Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.Sality Virus


  • Please log in to reply

#1
Peter Lee

Peter Lee

    Member

  • Member
  • PipPipPip
  • 117 posts
w32.Sality virus found reported by Avira Anti-virus. It creates autorun.inf and an *.exe file in every drive randomly.
  • 0

Advertisements


#2
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:42 AM, on 20-Jun-2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Maxis Broadband\Maxis Broadband.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ?27.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Maxis Broadband] "C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MEGAUPLOAD 3.0)" -"http://edits.zwinky....html?gameID=11"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1298904480656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1298904665375
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{F554DE5E-248F-47C8-9ACF-F4EF2BBCA7ED}: NameServer = 58.71.136.10 58.71.132.10
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PIPIStartSvr - Unknown owner - E:\Program Files\pipi\PIPIStartSvr.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13593 bytes
  • 0

#3
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 22-Jun-2012 8:11:11 AM - Run 2
OTL by OldTimer - Version 3.2.51.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 44.31% Memory free
2.85 Gb Paging File | 2.04 Gb Available in Paging File | 71.43% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 6.04 Gb Free Space | 7.79% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 17.34 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 15.25 Gb Free Space | 19.64% Space Free | Partition Type: NTFS
Drive H: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.87 Gb Total Space | 0.60 Gb Free Space | 32.32% Space Free | Partition Type: FAT32

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-22 08:10:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2012-06-22 07:56:24 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-02-17 14:19:18 | 000,614,400 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2011-03-14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,180,224 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009-05-13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2006-02-24 17:28:06 | 002,555,904 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,404,352 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,229,376 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-02 00:11:00 | 000,172,123 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,172,032 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,537,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 05:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-02-17 14:19:18 | 000,614,400 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011-05-21 09:55:32 | 000,237,568 | ---- | M] () -- C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MOD - [2011-03-14 23:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2011-01-05 19:43:08 | 000,163,840 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2010-12-04 03:35:08 | 001,017,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010-04-15 19:48:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2010-04-15 19:47:38 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2010-04-15 19:46:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2010-04-15 19:45:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2010-04-15 19:43:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2010-04-15 19:42:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2010-04-15 19:41:16 | 000,245,760 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2010-04-15 19:28:00 | 001,015,808 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2010-04-15 19:15:46 | 000,172,032 | ---- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2010-04-15 19:15:42 | 000,598,016 | ---- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2010-04-06 15:21:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2010-04-06 15:21:26 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2009-01-28 15:03:50 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008-09-16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2006-05-14 12:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-13 18:34:04 | 000,139,264 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\nsldap32v50.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:14 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 001,257,472 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003-04-04 06:05:02 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- E:\Program Files\pipi\PIPIStartSvr.exe -- (PIPIStartSvr)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-03-14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009-07-21 13:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,149,104 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glnoqm.sys -- (amsint32)
DRV - [2012-06-22 08:06:24 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\krhtl.sys -- (etnecss)
DRV - [2012-06-22 08:05:34 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\vaqwegci.sys -- (fmtusw)
DRV - [2012-06-22 08:05:00 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\kgcx.sys -- (aqlb)
DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-03-21 21:49:20 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009-05-11 09:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....8&fr=megaup&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2009-04-05 20:14:38 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2012-06-17 21:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-06-11 07:36:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009-04-05 20:13:24 | 000,000,000 | ---D | M] ("Megaupload Toolbar") -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-24 10:22:52 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-06-17 21:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-03-12 20:08:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-03-12 20:08:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2011-08-21 21:14:00 | 000,000,246 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 googlesyndication.com
O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MEGAUPLOAD 3.0)" -"http://edits.zwinky....html?gameID=11" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM File not found
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([*] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F554DE5E-248F-47C8-9ACF-F4EF2BBCA7ED}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012-06-17 21:59:20 | 000,000,341 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012-06-17 21:59:19 | 000,000,212 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-06-17 21:59:19 | 000,000,386 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2012-06-17 21:45:24 | 000,000,000 | ---D | M] - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell - "" = AutoRun
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 07:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 07:27:22 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-22 07:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-06-22 07:50:34 | 000,000,000 | ---D | C] -- C:\Avenger
[2012-06-20 09:07:30 | 000,000,000 | ---D | C] -- C:\virus 20 06 2012
[2012-06-20 08:59:12 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012-06-20 08:47:58 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2012-06-17 21:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012-06-10 11:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-06-22 08:06:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\krhtl.sys
[2012-06-22 08:05:34 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vaqwegci.sys
[2012-06-22 08:05:34 | 000,000,068 | ---- | M] () -- C:\WINDOWS\tasks\dmxypb
[2012-06-22 08:05:16 | 000,103,140 | ---- | M] () -- C:\bjxcns.exe
[2012-06-22 08:05:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgcx.sys
[2012-06-22 07:55:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-22 07:55:20 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-22 00:11:56 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-06-21 19:00:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012-06-20 09:18:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-06-19 08:57:58 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-18 09:25:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-18 07:54:20 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-18 07:54:20 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012-06-17 21:59:20 | 000,000,341 | RHS- | M] () -- C:\autorun.inf
[2012-06-17 21:33:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-06-15 19:46:26 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\UserImages.bmp
[2012-06-02 06:52:38 | 000,000,000 | ---- | M] () -- C:\edu.bmp
[2012-06-02 06:52:38 | 000,000,000 | ---- | M] () -- C:\dir.bmp
[2012-05-27 12:08:56 | 000,001,381 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\8387672.rtf
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-06-22 08:06:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\krhtl.sys
[2012-06-22 08:05:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaqwegci.sys
[2012-06-22 08:05:33 | 000,000,068 | ---- | C] () -- C:\WINDOWS\tasks\dmxypb
[2012-06-22 08:05:14 | 000,103,140 | ---- | C] () -- C:\bjxcns.exe
[2012-06-22 08:04:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgcx.sys
[2012-06-19 08:57:57 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-17 21:59:20 | 000,000,341 | RHS- | C] () -- C:\autorun.inf
[2012-06-15 19:46:25 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\UserImages.bmp
[2012-06-02 06:52:37 | 000,000,000 | ---- | C] () -- C:\edu.bmp
[2012-06-02 06:52:36 | 000,000,000 | ---- | C] () -- C:\dir.bmp
[2012-05-23 08:18:31 | 000,001,105 | ---- | C] () -- C:\xp_drive_association_fix.zip
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-23 21:34:11 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-07-23 21:34:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011-07-23 21:34:08 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-07-23 21:34:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008-11-09 23:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2008-11-11 17:16:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008-11-23 16:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008-11-25 10:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2008-12-05 19:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009-01-10 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009-01-10 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-01-10 17:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009-01-15 09:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009-01-15 09:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009-01-17 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009-02-07 11:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2009-10-17 18:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009-11-20 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010-02-23 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iSpeak
[2011-02-15 18:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2011-03-10 21:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011-05-19 22:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011-05-25 20:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2011-05-25 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012-02-17 14:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012-02-19 09:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012-02-29 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2008-11-10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Acer
[2008-11-23 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GameHouse
[2008-12-04 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\LimeWire
[2009-01-02 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AlwaysNeat
[2009-01-11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Playrix Entertainment
[2009-01-17 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Alawar
[2009-02-07 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Super-Cow
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\MegauploadToolbar
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EmailNotifier
[2009-04-05 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Megaupload
[2009-11-17 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GlarySoft
[2009-11-20 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ancient Quest of Saqqarah__iwin
[2010-01-10 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Reflexive JanesZOO
[2010-02-14 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Gamelab
[2010-06-05 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PIPI
[2010-09-17 17:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Wildfire
[2011-04-02 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Magic Match
[2011-05-19 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sandlot Games
[2011-05-26 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Angkor
[2011-05-29 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ohana Games
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2011-09-30 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Incredible Ink
[2012-02-14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Rovio
[2012-02-17 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband
[2012-02-20 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Independent
[2012-04-05 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenCandy
[2012-06-21 19:00:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012-06-22 08:05:34 | 000,000,068 | ---- | M] () -- C:\WINDOWS\Tasks\dmxypb

