2010/12/09 00:25:11 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >


< MD5 for: EXPLORER.EXE >
[2009/07/14 12:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 17:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 17:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 17:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 16:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 17:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 16:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 12:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 17:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 17:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 12:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 12:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 12:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 12:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 12:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 12:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 18:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 17:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/28 07:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/14 13:55:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/21 21:43:14 | 000,000,974 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 18:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/01/14 13:55:11 | 4148,690,944 | -HS- | M] () -- C:\pagefile.sys
[2009/12/16 20:53:10 | 000,002,552 | RHS- | M] () -- C:\Patch.rev
[2010/05/14 19:56:27 | 000,000,202 | RHS- | M] () -- C:\Preload.rev
[2009/12/30 22:25:13 | 000,003,239 | ---- | M] () -- C:\RHDSetup.log
[2010/03/20 10:55:52 | 002,073,703 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.CAB
[2010/03/20 10:58:20 | 000,551,424 | ---- | M] () -- C:\VS_EXPBSLN_x64_enu.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/14 20:00:30 | 000,000,221 | -HS- | M] () -- C:\Users\Lukes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Lukes\Desktop\gmer.exe
[2011/01/13 01:55:59 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lukes\Desktop\HijackThis.exe
[2011/01/03 17:15:35 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lukes\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/13 23:21:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lukes\Desktop\OTL.exe
[2011/01/06 23:42:11 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lukes\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/02/11 07:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 09:28:27 | 000,000,402 | -HS- | M] () -- C:\Users\Lukes\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/16 22:55:15 | 000,000,300 | -HS- | M] () -- C:\ProgramData\215632754
[2010/10/18 16:34:47 | 000,001,185 | ---- | M] () -- C:\ProgramData\753950814
[2009/12/30 22:29:53 | 000,008,276 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/07/18 13:57:22 | 000,036,136 | ---- | M] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2010/10/16 22:54:23 | 000,000,234 | ---- | M] () -- C:\ProgramData\sl1832638944
[2010/10/16 22:54:11 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DDEB08FD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:F63A059B

< End of report >
No extra.log came up in notebook,
Redirection is in all Web Browsers that i use.
My Kaspersky antivirus expired and i have not Renewed it.

[Render]

Hi,

Are you still being redirected? Is your computer behind a router?

My Kaspersky antivirus expired and i have not Renewed it.

If you will not renew license for KAS I can suggest you some free antivirus programs. If you will renew Kaspersky license, please, skip step 2.

Please, follow the steps below:

Step 1

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Please, uninstall Kaspersky Antivirus program and install one of recommended free antivirus program below:

• Avira AntiVir
• avast! Home Edition
• AVG Anti-Virus Free Edition 9.0
• Microsoft Security Essential

NOTE: Make sure you only use one, though!

When completed the above, please post back the following in the order asked for:

• TDSSKiller log
  
• Please, tell me how is your computer running now? Are there any problems remaining?
  

[Lukas_93]

The TDS SKiller didnt find any infections so did not leave a Log.
The redirection problem remains

[Render]

Hi,

Try this:



Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:

• Tools->Options->Main tab
• Set to "Always ask me where to Save the files".

• During the download, rename Combofix to Combo-Fix as follows:

• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

Edited by Render, 16 January 2011 - 10:46 AM.

[Lukas_93]

ComboFix 11-01-18.02 - Lukes 01/19/2011 12:37:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3956.2635 [GMT 11:00]
Running from: c:\users\Lukes\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu114311544v4.kwd
c:\programdata\SysWoW32\mu114311544v5.kwd
c:\programdata\SysWoW32\mu114311544v6.kwd
c:\programdata\SysWoW32\mu114311544v7.kwd
c:\programdata\SysWoW32\wu114311544v0.kwd
c:\programdata\SysWoW32\wu114311544v1.kwd
c:\programdata\SysWoW32\wu114311544v2.kwd
c:\programdata\SysWoW32\wu114311544v3.kwd
c:\programdata\unrar.exe
c:\users\Lukes\AppData\Roaming\.#
c:\users\Lukes\AppData\Roaming\.#\MBX@FBC@20C2770.###
c:\users\Lukes\AppData\Roaming\.#\MBX@FBC@20C27A0.###
c:\users\Lukes\AppData\Roaming\inst.exe
c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}
c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}\chrome.manifest
c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}\chrome\xulcache.jar
c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}\defaults\preferences\xulcache.js
c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\extensions\{f0a8a365-4c85-40a9-928d-c365a6bc2149}\install.rdf
c:\users\Lukes\AppData\Roaming\PriceGong
c:\users\Lukes\AppData\Roaming\PriceGong\Data\mru.xml

----- BITS: Possible infected sites -----

hxxp://wlxindex
.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 01:43 . 2011-01-19 01:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-16 11:55 . 2011-01-16 11:55 -------- d-----w- c:\users\Lukes\AppData\Roaming\AVG10
2011-01-16 11:52 . 2011-01-16 11:52 -------- d--h--w- c:\programdata\Common Files
2011-01-16 11:51 . 2011-01-16 16:57 -------- d-----w- c:\programdata\AVG10
2011-01-16 11:46 . 2011-01-16 11:51 -------- d-----w- c:\programdata\MFAData
2011-01-15 00:26 . 2010-11-16 01:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E1603CF-8019-4B1D-8D93-6B8ABDC68ADB}\mpengine.dll
2011-01-14 02:44 . 2011-01-14 02:44 -------- d-----w- C:\_OTL
2011-01-03 09:00 . 2011-01-03 09:00 -------- d-----w- c:\program files (x86)\alaplaya
2011-01-03 08:44 . 2011-01-19 01:34 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-01-03 06:18 . 2011-01-03 06:18 -------- d-----w- c:\users\Lukes\AppData\Roaming\Malwarebytes
2011-01-03 06:17 . 2011-01-03 06:17 -------- d-----w- c:\programdata\Malwarebytes
2011-01-03 06:17 . 2010-12-20 07:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-03 06:17 . 2011-01-03 06:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-03 06:17 . 2010-12-20 07:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-01 12:48 . 2011-01-15 10:47 -------- d-----w- c:\users\Lukes\Incomplete
2010-12-30 01:47 . 2010-12-30 01:47 -------- d-----w- c:\programdata\Messenger Plus!
2010-12-30 01:46 . 2010-12-30 01:46 -------- d-----w- c:\program files (x86)\Messenger Plus! Live
2010-12-28 06:41 . 2010-12-28 06:41 -------- d-----w- c:\users\Lukes\Tracing
2010-12-27 11:43 . 2010-12-27 11:43 -------- d-----w- c:\programdata\WD_SmartWareCommon
2010-12-25 07:33 . 2010-12-25 07:33 -------- d-----w- c:\users\Lukes\AppData\Local\Western_Digital
2010-12-25 07:31 . 2010-12-25 07:31 -------- d-----w- c:\users\Lukes\AppData\Roaming\Western Digital
2010-12-25 07:30 . 2010-12-25 07:30 -------- d-----w- c:\programdata\Western Digital
2010-12-25 07:30 . 2010-12-25 07:30 -------- d-----w- c:\program files\Western Digital
2010-12-25 07:30 . 2010-12-25 07:30 -------- d-----w- c:\program files (x86)\Western Digital
2010-12-25 07:29 . 2010-12-25 07:29 -------- d-----w- c:\users\Lukes\AppData\Local\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 04:54 . 2010-11-30 04:54 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2010-11-29 06:38 . 2010-11-29 06:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 06:38 . 2010-11-29 06:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-12 07:53 . 2010-05-15 13:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-14 22:43 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-14 22:43 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-14 22:43 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-14 22:43 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-14 22:43 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-14 22:43 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-14 22:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-14 22:43 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-14 22:44 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-14 22:44 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-14 22:44 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-14 22:44 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-14 22:44 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-14 22:44 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-14 22:44 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-14 22:44 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-14 22:44 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-14 22:44 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-14 22:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-14 22:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-19 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-06 396152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-12 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

R2 BDESVC32;BitLocker Drive Encryption Service ;c:\windows\system32\drmv2clt32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\efsadu32.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2010-09-10 33848]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-29 427880]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-12 202752]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-15 20480]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 10:05]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 10:05]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5740&r=27360510h106l03c8z175t59i1d63q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Lukes\AppData\Roaming\Mozilla\Firefox\Profiles\pjyugqr4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Messenger Plus Live Australia Toolbar: {ea0969b3-6e12-4ac0-b6c9-148e81247954} - %profile%\extensions\{ea0969b3-6e12-4ac0-b6c9-148e81247954}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-dfmirage-Install - c:\windows\temp\DFI-8I38JO.exe
HKLM-Run-ProxyCap - c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe
AddRemove-18_is1 - c:\users\Lukes\RBO\RAGNAROK BATTLE OFFLINE\unins000.exe
AddRemove-35_is1 - c:\users\Lukes\RBO\RAGNAROK BATTLE OFFLINE\unins001.exe
AddRemove-36_is1 - c:\users\Lukes\RBO\RAGNAROK BATTLE OFFLINE\unins002.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Ragnarok Battle Offline - c:\users\Lukes\RBO\Uninstal.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2841746702-1224906926-1892908460-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2841746702-1224906926-1892908460-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"

[HKEY_USERS\S-1-5-21-2841746702-1224906926-1892908460-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-19 12:44:54
ComboFix-quarantined-files.txt 2011-01-19 01:44

Pre-Run: 462,311,038,976 bytes free
Post-Run: 462,340,165,632 bytes free

- - End Of File - - 5252D2161F93B29AD650018996667BE1

[Render]

Hi, Lukas_93

Are you still experiencing re-directs?

Are you using BitLocker Drive Encryption?

Please proceed with the steps below:

Step 1

We need to remove your Anti-Virus leftovers.

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Step 2

Please uninstall Kaspersky AV and install one of AV's below:

• Avira AntiVir
• avast! Home Edition
• AVG Anti-Virus Free Edition 9.0
• Microsoft Security Essential

NOTE: Make sure you only use one, though!

Step 3

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

• On the first tab select all elements down to Computer and then select start scan
• Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

• Select the Manual Disinfection tab
• Press the Gather System Information button
• Once done Open the last report saved folder then attach the zip file to your next post zip
• The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

When completed the above, please post back the following in the order asked for:

• AVP report from first part
  
• Attached avptool_sysinfo.zip file
  

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.