========== Purity Check ==========



< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
We didn't see your post because you replied to your own post and we look for posts with no replies.


Uninstall:
Malwarebytes' Anti-Malware (If already installed as it will interfere.)

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glnoqm.sys -- (amsint32)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
[2012-06-17 21:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-06-11 07:36:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2012-06-17 21:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-03-12 20:08:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM File not found
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O32 - AutoRun File - [2012-06-17 21:59:19 | 000,000,212 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-06-17 21:59:19 | 000,000,386 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2012-06-17 21:45:24 | 000,000,000 | ---D | M] - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell - "" = AutoRun
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 07:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011-03-15 07:27:22 | 000,148,320 | R--- | M] ()
[2012-06-22 08:06:24 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\krhtl.sys
[2012-06-22 08:05:34 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vaqwegci.sys
[2012-06-22 08:05:34 | 000,000,068 | ---- | M] () -- C:\WINDOWS\tasks\dmxypb
[2012-06-22 08:05:16 | 000,103,140 | ---- | M] () -- C:\bjxcns.exe
[2012-06-22 08:05:00 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgcx.sys
[2012-06-17 21:59:20 | 000,000,341 | RHS- | M] () -- C:\autorun.inf
[2012-06-22 08:06:23 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\krhtl.sys
[2012-06-22 08:05:33 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaqwegci.sys
[2012-06-22 08:05:33 | 000,000,068 | ---- | C] () -- C:\WINDOWS\tasks\dmxypb
[2012-06-22 08:05:14 | 000,103,140 | ---- | C] () -- C:\bjxcns.exe
[2012-06-22 08:04:58 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgcx.sys
[2012-06-21 19:00:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012-06-22 08:05:34 | 000,000,068 | ---- | M] () -- C:\WINDOWS\Tasks\dmxypb

:files
type C:\autorun.inf /c
C:\autorun.inf
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config amsint32 start= disabled /c
sc config etnecss start= disabled /c
sc config fmtusw start= disabled /c
sc config aqlb start= disabled /c
sc config HWDeviceService.exe start= disabled /c
C:\WINDOWS\system32\drivers\krhtl.sys
C:\WINDOWS\system32\drivers\vaqwegci.sys
C:\WINDOWS\system32\drivers\kgcx.sys
sc delete amsint32 /c
sc delete etnecss /c
sc delete fmtusw /c
sc delete aqlb /c
sc delete rpcapd /c
sc delete PIPIStartSvr /c

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan - allow the Avast download and scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#5
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Avira not running .. auto closed.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
Then I guess Avira won't bother us. Go on with the other stuff. If something won't work just skip it for now.
  • 0

#7
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Error: Unable to stop service amsint32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 deleted successfully.
File C:\WINDOWS\system32\drivers\glnoqm.sys not found.
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 removed from extensions.enabledItems
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\DEFAULTS\preferences folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\DEFAULTS folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\META-INF(2) folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\chrome(2) folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\defaults(2)\preferences(2) folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\defaults(2) folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\components(2) folder moved successfully.
C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25BC7718-0BFA-40EA-B381-4B2D9732D686}\ deleted successfully.
C:\Program Files\Yahoo!\Search Protection\ysp.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Sample Toolband Serach\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range2\\* deleted successfully.
Invalid CLSID key: *
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range3\\* deleted successfully.
Invalid CLSID key: *
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range4\\* deleted successfully.
Invalid CLSID key: *
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b489d4e-592f-11e1-9ab5-0016361e0bc3}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3dffa3c-593f-11e1-9abb-806d6172696f}\ not found.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File C:\WINDOWS\System32\drivers\krhtl.sys not found.
File C:\WINDOWS\System32\drivers\vaqwegci.sys not found.
File C:\WINDOWS\tasks\dmxypb not found.
File C:\bjxcns.exe not found.
File C:\WINDOWS\System32\drivers\kgcx.sys not found.
File move failed. C:\autorun.inf scheduled to be moved on reboot.
File C:\WINDOWS\System32\drivers\krhtl.sys not found.
File C:\WINDOWS\System32\drivers\vaqwegci.sys not found.
File C:\WINDOWS\tasks\dmxypb not found.
File C:\bjxcns.exe not found.
File C:\WINDOWS\System32\drivers\kgcx.sys not found.
C:\WINDOWS\Tasks\RMSchedule.job moved successfully.
File C:\WINDOWS\Tasks\dmxypb not found.
========== FILES ==========
< type C:\autorun.inf /c >
[AutoRun]
;AFXnstGtM aQupPqUXlQ
;cJMsV
shell\exPlorE\COmmanD=nkksh.exe
;Udphojmqiv emBgxyanQHI
shell\oPen\dEfaulT=1
oPEn =nkksh.exe
;
Shell\oPeN\coMManD= nkksh.exe
;aukykXTRMcWkPEGc txdi
shell\AutOPlay\COmmANd=nkksh.exe
;OqjFffBQ
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
File move failed. C:\autorun.inf scheduled to be moved on reboot.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc config amsint32 start= disabled /c >
[SC] ChangeServiceConfig FAILED 2:
The system cannot find the file specified.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc config etnecss start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc config fmtusw start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc config aqlb start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc config HWDeviceService.exe start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\system32\drivers\krhtl.sys not found.
File\Folder C:\WINDOWS\system32\drivers\vaqwegci.sys not found.
File\Folder C:\WINDOWS\system32\drivers\kgcx.sys not found.
< sc delete amsint32 /c >
[SC] DeleteService SUCCESS
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc delete etnecss /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc delete fmtusw /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc delete aqlb /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc delete rpcapd /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< sc delete PIPIStartSvr /c >
[SC] DeleteService SUCCESS
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Peter
->Java cache emptied: 872789 bytes

User: Guest
->Java cache emptied: 0 bytes

User: Administrator

User: Administrator.ACER-8C1E498EF8

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Peter
->Flash cache emptied: 116024 bytes

User: Guest

User: Administrator

User: Administrator.ACER-8C1E498EF8
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.51.0 log created on 06252012_020848

Files\Folders moved on Reboot...
E:\autorun.inf moved successfully.
F:\autorun.inf moved successfully.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
File move failed. H:\AUTORUN.INF scheduled to be moved on reboot.
C:\autorun.inf moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
C:\Combofix.txt not found..
  • 0

#9
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe

Bad link ...
  • 0

#10
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 08:23:19
-----------------------------
08:23:19.281 OS Version: Windows 5.1.2600 Service Pack 2
08:23:19.281 Number of processors: 2 586 0xE08
08:23:19.281 ComputerName: ACER-8C1E498EF8 UserName: Peter
08:23:20.015 Initialize success
08:25:23.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:25:23.265 Disk 0 Vendor: ST9250827AS 3.AAB Size: 238475MB BusType: 3
08:25:23.281 Disk 0 MBR read successfully
08:25:23.281 Disk 0 MBR scan
08:25:23.281 Disk 0 Windows XP default MBR code
08:25:23.281 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 79493 MB offset 63
08:25:23.281 Disk 0 Partition - 00 0F Extended LBA 158979 MB offset 162802710
08:25:23.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 79493 MB offset 162802773
08:25:23.312 Disk 0 Partition - 00 05 Extended 79485 MB offset 325605420
08:25:23.328 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 79485 MB offset 325605483
08:25:23.328 Disk 0 scanning sectors +488392065
08:25:23.375 Disk 0 scanning C:\WINDOWS\system32\drivers
08:25:27.593 Service scanning
08:25:36.671 Modules scanning
08:25:44.390 Scan finished successfully
08:26:11.156 Disk 0 MBR has been saved successfully to "C:\virus 20 06 2012\MBR.dat"
08:26:11.156 The log file has been saved successfully to "C:\virus 20 06 2012\aswMBR.txt"
  • 0

Advertisements


#11
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.06

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 8.0.6001.18702
Peter :: ACER-8C1E498EF8 [administrator]

Protection: Disabled

25-Jun-2012 8:47:53 AM
mbam-log-2012-06-25 (08-47-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256690
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{E2745192-8F50-4ACC-AA27-2AC0B85A875F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\nifen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
Sometimes the combofix log will be in c:\combofix\combofix.txt.

The TDSSKiller link is good if you click on the original but the forum software likes to shorten it for some reason so if you try to type it or copy it then it doesn't work. The actual link is
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

  • 0

#13
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 25-Jun-2012 9:10:18 AM - Run 3
OTL by OldTimer - Version 3.2.51.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 51.46% Memory free
2.85 Gb Paging File | 2.18 Gb Available in Paging File | 76.62% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 7.56 Gb Free Space | 9.74% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 17.36 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.89 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive H: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.87 Gb Total Space | 0.60 Gb Free Space | 32.32% Space Free | Partition Type: FAT32

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-25 08:01:44 | 000,012,970 | ---- | M] () -- C:\WINDOWS\temp\kdrpn.exe
PRC - [2012-06-25 07:59:00 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-06-23 23:52:00 | 000,614,400 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2012-06-22 08:10:20 | 000,670,208 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,188,416 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009-05-13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2006-02-24 17:28:06 | 002,555,904 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,404,352 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,528,384 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,229,376 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,155,648 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,307,200 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-29 14:45:06 | 000,520,192 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
PRC - [2005-11-02 00:11:00 | 000,172,123 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,172,032 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,147,456 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,615,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,344,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-08-04 05:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-25 08:01:44 | 000,012,970 | ---- | M] () -- C:\WINDOWS\temp\kdrpn.exe
MOD - [2012-06-23 23:52:00 | 000,614,400 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011-05-21 09:55:32 | 000,237,568 | ---- | M] () -- C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MOD - [2011-01-05 19:43:08 | 000,163,840 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2010-12-04 03:35:08 | 001,017,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010-04-15 19:48:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2010-04-15 19:47:38 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2010-04-15 19:46:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2010-04-15 19:45:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2010-04-15 19:43:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2010-04-15 19:42:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2010-04-15 19:41:16 | 000,245,760 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2010-04-15 19:28:00 | 001,015,808 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2010-04-15 19:15:46 | 000,172,032 | ---- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2010-04-15 19:15:42 | 000,598,016 | ---- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2010-04-06 15:21:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2010-04-06 15:21:26 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2009-01-28 15:03:50 | 000,326,401 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008-09-16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2006-05-14 12:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:14 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 001,257,472 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2003-04-04 06:05:02 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011-03-14 23:27:28 | 000,345,440 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009-07-21 13:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 15:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,155,648 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,149,104 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012-06-25 09:05:42 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\auktc.sys -- (hoegw)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-03-21 21:49:20 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009-05-11 09:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2009-04-05 20:14:38 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2012-06-25 02:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-04-05 20:13:24 | 000,000,000 | ---D | M] ("Megaupload Toolbar") -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-24 10:22:52 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-06-25 02:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-03-12 20:08:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2012-06-25 02:10:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F554DE5E-248F-47C8-9ACF-F4EF2BBCA7ED}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012-06-25 07:59:14 | 000,000,244 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012-06-25 07:59:13 | 000,000,301 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012-06-25 07:59:13 | 000,000,260 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2012-06-17 21:45:24 | 000,000,000 | ---D | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found




ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: midimapper - midimap.dll File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.N264 - C:\WINDOWS\System32\NVH264vfw.dll ()
Drivers32: vidc.NUB2 - C:\WINDOWS\System32\NuB2.dll ()
Drivers32: vidc.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-06-25 08:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-06-25 08:30:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-06-25 08:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-06-25 07:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-06-25 02:32:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peter\My Documents\My Videos
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Administrative Tools
[2012-06-25 02:31:22 | 004,637,899 | R--- | C] (Swearware) -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2012-06-23 23:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Maxis Broadband
[2012-06-23 23:52:02 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012-06-23 23:52:02 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012-06-23 23:52:02 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012-06-23 23:52:02 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012-06-23 23:52:02 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012-06-23 23:52:02 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012-06-23 23:52:02 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012-06-23 23:52:02 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012-06-23 23:52:02 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012-06-23 23:52:02 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012-06-23 23:52:02 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012-06-20 09:07:30 | 000,000,000 | ---D | C] -- C:\virus 20 06 2012
[2012-06-17 21:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012-06-10 11:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

========== Files - Modified Within 30 Days ==========

[2012-06-25 09:06:04 | 000,103,140 | ---- | M] () -- C:\nifen.exe
[2012-06-25 09:05:42 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\auktc.sys
[2012-06-25 08:31:00 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-25 07:59:14 | 000,000,244 | RHS- | M] () -- C:\autorun.inf
[2012-06-25 07:58:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-06-25 07:58:16 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-25 05:52:06 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-06-25 02:30:30 | 004,637,899 | R--- | M] (Swearware) -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2012-06-24 23:12:36 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-06-24 00:26:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-06-24 00:08:50 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-23 23:52:50 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxis Broadband.lnk
[2012-06-18 07:54:20 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-18 07:54:20 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012-06-17 21:33:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-06-15 19:46:26 | 000,043,062 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\UserImages.bmp
[2012-06-02 06:52:38 | 000,000,000 | ---- | M] () -- C:\edu.bmp
[2012-06-02 06:52:38 | 000,000,000 | ---- | M] () -- C:\dir.bmp
[2012-05-27 12:08:56 | 000,001,381 | ---- | M] () -- C:\Documents and Settings\Peter\My Documents\8387672.rtf

========== Files Created - No Company Name ==========

[2012-06-25 09:06:02 | 000,103,140 | ---- | C] () -- C:\nifen.exe
[2012-06-25 09:05:41 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\auktc.sys
[2012-06-25 08:30:59 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-25 07:59:30 | 000,000,244 | RHS- | C] () -- C:\autorun.inf
[2012-06-23 23:52:48 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxis Broadband.lnk
[2012-06-15 19:46:25 | 000,043,062 | ---- | C] () -- C:\Documents and Settings\Peter\My Documents\UserImages.bmp
[2012-06-02 06:52:37 | 000,000,000 | ---- | C] () -- C:\edu.bmp
[2012-06-02 06:52:36 | 000,000,000 | ---- | C] () -- C:\dir.bmp
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-23 21:34:11 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-07-23 21:34:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2011-07-23 21:34:08 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-07-23 21:34:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9250827AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: Kingston DataTraveler 2.0 USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: HUAWEI SD Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 155.00GB
Starting Offset: 83354987520
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 126976
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2012-06-25 09:06:04 | 000,103,140 | ---- | M] () -- C:\nifen.exe
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe

< %SYSTEMDRIVE%\*.exe >
[2012-06-25 09:06:04 | 000,103,140 | ---- | M] () -- C:\nifen.exe
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2003-04-04 03:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Identities
[2003-04-04 06:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\ATI
[2003-04-04 02:50:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Peter\Application Data\Microsoft
[2008-11-09 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Macromedia
[2008-11-10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Acer
[2008-11-09 09:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Symantec
[2008-11-09 10:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Yahoo!
[2008-11-09 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\CyberLink
[2008-11-09 12:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Mozilla
[2008-11-10 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Adobe
[2008-11-10 10:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Help
[2008-11-11 09:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenOffice.org2
[2008-11-13 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Media Player Classic
[2008-11-14 09:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Real
[2008-11-14 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AdobeUM
[2008-11-21 14:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\WinRAR
[2008-11-23 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GameHouse
[2008-11-24 10:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sun
[2008-12-04 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\LimeWire
[2008-12-10 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Malwarebytes
[2008-12-18 00:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ahead
[2009-01-02 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AlwaysNeat
[2009-01-11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Playrix Entertainment
[2009-01-17 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Alawar
[2009-02-07 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Super-Cow
[2009-04-05 20:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\InstallShield
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\MegauploadToolbar
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EmailNotifier
[2009-04-05 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Megaupload
[2009-10-22 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\mIRC
[2009-11-17 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GlarySoft
[2009-11-20 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ancient Quest of Saqqarah__iwin
[2010-01-10 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Reflexive JanesZOO
[2010-02-14 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Gamelab
[2010-06-05 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PIPI
[2010-09-17 17:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Wildfire
[2011-03-19 18:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Avira
[2011-04-02 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Magic Match
[2011-05-19 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sandlot Games
[2011-05-26 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Angkor
[2011-05-29 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ohana Games
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2011-09-30 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Incredible Ink
[2012-02-14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Rovio
[2012-02-17 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband
[2012-02-20 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Independent
[2012-04-05 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenCandy

< MD5 for: ATAPI.SYS >
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2004-08-04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004-08-03 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004-08-03 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004-08-03 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-12-04 03:35:08 | 000,627,424 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
  • 0

#14
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL Extras logfile created on: 25-Jun-2012 9:10:18 AM - Run 3
OTL by OldTimer - Version 3.2.51.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 51.46% Memory free
2.85 Gb Paging File | 2.18 Gb Available in Paging File | 76.62% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 7.56 Gb Free Space | 9.74% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 17.36 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.89 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
Drive H: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.87 Gb Total Space | 0.60 Gb Free Space | 32.32% Space Free | Partition Type: FAT32

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7808:TCP" = 7808:TCP:*:Enabled:BitComet 7808 TCP
"7808:UDP" = 7808:UDP:*:Enabled:BitComet 7808 UDP
"36394:TCP" = 36394:TCP:*:Disabled:Limewire1 TCP
"36394:UDP" = 36394:UDP:*:Disabled:Limewire1 UDP
"49156:TCP" = 49156:TCP:*:Disabled:Limewire2 TCP
"49156:UDP" = 49156:UDP:*:Disabled:Limewire2 UDP
"8085:UDP" = 8085:UDP:*:Disabled:8085 udp
"8085:TCP" = 8085:TCP:*:Disabled:8085 tcp
"8086:TCP" = 8086:TCP:*:Disabled:8086 tcp
"8086:UDP" = 8086:UDP:*:Disabled:8086 udp
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Disabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater. -- ()
"C:\Program Files\bmoworld\BomberMan.exe" = C:\Program Files\bmoworld\BomberMan.exe:*:Disabled:BomberMan -- (Wizgate)
"C:\Program Files\PWRD\PD\pd.exe" = C:\Program Files\PWRD\PD\pd.exe:*:Disabled:pd -- ()
"E:\Program Files\pipi\HttpDownLoad.exe" = E:\Program Files\pipi\HttpDownLoad.exe:*:Disabled:HttpDownLoad
"E:\Program Files\pipi\jfCacheMgr.exe" = E:\Program Files\pipi\jfCacheMgr.exe:*:Disabled:PIPI CacheMgr
"E:\Program Files\pipi\KmLiveUpdate.exe" = E:\Program Files\pipi\KmLiveUpdate.exe:*:Disabled:PIPI LiveUpdate
"E:\Program Files\pipi\PIPIPlayer.exe" = E:\Program Files\pipi\PIPIPlayer.exe:*:Disabled:PIPIPlayer
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe" = E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe:*:Disabled:iSpeak7.0 -- (上海勤和互联网技术软件开发有限公司)
"E:\wanmeicn\ec_patch_388-564.exe" = E:\wanmeicn\ec_patch_388-564.exe:*:Disabled:@xpsp2res.dll,-22008
"E:\《完美世界》国际版\ec_patch_113-230.cup.exe" = E:\《完美世界》国际版\ec_patch_113-230.cup.exe:*:Disabled:@xpsp2res.dll,-22008
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ragnarok\Offline\Server\char-server.exe" = C:\Program Files\Ragnarok\Offline\Server\char-server.exe:*:Enabled:char-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\map-server.exe" = C:\Program Files\Ragnarok\Offline\Server\map-server.exe:*:Enabled:map-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\login-server.exe" = C:\Program Files\Ragnarok\Offline\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\char-server.exe" = F:\Program Files\Gravity\ERO\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\ERO\Server\login-server.exe" = F:\Program Files\Gravity\ERO\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\map-server.exe" = F:\Program Files\Gravity\ERO\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\char-server.exe" = F:\Program Files\Gravity\GeoRo\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\login-server.exe" = F:\Program Files\Gravity\GeoRo\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\map-server.exe" = F:\Program Files\Gravity\GeoRo\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe:*:Enabled:char-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe:*:Enabled:login-server -- ()
"C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN" = C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Maxis Broadband\Maxis Broadband.exe" = C:\Program Files\Maxis Broadband\Maxis Broadband.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe:*:Enabled:ipsec
"C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" = C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE:*:Enabled:ipsec -- (Dritek System Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\OpenOffice.org 2.0\program\soffice.exe" = C:\Program Files\OpenOffice.org 2.0\program\soffice.exe:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ElkCtrl.exe" = C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ipsec -- (Logitech Inc.)
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
"C:\WINDOWS\Alaunch.exe" = C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ipsec -- (HiTRUST)
"C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe" = C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe:*:Enabled:ipsec
"C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" = C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\virus 20 06 2012\OTL.exe" = C:\virus 20 06 2012\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)
"C:\ComboFix\CF7338.3XE" = C:\ComboFix\CF7338.3XE:*:Enabled:ipsec -- ()
"c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" = c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:*:Enabled:ipsec -- (Logitech)
"C:\WINDOWS\TEMP\kdrpn.exe" = C:\WINDOWS\TEMP\kdrpn.exe:*:Enabled:ipsec -- ()
"C:\WINDOWS\TEMP\umcab.exe" = C:\WINDOWS\TEMP\umcab.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wintyrgu.exe" = C:\WINDOWS\TEMP\wintyrgu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winlqkes.exe" = C:\WINDOWS\TEMP\winlqkes.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\yfdco.exe" = C:\WINDOWS\TEMP\yfdco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xlbrmd.exe" = C:\WINDOWS\TEMP\xlbrmd.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhfvpbn.exe" = C:\WINDOWS\TEMP\winhfvpbn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winebeitk.exe" = C:\WINDOWS\TEMP\winebeitk.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ovpb.exe" = C:\WINDOWS\TEMP\ovpb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winitfeww.exe" = C:\WINDOWS\TEMP\winitfeww.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ydxvj.exe" = C:\WINDOWS\TEMP\ydxvj.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\jkwde.exe" = C:\WINDOWS\TEMP\jkwde.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wincognjr.exe" = C:\WINDOWS\TEMP\wincognjr.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xrimha.exe" = C:\WINDOWS\TEMP\xrimha.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxcyt.exe" = C:\WINDOWS\TEMP\winxcyt.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wineuqofu.exe" = C:\WINDOWS\TEMP\wineuqofu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\evrcl.exe" = C:\WINDOWS\TEMP\evrcl.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnpsx.exe" = C:\WINDOWS\TEMP\winnpsx.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\windtkkyq.exe" = C:\WINDOWS\TEMP\windtkkyq.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ujgcco.exe" = C:\WINDOWS\TEMP\ujgcco.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0357458A-7259-4CFD-AF7F-69410DD33821}" = Easy Flyer Creator
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{227E06B7-1AD8-4BA5-9298-C37237A58F72}" = Celcom Desktop CPPRS Setup
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{269683A1-7486-4D6F-93CC-91D4BE808025}" = UG-04
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3A24088A-8940-408F-BA98-7A32FDBC3E04}" = UG-00-V1
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53791EB5-13D2-44AD-93A6-292878AB0BFF}" = 3FeeL Online
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{656BE550-DC84-40C6-AF0F-2688ED441FB3}" = UG-00-V1
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6CF16DCA-0ED3-4A5E-B83A-B2658A9817D4}" = StoneAge2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76FFD3FD-26EF-438B-9A56-B4908AC14319}" = UG-05
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD90297F-EE7D-4E91-A27E-04A7331B1C92}" = UG-04
"{B3D15CAF-313D-46C7-803B-F9B9BC4F2630}" = RO English Edition
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84AD4D2-A9C2-4455-AE12-CFCBB824FCDD}" = UG-05
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F86E01B6-A97B-4023-BEEE-CBADC56BC436}" = SexyBeach2
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"´ºÇïQ´«online_is1" = ´ºÇïQ´«online
"7-Zip" = 7-Zip 4.42
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"am-totemtribe" = Totem Tribe
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Balloon Blast_is1" = Balloon Blast
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"BitComet" = BitComet 1.06
"Bob the Builder Can Do Zoo1.0" = Bob the Builder Can Do Zoo
"Burger Island_is1" = Burger Island
"Burger Rush" = Burger Rush
"Burger Shop" = Burger Shop (remove only)
"Burger Shop by mrs.apple" = Burger Shop by mrs.apple
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chameleon Gems" = Chameleon Gems
"Cheatbook Database 2012" = Cheatbook Database 2012
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"DivXG400" = DivXG400
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Emerald Tale" = Emerald Tale
"ePresentation" = Acer ePresentation Management
"ERUNT_is1" = ERUNT 1.1j
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party 1.0.1.0" = Farm Frenzy - Pizza Party 1.0.1.0
"Farm Mania 2_is1" = Farm Mania 2
"Feeding Frenzy 2" = Feeding Frenzy 2
"FiberTwig" = FiberTwig
"Fishdom" = Fishdom (remove only)
"Gearz" = Gearz
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"GoeRo Installer April-15-2007" = GoeRo Installer April-15-2007
"GridVista" = Acer GridVista
"Gutterball 2" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"ie8" = Windows Internet Explorer 8
"Iggle Pop" = Iggle Pop
"Incredible Ink" = Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Island Realms" = Island Realms
"iSpeak7.0" = iSpeak 7.0
"iWinArcade" = iWin Games (remove only)
"Janes Zoo_is1" = Janes Zoo
"Jewel Quest_is1" = Jewel Quest
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.2
"LimeWire" = LimeWire 4.18.8
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LManager" = Launch Manager
"Lose Your Marbles" = Lose Your Marbles
"Lula 3D" = Lula 3D
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"Magic Ball 2" = Magic Ball 2
"Magic Ball 3" = Magic Ball 3
"Magic Match" = Magic Match
"Magic Vines" = Magic Vines
"MagicInlay" = MagicInlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest_is1" = Mah Jong Quest
"Mahjong Escape" = Mahjong Escape
"Mahjong: The Endless Journey" = Mahjong: The Endless Journey
"Mahjongg Fortuna Deluxe" = Mahjongg Fortuna Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maxis Broadband" = Maxis Broadband
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" =
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSNINST" = MSN
"NJStar Communicator" = NJStar Communicator
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Pizza Frenzy" = Pizza Frenzy
"Plants vs. Zombies" = Plants vs. Zombies
"Platypus" = Platypus
"ProInst" = Intel® PROSet/Wireless Software
"Ragnarok Offline" = Ragnarok Offline 1.20
"Ragnarok Online" = Ragnarok Online
"Rainbow Drops Buster_is1" = Rainbow Drops Buster
"Ranch Rush" = Ranch Rush
"Reflexive Arcade 10-Pack" = Reflexive Arcade 10-Pack
"Roboball" = Roboball
"Secrets of Six Seas" = Secrets of Six Seas (remove only)
"Sexy傾儖僶儉" = Sexy傾儖僶儉
"SimCity 3000" = SimCity 3000
"Snowy Lunch Rush_is1" = Snowy Lunch Rush
"Snowy Treasure Hunter 3_is1" = Snowy Treasure Hunter 3
"Snowy: Treasure Hunter 2" = Snowy: Treasure Hunter 2
"Snowy: Treasure Hunter 3" = Snowy: Treasure Hunter 3
"ST6UNST #1" = DiGi MyKad Prepaid Registration
"Strike Ball 3" = Strike Ball 3
"Supercow_is1" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.20_is1" = Total Video Converter 3.20 090104
"Tumblebugs" = Tumblebugs
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"beanfun!" = beanfun!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17-Jun-2012 6:07:17 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 17-Jun-2012 9:16:33 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4110
Description = An unknown error occurred during init of the engine! Returned error
code: 0x35

Error - 17-Jun-2012 9:33:10 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 17-Jun-2012 9:56:06 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 17-Jun-2012 10:19:02 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 17-Jun-2012 7:21:41 PM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 18-Jun-2012 7:01:46 AM | Computer Name = ACER-8C1E498EF8 | Source = Avira AntiVir | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 19-Jun-2012 8:50:54 PM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 22-Jun-2012 8:13:21 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application cli.exe, version 1.11.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

Error - 23-Jun-2012 11:09:05 AM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 24-Jun-2012 9:16:48 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:17:08 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:17:28 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:17:48 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:18:08 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:18:28 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:18:48 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:19:08 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:19:28 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 24-Jun-2012 9:19:48 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding


< End of report >
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,779 posts
  • MVP
That didn't quite get it. Let's try booting into Safe Mode - Command Prompt. You will need to print this out as you will not have it in Command Prompt.

Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Command Prompt. Login with your usual login. You will come to a black screen.

Type (with an Enter after each line. I use two spaces in the code box so you can see where one space goes.):

cd  \

(This should just change the prompt to c:\ > )

dir  /a  *.exe

(This will list the current files in C:\. It looks like there are two files:

[2012-06-25 09:06:04 | 000,103,140 | ---- | M] () -- C:\nifen.exe
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe (this one is harmless)

We want to delete nifen.exe and any others like it (5 random letters followed by .exe) which may show up. We do this by: )

del  nifen.exe

(When the prompt returns run the dir command again to see if it gets replaced or a new one shows up. )


dir  /a  *.exe

(Now we want to go after the C:\autorun.inf file.)

attrib  -a  -s  -r  autorun.inf

(prompt should return without an error. This just makes the file visible and allows us to delete it.)

del  autorun.inf

(Prompt should return without an error. Now that the file is gone we want to replace it with a folder of the same name so that the file can't come back.)

mkdir  autorun.inf

(Prompt should return without an error.)

(Now let's get rid of the files hiding in your temp folders.)



cd  \DOCUME~1\Peter\LOCALS~1\Temp

(Prompt should change to show you are in the Temp folder)

del  *.exe

(Prompt should return without an error tho it may ask you if you are sure - tell it Y.)


cd  C:\WINDOWS\TEMP

(Prompt should change to show you are in the C:\Windows\Temp folder)

del  *.exe

(Prompt should return without an error tho it may ask you if you are sure - tell it Y.)

sc  delete  hoegw

(This tries to delete one of the drivers from the registry. It may not find it as this thing seems to make up new names with each boot.)

cd  \WINDOWS\system32\drivers

(Prompt should change to show you are in c:\windows\system32\drivers)
del  auktc.sys

(This tries to delete the associated file.)

(Now let's kill off the aurotun.inf files on the other drives: )

E:

(This should change the prompt to E:\


attrib  -a  -s  -r  autorun.inf

del  autorun.inf

mkdir  autorun.inf


F:

attrib  -a  -s  -r  autorun.inf

del  autorun.inf

mkdir  autorun.inf


J:

attrib  -a  -s  -r  autorun.inf

del  autorun.inf

mkdir  autorun.inf

(Now let's reboot into Safe Mode with Networking.)

exit

(It should reboot. When you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Copy the following:


DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

You should get one log. Please attach it to your next post as it should be fairly large.

Run OTL again but this time select Quickscan and copy and paste the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP