Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

w32.Sality Virus


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

ou need to update to XP SP3. Running SP2 you will get a lot more of these infections.

If this is an AMD CPU then you need to get KB953356:
http://www.microsoft...ang=en&id=23751
and install it first.


You should be offered the SP3 update from MS Updates but if not you can get it from:

http://technet.micro...indows/bb794714

Ron
  • 0

Advertisements


#47
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Everytime during startup ... seems like there's something installing ...
  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#49
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 29-Jul-2012 11:47:05 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 49.80% Memory free
2.85 Gb Paging File | 2.14 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 36.38 Gb Free Space | 46.88% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.76 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-29 23:44:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2012-06-29 23:09:52 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-06-06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2006-02-24 17:28:06 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-29 14:45:06 | 000,438,272 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
PRC - [2005-11-02 00:11:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,531,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-26 03:13:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7156f9fe\mscorlib.dll
MOD - [2012-06-26 03:12:50 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
MOD - [2012-06-26 03:12:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea2dc3e1\system.xml.dll
MOD - [2012-06-26 03:12:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4db9f700\system.windows.forms.dll
MOD - [2012-06-26 03:12:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39b14579\system.dll
MOD - [2012-06-26 03:12:04 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012-06-26 03:12:02 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010-02-06 02:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-07-29 21:16:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-03-14 23:27:28 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,073,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.15.4.23821
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..keyword.URL: "http://klit.startnow...5.1-x86-SP2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2009-04-05 20:14:38 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-04-05 20:13:24 | 000,000,000 | ---D | M] ("Megaupload Toolbar") -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-24 10:22:52 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012-07-04 07:46:12 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-06-29 09:01:36 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\[email protected]
[2012-07-25 07:58:50 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\searchplugins\yahoo-zugo.xml
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2012-07-01 12:17:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\aro.exe (Support.com, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,204 | RHS- | M] () - C:\autorun.inf_1341138495.arl -- [ FAT32 ]
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,343 | -HS- | M] () - E:\autorun.inf_1341138495.arl -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0



ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: midimapper - midimap.dll File not found
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.N264 - C:\WINDOWS\System32\NVH264vfw.dll ()
Drivers32: vidc.NUB2 - C:\WINDOWS\System32\NuB2.dll ()
Drivers32: vidc.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-07-29 21:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-07-25 23:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Microsoft AppLocale
[2012-07-25 07:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012-07-20 23:35:04 | 000,000,000 | ---D | C] -- C:\screenshots
[2012-07-15 14:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\realore_whiterra_adelantado_beta
[2012-07-15 13:15:08 | 000,000,000 | ---D | C] -- C:\Games New
[2012-07-15 12:36:29 | 000,000,000 | ---D | C] -- C:\FruitMania
[2012-07-10 19:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\CyberLink
[2012-07-04 07:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\QuickScan
[2012-07-03 01:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-07-02 20:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-07-02 20:19:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-07-02 20:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-07-02 09:32:20 | 000,000,000 | -H-D | C] -- C:\Peter
[2012-07-02 08:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012-07-01 21:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\Black Eyes
[2012-07-01 21:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\Absolute
[2012-07-01 19:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\T-ara
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\virus 20 06 2012
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Supercow
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\My Downloads
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Liong The Dragon Dance
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\bmoworld
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\2 Burn

========== Files - Modified Within 30 Days ==========

[2012-07-29 23:56:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-07-29 23:29:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-29 22:51:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-07-29 21:16:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-29 21:16:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-29 21:12:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-29 21:12:26 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-29 21:09:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-07-29 20:54:10 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Adelantado.lnk
[2012-07-26 19:56:34 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-25 07:58:42 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:42 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-24 02:19:46 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-20 23:45:22 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-07-17 19:54:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-12 22:17:06 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Paint.lnk
[2012-07-09 09:47:48 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-07-09 09:47:48 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-07-02 20:19:32 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-02 08:52:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012-07-02 00:14:00 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Clean Registry for Free!.lnk
[2012-07-01 21:20:46 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Playlist1.wpl.lnk

========== Files Created - No Company Name ==========

[2012-07-29 21:16:35 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-25 07:58:40 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:40 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-15 14:55:30 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Adelantado.lnk
[2012-07-02 20:19:31 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-02 08:52:19 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012-07-02 08:52:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
[2012-07-02 00:13:58 | 000,001,254 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Clean Registry for Free!.lnk
[2012-07-01 21:20:45 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Playlist1.wpl.lnk
[2012-07-01 21:05:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9250827AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: HUAWEI SD Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 155.00GB
Starting Offset: 83354987520
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2003-04-04 03:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Identities
[2003-04-04 06:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\ATI
[2003-04-04 02:50:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Peter\Application Data\Microsoft
[2008-11-09 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Macromedia
[2008-11-10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Acer
[2008-11-09 09:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Symantec
[2008-11-09 10:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Yahoo!
[2008-11-09 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\CyberLink
[2008-11-09 12:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Mozilla
[2008-11-10 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Adobe
[2008-11-10 10:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Help
[2008-11-11 09:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenOffice.org2
[2008-11-13 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Media Player Classic
[2008-11-14 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AdobeUM
[2008-11-21 14:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\WinRAR
[2008-11-23 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GameHouse
[2008-11-24 10:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sun
[2008-12-04 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\LimeWire
[2008-12-10 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Malwarebytes
[2008-12-18 00:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ahead
[2009-01-02 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AlwaysNeat
[2009-01-11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Playrix Entertainment
[2009-01-17 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Alawar
[2009-02-07 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Super-Cow
[2009-04-05 20:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\InstallShield
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\MegauploadToolbar
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EmailNotifier
[2009-04-05 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Megaupload
[2009-10-22 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\mIRC
[2009-11-17 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GlarySoft
[2009-11-20 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ancient Quest of Saqqarah__iwin
[2010-01-10 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Reflexive JanesZOO
[2010-02-14 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Gamelab
[2010-06-05 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PIPI
[2010-09-17 17:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Wildfire
[2011-04-02 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Magic Match
[2011-05-19 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sandlot Games
[2011-05-26 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Angkor
[2011-05-29 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ohana Games
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2011-09-30 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Incredible Ink
[2012-02-14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Rovio
[2012-02-17 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband
[2012-02-20 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Independent
[2012-04-05 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenCandy
[2012-06-25 22:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Oracle
[2012-06-25 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sammsoft
[2012-07-04 07:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\QuickScan
[2012-07-15 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\realore_whiterra_adelantado_beta

< MD5 for: ATAPI.SYS >
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008-04-14 08:12:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\csrss.exe
[2004-08-04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004-08-03 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008-04-14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008-06-21 01:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008-06-21 01:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\system32\mswsock.dll
[2008-06-21 01:36:12 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004-08-04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2004-08-04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008-06-21 01:46:58 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008-04-14 08:12:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[2008-06-21 01:43:06 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008-04-14 08:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\nwprovau.dll
[2004-08-04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2004-08-04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004-08-04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2004-08-04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\pnrpnsp.dll
[2008-04-14 08:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009-02-06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008-04-14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2009-02-06 18:22:22 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\dllcache\services.exe
[2009-02-06 18:22:22 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\services.exe
[2009-02-06 19:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2004-08-04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004-08-04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe

< MD5 for: SVCHOST.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008-04-14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004-08-03 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008-04-14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004-08-03 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004-08-04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2004-08-04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\winrnr.dll
[2008-04-14 08:12:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-12-04 03:35:08 | 000,063,488 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010-05-05 21:30:58 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2012-07-25 09:14:20 | 000,000,353 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-07-25 09:14:20 | 000,000,353 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-02-21 12:39:35 | 000,000,310 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2012-02-21 12:39:24 | 000,000,310 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2009-07-12 10:23:37 | 000,806,637 | ---- | C] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
[2009-01-08 02:58:36 | 000,806,637 | ---- | M] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
(C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
(C:\Documents and Settings\Peter\Start Menu\Programs\«????») -- C:\Documents and Settings\Peter\Start Menu\Programs\《武林外传》
(C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\盛大网络

< End of report >
  • 0

#50
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL Extras logfile created on: 29-Jul-2012 11:47:05 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 49.80% Memory free
2.85 Gb Paging File | 2.14 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 36.38 Gb Free Space | 46.88% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.76 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7808:TCP" = 7808:TCP:*:Enabled:BitComet 7808 TCP
"7808:UDP" = 7808:UDP:*:Enabled:BitComet 7808 UDP
"36394:TCP" = 36394:TCP:*:Disabled:Limewire1 TCP
"36394:UDP" = 36394:UDP:*:Disabled:Limewire1 UDP
"49156:TCP" = 49156:TCP:*:Disabled:Limewire2 TCP
"49156:UDP" = 49156:UDP:*:Disabled:Limewire2 UDP
"8085:UDP" = 8085:UDP:*:Disabled:8085 udp
"8085:TCP" = 8085:TCP:*:Disabled:8085 tcp
"8086:TCP" = 8086:TCP:*:Disabled:8086 tcp
"8086:UDP" = 8086:UDP:*:Disabled:8086 udp
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Disabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater. -- ()
"C:\Program Files\bmoworld\BomberMan.exe" = C:\Program Files\bmoworld\BomberMan.exe:*:Disabled:BomberMan -- (Wizgate)
"C:\Program Files\PWRD\PD\pd.exe" = C:\Program Files\PWRD\PD\pd.exe:*:Disabled:pd -- ()
"E:\Program Files\pipi\HttpDownLoad.exe" = E:\Program Files\pipi\HttpDownLoad.exe:*:Disabled:HttpDownLoad
"E:\Program Files\pipi\jfCacheMgr.exe" = E:\Program Files\pipi\jfCacheMgr.exe:*:Disabled:PIPI CacheMgr
"E:\Program Files\pipi\KmLiveUpdate.exe" = E:\Program Files\pipi\KmLiveUpdate.exe:*:Disabled:PIPI LiveUpdate
"E:\Program Files\pipi\PIPIPlayer.exe" = E:\Program Files\pipi\PIPIPlayer.exe:*:Disabled:PIPIPlayer
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe" = E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe:*:Disabled:iSpeak7.0 -- (上海勤和互联网技术软件开发有限公司)
"E:\wanmeicn\ec_patch_388-564.exe" = E:\wanmeicn\ec_patch_388-564.exe:*:Disabled:@xpsp2res.dll,-22008
"E:\《完美世界》国际版\ec_patch_113-230.cup.exe" = E:\«????»???\ec_patch_113-230.cup.exe:*:Disabled:@xpsp2res.dll,-22008
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ragnarok\Offline\Server\char-server.exe" = C:\Program Files\Ragnarok\Offline\Server\char-server.exe:*:Enabled:char-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\map-server.exe" = C:\Program Files\Ragnarok\Offline\Server\map-server.exe:*:Enabled:map-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\login-server.exe" = C:\Program Files\Ragnarok\Offline\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\char-server.exe" = F:\Program Files\Gravity\ERO\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\ERO\Server\login-server.exe" = F:\Program Files\Gravity\ERO\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\map-server.exe" = F:\Program Files\Gravity\ERO\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\char-server.exe" = F:\Program Files\Gravity\GeoRo\Server\char-server.exe:*:Enabled:char-server
"F:\Program Files\Gravity\GeoRo\Server\login-server.exe" = F:\Program Files\Gravity\GeoRo\Server\login-server.exe:*:Enabled:login-server
"F:\Program Files\Gravity\GeoRo\Server\map-server.exe" = F:\Program Files\Gravity\GeoRo\Server\map-server.exe:*:Enabled:map-server
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe:*:Enabled:char-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe:*:Enabled:login-server -- ()
"C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN" = C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Maxis Broadband\Maxis Broadband.exe" = C:\Program Files\Maxis Broadband\Maxis Broadband.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe:*:Enabled:ipsec
"C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" = C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE:*:Enabled:ipsec -- (Dritek System Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\OpenOffice.org 2.0\program\soffice.exe" = C:\Program Files\OpenOffice.org 2.0\program\soffice.exe:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ElkCtrl.exe" = C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ipsec -- (Logitech Inc.)
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
"C:\WINDOWS\Alaunch.exe" = C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ipsec -- (HiTRUST)
"C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe" = C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe:*:Enabled:ipsec
"C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" = C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\virus 20 06 2012\OTL.exe" = C:\virus 20 06 2012\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)
"C:\ComboFix\CF7338.3XE" = C:\ComboFix\CF7338.3XE:*:Enabled:ipsec -- ()
"c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" = c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:*:Enabled:ipsec -- (Logitech)
"C:\WINDOWS\TEMP\kdrpn.exe" = C:\WINDOWS\TEMP\kdrpn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\umcab.exe" = C:\WINDOWS\TEMP\umcab.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wintyrgu.exe" = C:\WINDOWS\TEMP\wintyrgu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winlqkes.exe" = C:\WINDOWS\TEMP\winlqkes.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\yfdco.exe" = C:\WINDOWS\TEMP\yfdco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xlbrmd.exe" = C:\WINDOWS\TEMP\xlbrmd.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhfvpbn.exe" = C:\WINDOWS\TEMP\winhfvpbn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winebeitk.exe" = C:\WINDOWS\TEMP\winebeitk.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ovpb.exe" = C:\WINDOWS\TEMP\ovpb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winitfeww.exe" = C:\WINDOWS\TEMP\winitfeww.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ydxvj.exe" = C:\WINDOWS\TEMP\ydxvj.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\jkwde.exe" = C:\WINDOWS\TEMP\jkwde.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wincognjr.exe" = C:\WINDOWS\TEMP\wincognjr.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xrimha.exe" = C:\WINDOWS\TEMP\xrimha.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxcyt.exe" = C:\WINDOWS\TEMP\winxcyt.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wineuqofu.exe" = C:\WINDOWS\TEMP\wineuqofu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\evrcl.exe" = C:\WINDOWS\TEMP\evrcl.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnpsx.exe" = C:\WINDOWS\TEMP\winnpsx.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\windtkkyq.exe" = C:\WINDOWS\TEMP\windtkkyq.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ujgcco.exe" = C:\WINDOWS\TEMP\ujgcco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winqtctb.exe" = C:\WINDOWS\TEMP\winqtctb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winspwe.exe" = C:\WINDOWS\TEMP\winspwe.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnwndbh.exe" = C:\WINDOWS\TEMP\winnwndbh.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winaxtw.exe" = C:\WINDOWS\TEMP\winaxtw.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winrgrb.exe" = C:\WINDOWS\TEMP\winrgrb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wingjbwll.exe" = C:\WINDOWS\TEMP\wingjbwll.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxvug.exe" = C:\WINDOWS\TEMP\winxvug.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winmdjhuc.exe" = C:\WINDOWS\TEMP\winmdjhuc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhqve.exe" = C:\WINDOWS\TEMP\winhqve.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\cgrvfc.exe" = C:\WINDOWS\TEMP\cgrvfc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\lnfedm.exe" = C:\WINDOWS\TEMP\lnfedm.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winurbya.exe" = C:\WINDOWS\TEMP\winurbya.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winehosd.exe" = C:\WINDOWS\TEMP\winehosd.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0357458A-7259-4CFD-AF7F-69410DD33821}" = Easy Flyer Creator
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{227E06B7-1AD8-4BA5-9298-C37237A58F72}" = Celcom Desktop CPPRS Setup
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{269683A1-7486-4D6F-93CC-91D4BE808025}" = UG-04
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A24088A-8940-408F-BA98-7A32FDBC3E04}" = UG-00-V1
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{656BE550-DC84-40C6-AF0F-2688ED441FB3}" = UG-00-V1
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76FFD3FD-26EF-438B-9A56-B4908AC14319}" = UG-05
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD90297F-EE7D-4E91-A27E-04A7331B1C92}" = UG-04
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84AD4D2-A9C2-4455-AE12-CFCBB824FCDD}" = UG-05
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F86E01B6-A97B-4023-BEEE-CBADC56BC436}" = SexyBeach2
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"´ºÇïQ´«online_is1" = ´ºÇïQ´«online
"7-Zip" = 7-Zip 4.42
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"am-totemtribe" = Totem Tribe
"ARO 2012_is1" = ARO 2012
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"Balloon Blast_is1" = Balloon Blast
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"BitComet" = BitComet 1.06
"Bob the Builder Can Do Zoo1.0" = Bob the Builder Can Do Zoo
"Burger Island_is1" = Burger Island
"Burger Rush" = Burger Rush
"Burger Shop" = Burger Shop (remove only)
"Burger Shop by mrs.apple" = Burger Shop by mrs.apple
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chameleon Gems" = Chameleon Gems
"Cheatbook Database 2012" = Cheatbook Database 2012
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"DivXG400" = DivXG400
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ePresentation" = Acer ePresentation Management
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party 1.0.1.0" = Farm Frenzy - Pizza Party 1.0.1.0
"Farm Mania 2_is1" = Farm Mania 2
"Feeding Frenzy 2" = Feeding Frenzy 2
"FiberTwig" = FiberTwig
"Fishdom" = Fishdom (remove only)
"Gearz" = Gearz
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"GridVista" = Acer GridVista
"Gutterball 2" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"ie8" = Windows Internet Explorer 8
"Incredible Ink" = Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Island Realms" = Island Realms
"iSpeak7.0" = iSpeak 7.0
"iWinArcade" = iWin Games (remove only)
"Janes Zoo_is1" = Janes Zoo
"Jewel Quest_is1" = Jewel Quest
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"LimeWire" = LimeWire 4.18.8
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LManager" = Launch Manager
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"MagicInlay" = MagicInlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Maxis Broadband" = Maxis Broadband
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" =
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSNINST" = MSN
"NJStar Communicator" = NJStar Communicator
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Pizza Frenzy" = Pizza Frenzy
"Platypus" = Platypus
"ProInst" = Intel® PROSet/Wireless Software
"Ragnarok Offline" = Ragnarok Offline 1.20
"Rainbow Drops Buster_is1" = Rainbow Drops Buster
"Secrets of Six Seas" = Secrets of Six Seas (remove only)
"Snowy Lunch Rush_is1" = Snowy Lunch Rush
"Snowy Treasure Hunter 3_is1" = Snowy Treasure Hunter 3
"Snowy: Treasure Hunter 2" = Snowy: Treasure Hunter 2
"Snowy: Treasure Hunter 3" = Snowy: Treasure Hunter 3
"ST6UNST #1" = DiGi MyKad Prepaid Registration
"Supercow_is1" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.20_is1" = Total Video Converter 3.20 090104
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"beanfun!" = beanfun!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22-Jun-2012 8:13:21 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application cli.exe, version 1.11.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

Error - 23-Jun-2012 11:09:05 AM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 01-Jul-2012 11:32:17 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 01-Jul-2012 11:33:10 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 22-Jun-2012 8:13:21 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application cli.exe, version 1.11.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

Error - 23-Jun-2012 11:09:05 AM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 01-Jul-2012 11:32:17 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 01-Jul-2012 11:33:10 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29-Jul-2012 12:00:29 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:30 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:31 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:32 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:33 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:35 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:36 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:37 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:38 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 29-Jul-2012 12:00:39 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}


< End of report >
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Symantec appears to be broken. You need to uninstall it (save the product license key so you can reinstall it:http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US) Then reinstall it.

Uninstall:
Mega Manager
Ask Toolbar
Adobe Reader 7.0 (this should be updated to Reader 10. something.)
CA Yahoo! Anti-Spy (remove only)
LimeWire 4.18.8
Megaupload Toolbar
Yahoo! Toolbar
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Install Manager
Ask Toolbar Updater
BitComet 1.06


Copy the text in the code box by highlighting and Ctrl + c


:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,204 | RHS- | M] () - C:\autorun.inf_1341138495.arl -- [ FAT32 ]
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,343 | -HS- | M] () - E:\autorun.inf_1341138495.arl -- [ NTFS ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\DOCUME~1\Peter\LOCALS~1\Temp\*.exe
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.
  • 0

#52
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
========== OTL ==========
Service XDva268 stopped successfully!
Service XDva268 deleted successfully!
File C:\WINDOWS\system32\XDva268.sys not found.
Service InCDRm stopped successfully!
Service InCDRm deleted successfully!
File system32\drivers\InCDRm.sys not found.
Service InCDPass stopped successfully!
Service InCDPass deleted successfully!
File system32\drivers\InCDPass.sys not found.
Service InCDFs stopped successfully!
Service InCDFs deleted successfully!
File system32\drivers\InCDFs.sys not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\WINDOWS\system32\drivers\EagleNT.sys not found.
C:\autorun.inf_1341138495.arl moved successfully.
E:\autorun.inf_1341138495.arl moved successfully.
File move failed. I:\AutoRun.exe scheduled to be moved on reboot.
File move failed. I:\AUTORUN.INF scheduled to be moved on reboot.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\virus 20 06 2012\cmd.bat deleted successfully.
C:\virus 20 06 2012\cmd.txt deleted successfully.
C:\DOCUME~1\Peter\LOCALS~1\Temp\RtkBtMnt.exe moved successfully.
C:\DOCUME~1\Peter\LOCALS~1\Temp\symlcsv1.exe moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Peter
->Java cache emptied: 0 bytes

User: Guest
->Java cache emptied: 0 bytes

User: Administrator

User: Administrator.ACER-8C1E498EF8

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Peter
->Flash cache emptied: 47401 bytes

User: Guest

User: Administrator

User: Administrator.ACER-8C1E498EF8
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_005302

Files\Folders moved on Reboot...
File move failed. I:\AutoRun.exe scheduled to be moved on reboot.
File move failed. I:\AUTORUN.INF scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2011-03-15 07:27:22 | 000,148,320 | R--- | M] () I:\AutoRun.exe : MD5=2FD4C7C1D0FF9AB5BCAE3ADA32455A2A
[2011-08-19 01:13:04 | 000,000,047 | R--- | M] () I:\AUTORUN.INF : MD5=521B88C37A5D2F90F54628ABF9E616B8

Registry entries deleted on Reboot...
  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#54
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 04-Aug-2012 1:01:08 AM - Run 7
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.28% Memory free
2.85 Gb Paging File | 2.21 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 35.98 Gb Free Space | 46.36% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.75 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-04 00:56:10 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-07-29 23:44:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2012-06-06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2006-02-24 17:28:06 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-29 14:45:06 | 000,438,272 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
PRC - [2005-11-02 00:11:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,531,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-26 03:13:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7156f9fe\mscorlib.dll
MOD - [2012-06-26 03:12:50 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
MOD - [2012-06-26 03:12:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea2dc3e1\system.xml.dll
MOD - [2012-06-26 03:12:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4db9f700\system.windows.forms.dll
MOD - [2012-06-26 03:12:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39b14579\system.dll
MOD - [2012-06-26 03:12:04 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012-06-26 03:12:02 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011-05-21 09:55:32 | 000,237,568 | ---- | M] () -- C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MOD - [2011-01-05 19:43:08 | 000,163,840 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2010-04-15 19:48:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2010-04-15 19:47:38 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2010-04-15 19:46:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2010-04-15 19:45:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2010-04-15 19:43:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2010-04-15 19:42:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2010-04-15 19:41:16 | 000,245,760 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2010-04-15 19:28:00 | 001,015,808 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2010-04-15 19:15:46 | 000,172,032 | ---- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2010-04-15 19:15:42 | 000,598,016 | ---- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2010-04-06 15:21:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2010-04-06 15:21:26 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2010-02-06 02:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-07-29 21:16:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-03-14 23:27:28 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,073,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..keyword.URL: "http://klit.startnow...5.1-x86-SP2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2012-07-04 07:46:12 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-07-25 07:58:50 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\searchplugins\yahoo-zugo.xml
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2012-08-04 00:53:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\aro.exe (Support.com, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-04 00:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-07-25 23:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Microsoft AppLocale
[2012-07-25 07:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012-07-20 23:35:04 | 000,000,000 | ---D | C] -- C:\screenshots
[2012-07-15 14:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\realore_whiterra_adelantado_beta
[2012-07-15 13:15:08 | 000,000,000 | ---D | C] -- C:\Games New
[2012-07-15 12:36:29 | 000,000,000 | ---D | C] -- C:\FruitMania
[2012-07-10 19:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\CyberLink

========== Files - Modified Within 30 Days ==========

[2012-08-04 01:06:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-08-04 00:55:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-04 00:55:34 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-04 00:53:56 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-08-04 00:29:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-08-04 00:23:30 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2012-08-04 00:05:40 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\tv series.rtf
[2012-08-03 23:21:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-03 22:15:24 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-08-02 18:52:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-30 08:30:50 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-29 21:16:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-07-29 21:16:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-07-29 20:54:10 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Adelantado.lnk
[2012-07-26 19:56:34 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-25 07:58:42 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:42 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-24 02:19:46 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-12 22:17:06 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Paint.lnk
[2012-07-09 09:47:48 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-07-09 09:47:48 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012-07-29 21:16:35 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-07-25 07:58:40 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:40 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-15 14:55:30 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Adelantado.lnk
[2012-07-01 21:05:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== Files - Unicode (All) ==========
[2012-07-25 09:14:20 | 000,000,353 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-07-25 09:14:20 | 000,000,353 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-02-21 12:39:35 | 000,000,310 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2012-02-21 12:39:24 | 000,000,310 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2009-07-12 10:23:37 | 000,806,637 | ---- | C] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
[2009-01-08 02:58:36 | 000,806,637 | ---- | M] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
(C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
(C:\Documents and Settings\Peter\Start Menu\Programs\«????») -- C:\Documents and Settings\Peter\Start Menu\Programs\《武林外传》
(C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\盛大网络

< End of report >
  • 0

#55
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL Extras logfile created on: 04-Aug-2012 1:01:08 AM - Run 7
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.28% Memory free
2.85 Gb Paging File | 2.21 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 35.98 Gb Free Space | 46.36% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 13.75 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7808:TCP" = 7808:TCP:*:Enabled:BitComet 7808 TCP
"7808:UDP" = 7808:UDP:*:Enabled:BitComet 7808 UDP
"36394:TCP" = 36394:TCP:*:Disabled:Limewire1 TCP
"36394:UDP" = 36394:UDP:*:Disabled:Limewire1 UDP
"49156:TCP" = 49156:TCP:*:Disabled:Limewire2 TCP
"49156:UDP" = 49156:UDP:*:Disabled:Limewire2 UDP
"8085:UDP" = 8085:UDP:*:Disabled:8085 udp
"8085:TCP" = 8085:TCP:*:Disabled:8085 tcp
"8086:TCP" = 8086:TCP:*:Disabled:8086 tcp
"8086:UDP" = 8086:UDP:*:Disabled:8086 udp
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Disabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater. -- ()
"C:\Program Files\bmoworld\BomberMan.exe" = C:\Program Files\bmoworld\BomberMan.exe:*:Disabled:BomberMan -- (Wizgate)
"C:\Program Files\PWRD\PD\pd.exe" = C:\Program Files\PWRD\PD\pd.exe:*:Disabled:pd -- ()
"E:\Program Files\pipi\HttpDownLoad.exe" = E:\Program Files\pipi\HttpDownLoad.exe:*:Disabled:HttpDownLoad
"E:\Program Files\pipi\jfCacheMgr.exe" = E:\Program Files\pipi\jfCacheMgr.exe:*:Disabled:PIPI CacheMgr
"E:\Program Files\pipi\KmLiveUpdate.exe" = E:\Program Files\pipi\KmLiveUpdate.exe:*:Disabled:PIPI LiveUpdate
"E:\Program Files\pipi\PIPIPlayer.exe" = E:\Program Files\pipi\PIPIPlayer.exe:*:Disabled:PIPIPlayer
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe" = E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe:*:Disabled:iSpeak7.0 -- (上海勤和互联网技术软件开发有限公司)
"E:\wanmeicn\ec_patch_388-564.exe" = E:\wanmeicn\ec_patch_388-564.exe:*:Disabled:@xpsp2res.dll,-22008
"E:\《完美世界》国际版\ec_patch_113-230.cup.exe" = E:\«????»???\ec_patch_113-230.cup.exe:*:Disabled:@xpsp2res.dll,-22008
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ragnarok\Offline\Server\char-server.exe" = C:\Program Files\Ragnarok\Offline\Server\char-server.exe:*:Enabled:char-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\map-server.exe" = C:\Program Files\Ragnarok\Offline\Server\map-server.exe:*:Enabled:map-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\login-server.exe" = C:\Program Files\Ragnarok\Offline\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\char-server.exe" = F:\Program Files\Gravity\ERO\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\ERO\Server\login-server.exe" = F:\Program Files\Gravity\ERO\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\map-server.exe" = F:\Program Files\Gravity\ERO\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\char-server.exe" = F:\Program Files\Gravity\GeoRo\Server\char-server.exe:*:Enabled:char-server
"F:\Program Files\Gravity\GeoRo\Server\login-server.exe" = F:\Program Files\Gravity\GeoRo\Server\login-server.exe:*:Enabled:login-server
"F:\Program Files\Gravity\GeoRo\Server\map-server.exe" = F:\Program Files\Gravity\GeoRo\Server\map-server.exe:*:Enabled:map-server
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe:*:Enabled:char-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe:*:Enabled:login-server -- ()
"C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN" = C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Maxis Broadband\Maxis Broadband.exe" = C:\Program Files\Maxis Broadband\Maxis Broadband.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe:*:Enabled:ipsec
"C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" = C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE:*:Enabled:ipsec -- (Dritek System Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\OpenOffice.org 2.0\program\soffice.exe" = C:\Program Files\OpenOffice.org 2.0\program\soffice.exe:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ElkCtrl.exe" = C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ipsec -- (Logitech Inc.)
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
"C:\WINDOWS\Alaunch.exe" = C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ipsec -- (HiTRUST)
"C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe" = C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe:*:Enabled:ipsec
"C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" = C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\virus 20 06 2012\OTL.exe" = C:\virus 20 06 2012\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)
"C:\ComboFix\CF7338.3XE" = C:\ComboFix\CF7338.3XE:*:Enabled:ipsec -- ()
"c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" = c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:*:Enabled:ipsec -- (Logitech)
"C:\WINDOWS\TEMP\kdrpn.exe" = C:\WINDOWS\TEMP\kdrpn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\umcab.exe" = C:\WINDOWS\TEMP\umcab.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wintyrgu.exe" = C:\WINDOWS\TEMP\wintyrgu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winlqkes.exe" = C:\WINDOWS\TEMP\winlqkes.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\yfdco.exe" = C:\WINDOWS\TEMP\yfdco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xlbrmd.exe" = C:\WINDOWS\TEMP\xlbrmd.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhfvpbn.exe" = C:\WINDOWS\TEMP\winhfvpbn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winebeitk.exe" = C:\WINDOWS\TEMP\winebeitk.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ovpb.exe" = C:\WINDOWS\TEMP\ovpb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winitfeww.exe" = C:\WINDOWS\TEMP\winitfeww.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ydxvj.exe" = C:\WINDOWS\TEMP\ydxvj.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\jkwde.exe" = C:\WINDOWS\TEMP\jkwde.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wincognjr.exe" = C:\WINDOWS\TEMP\wincognjr.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xrimha.exe" = C:\WINDOWS\TEMP\xrimha.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxcyt.exe" = C:\WINDOWS\TEMP\winxcyt.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wineuqofu.exe" = C:\WINDOWS\TEMP\wineuqofu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\evrcl.exe" = C:\WINDOWS\TEMP\evrcl.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnpsx.exe" = C:\WINDOWS\TEMP\winnpsx.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\windtkkyq.exe" = C:\WINDOWS\TEMP\windtkkyq.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ujgcco.exe" = C:\WINDOWS\TEMP\ujgcco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winqtctb.exe" = C:\WINDOWS\TEMP\winqtctb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winspwe.exe" = C:\WINDOWS\TEMP\winspwe.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnwndbh.exe" = C:\WINDOWS\TEMP\winnwndbh.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winaxtw.exe" = C:\WINDOWS\TEMP\winaxtw.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winrgrb.exe" = C:\WINDOWS\TEMP\winrgrb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wingjbwll.exe" = C:\WINDOWS\TEMP\wingjbwll.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxvug.exe" = C:\WINDOWS\TEMP\winxvug.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winmdjhuc.exe" = C:\WINDOWS\TEMP\winmdjhuc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhqve.exe" = C:\WINDOWS\TEMP\winhqve.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\cgrvfc.exe" = C:\WINDOWS\TEMP\cgrvfc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\lnfedm.exe" = C:\WINDOWS\TEMP\lnfedm.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winurbya.exe" = C:\WINDOWS\TEMP\winurbya.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winehosd.exe" = C:\WINDOWS\TEMP\winehosd.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0357458A-7259-4CFD-AF7F-69410DD33821}" = Easy Flyer Creator
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{227E06B7-1AD8-4BA5-9298-C37237A58F72}" = Celcom Desktop CPPRS Setup
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{269683A1-7486-4D6F-93CC-91D4BE808025}" = UG-04
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A24088A-8940-408F-BA98-7A32FDBC3E04}" = UG-00-V1
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{656BE550-DC84-40C6-AF0F-2688ED441FB3}" = UG-00-V1
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76FFD3FD-26EF-438B-9A56-B4908AC14319}" = UG-05
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD90297F-EE7D-4E91-A27E-04A7331B1C92}" = UG-04
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84AD4D2-A9C2-4455-AE12-CFCBB824FCDD}" = UG-05
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F86E01B6-A97B-4023-BEEE-CBADC56BC436}" = SexyBeach2
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"´ºÇïQ´«online_is1" = ´ºÇïQ´«online
"7-Zip" = 7-Zip 4.42
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"am-totemtribe" = Totem Tribe
"ARO 2012_is1" = ARO 2012
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"Balloon Blast_is1" = Balloon Blast
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"BitComet" = BitComet 1.06
"Bob the Builder Can Do Zoo1.0" = Bob the Builder Can Do Zoo
"Burger Island_is1" = Burger Island
"Burger Rush" = Burger Rush
"Burger Shop" = Burger Shop (remove only)
"Burger Shop by mrs.apple" = Burger Shop by mrs.apple
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chameleon Gems" = Chameleon Gems
"Cheatbook Database 2012" = Cheatbook Database 2012
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"DivXG400" = DivXG400
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ePresentation" = Acer ePresentation Management
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party 1.0.1.0" = Farm Frenzy - Pizza Party 1.0.1.0
"Farm Mania 2_is1" = Farm Mania 2
"Feeding Frenzy 2" = Feeding Frenzy 2
"FiberTwig" = FiberTwig
"Fishdom" = Fishdom (remove only)
"Gearz" = Gearz
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"GridVista" = Acer GridVista
"Gutterball 2" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"ie8" = Windows Internet Explorer 8
"Incredible Ink" = Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Island Realms" = Island Realms
"iSpeak7.0" = iSpeak 7.0
"iWinArcade" = iWin Games (remove only)
"Janes Zoo_is1" = Janes Zoo
"Jewel Quest_is1" = Jewel Quest
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"LimeWire" = LimeWire 4.18.8
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LManager" = Launch Manager
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"MagicInlay" = MagicInlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Maxis Broadband" = Maxis Broadband
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" =
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSNINST" = MSN
"NJStar Communicator" = NJStar Communicator
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Pizza Frenzy" = Pizza Frenzy
"Platypus" = Platypus
"ProInst" = Intel® PROSet/Wireless Software
"Ragnarok Offline" = Ragnarok Offline 1.20
"Rainbow Drops Buster_is1" = Rainbow Drops Buster
"Secrets of Six Seas" = Secrets of Six Seas (remove only)
"Snowy Lunch Rush_is1" = Snowy Lunch Rush
"Snowy Treasure Hunter 3_is1" = Snowy Treasure Hunter 3
"Snowy: Treasure Hunter 2" = Snowy: Treasure Hunter 2
"Snowy: Treasure Hunter 3" = Snowy: Treasure Hunter 3
"ST6UNST #1" = DiGi MyKad Prepaid Registration
"Supercow_is1" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.20_is1" = Total Video Converter 3.20 090104
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"beanfun!" = beanfun!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22-Jun-2012 8:13:21 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application cli.exe, version 1.11.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

Error - 23-Jun-2012 11:09:05 AM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 01-Jul-2012 11:32:17 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 01-Jul-2012 11:33:10 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 22-Jun-2012 8:13:21 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application cli.exe, version 1.11.0.0, faulting module kernel32.dll,
version 5.1.2600.2180, fault address 0x0001eb33.

Error - 23-Jun-2012 11:09:05 AM | Computer Name = ACER-8C1E498EF8 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 01-Jul-2012 11:32:17 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 01-Jul-2012 11:33:10 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, faulting module 005300650078007930D330FC30C1005A00450052004F005B661F7A7A005D002E006500780065,
version 1.0.0.0, fault address 0x00086476.

Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 03-Aug-2012 1:09:04 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:05 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:06 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:07 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 03-Aug-2012 1:09:07 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:08 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:10 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 03-Aug-2012 1:09:27 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 03-Aug-2012 1:09:47 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding

Error - 03-Aug-2012 1:10:07 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding


< End of report >
  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
We are still getting a lot of these:

Error - 03-Aug-2012 1:09:07 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}


Right click on My Computer and select Manage then Services and Applications then Services. Find the Symantec Core
LC service and right click on it and select Properties. Verify the Startup type: is Automatic. If not change it then Apply. Try to Start the service. Do you get an error?
  • 0

#57
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
can't remove
Adobe Reader 7.0 (this should be updated to Reader 10. something.)
BitComet 1.06
CA Yahoo! Anti-Spy (remove only)
LimeWire 4.18.8
Megaupload Toolbar
Yahoo! Toolbar
Yahoo! Search Protection
Yahoo! Software Update



removed:
Ask Toolbar
Ask Toolbar Updater
  • 0

#58
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 15-Aug-2012 12:19:48 AM - Run 8
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 31.66% Memory free
2.85 Gb Paging File | 1.87 Gb Available in Paging File | 65.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 35.55 Gb Free Space | 45.81% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 22.05 Gb Free Space | 28.41% Space Free | Partition Type: NTFS
Drive H: | 1.87 Gb Total Space | 0.20 Gb Free Space | 10.73% Space Free | Partition Type: FAT32
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-04 00:56:10 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-07-29 23:44:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2010-12-04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008-04-21 18:02:08 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2006-02-24 17:28:06 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-29 14:45:06 | 000,438,272 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
PRC - [2005-11-02 00:11:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,531,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-12 08:33:12 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012-06-26 03:13:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7156f9fe\mscorlib.dll
MOD - [2012-06-26 03:12:50 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
MOD - [2012-06-26 03:12:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea2dc3e1\system.xml.dll
MOD - [2012-06-26 03:12:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4db9f700\system.windows.forms.dll
MOD - [2012-06-26 03:12:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39b14579\system.dll
MOD - [2012-06-26 03:12:04 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012-06-26 03:12:02 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011-05-21 09:55:32 | 000,237,568 | ---- | M] () -- C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MOD - [2011-01-05 19:43:08 | 000,163,840 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2010-12-04 03:35:08 | 001,017,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010-04-15 19:48:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2010-04-15 19:47:38 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2010-04-15 19:46:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2010-04-15 19:45:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2010-04-15 19:43:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2010-04-15 19:42:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2010-04-15 19:41:16 | 000,245,760 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2010-04-15 19:28:00 | 001,015,808 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2010-04-15 19:15:46 | 000,172,032 | ---- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2010-04-15 19:15:42 | 000,598,016 | ---- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2010-04-06 15:21:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2010-04-06 15:21:26 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2010-02-06 02:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-13 18:34:04 | 000,139,264 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\nsldap32v50.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-03-14 23:27:28 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,073,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..keyword.URL: "http://klit.startnow...5.1-x86-SP2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2012-07-04 07:46:12 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-07-25 07:58:50 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\searchplugins\yahoo-zugo.xml
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2012-08-04 00:53:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\aro.exe (Support.com, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F554DE5E-248F-47C8-9ACF-F4EF2BBCA7ED}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012-06-17 21:45:24 | 000,000,000 | ---D | M] - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-14 18:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-07-25 23:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Microsoft AppLocale
[2012-07-25 07:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012-07-20 23:35:04 | 000,000,000 | ---D | C] -- C:\screenshots

========== Files - Modified Within 30 Days ==========

[2012-08-15 00:26:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-08-14 23:43:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-08-14 18:41:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-08-14 18:41:36 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-14 09:37:52 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-08-12 16:36:54 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-08-12 14:08:18 | 005,203,244 | ---- | M] () -- C:\TalkingTomCatGame2.swf
[2012-08-12 14:02:06 | 005,980,615 | ---- | M] () -- C:\Talking_Tom_Cat.swf
[2012-08-12 08:33:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-08-12 08:33:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-08-10 21:38:24 | 000,000,299 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\tv series.rtf
[2012-08-04 00:23:30 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2012-08-02 18:52:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-07-30 08:30:50 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-29 20:54:10 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Adelantado.lnk
[2012-07-26 19:56:34 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-25 07:58:42 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:42 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-24 02:19:46 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012-08-12 14:26:09 | 005,203,244 | ---- | C] () -- C:\TalkingTomCatGame2.swf
[2012-08-12 14:03:12 | 005,980,615 | ---- | C] () -- C:\Talking_Tom_Cat.swf
[2012-07-25 07:58:40 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2012-07-25 07:58:40 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2012-07-01 21:05:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== Files - Unicode (All) ==========
[2012-07-25 09:14:20 | 000,000,353 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-07-25 09:14:20 | 000,000,353 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-02-21 12:39:35 | 000,000,310 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2012-02-21 12:39:24 | 000,000,310 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2009-07-12 10:23:37 | 000,806,637 | ---- | C] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
[2009-01-08 02:58:36 | 000,806,637 | ---- | M] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
(C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
(C:\Documents and Settings\Peter\Start Menu\Programs\«????») -- C:\Documents and Settings\Peter\Start Menu\Programs\《武林外传》
(C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\盛大网络

< End of report >
  • 0

#59
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL Extras logfile created on: 15-Aug-2012 12:19:48 AM - Run 8
OTL by OldTimer - Version 3.2.55.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 31.66% Memory free
2.85 Gb Paging File | 1.87 Gb Available in Paging File | 65.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 35.55 Gb Free Space | 45.81% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.70 Gb Free Space | 20.23% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 22.05 Gb Free Space | 28.41% Space Free | Partition Type: NTFS
Drive H: | 1.87 Gb Total Space | 0.20 Gb Free Space | 10.73% Space Free | Partition Type: FAT32
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7808:TCP" = 7808:TCP:*:Enabled:BitComet 7808 TCP
"7808:UDP" = 7808:UDP:*:Enabled:BitComet 7808 UDP
"36394:TCP" = 36394:TCP:*:Disabled:Limewire1 TCP
"36394:UDP" = 36394:UDP:*:Disabled:Limewire1 UDP
"49156:TCP" = 49156:TCP:*:Disabled:Limewire2 TCP
"49156:UDP" = 49156:UDP:*:Disabled:Limewire2 UDP
"8085:UDP" = 8085:UDP:*:Disabled:8085 udp
"8085:TCP" = 8085:TCP:*:Disabled:8085 tcp
"8086:TCP" = 8086:TCP:*:Disabled:8086 tcp
"8086:UDP" = 8086:UDP:*:Disabled:8086 udp
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Disabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater. -- ()
"C:\Program Files\bmoworld\BomberMan.exe" = C:\Program Files\bmoworld\BomberMan.exe:*:Disabled:BomberMan -- (Wizgate)
"C:\Program Files\PWRD\PD\pd.exe" = C:\Program Files\PWRD\PD\pd.exe:*:Disabled:pd -- ()
"E:\Program Files\pipi\HttpDownLoad.exe" = E:\Program Files\pipi\HttpDownLoad.exe:*:Disabled:HttpDownLoad
"E:\Program Files\pipi\jfCacheMgr.exe" = E:\Program Files\pipi\jfCacheMgr.exe:*:Disabled:PIPI CacheMgr
"E:\Program Files\pipi\KmLiveUpdate.exe" = E:\Program Files\pipi\KmLiveUpdate.exe:*:Disabled:PIPI LiveUpdate
"E:\Program Files\pipi\PIPIPlayer.exe" = E:\Program Files\pipi\PIPIPlayer.exe:*:Disabled:PIPIPlayer
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe" = E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe:*:Disabled:iSpeak7.0 -- (上海勤和互联网技术软件开发有限公司)
"E:\wanmeicn\ec_patch_388-564.exe" = E:\wanmeicn\ec_patch_388-564.exe:*:Disabled:@xpsp2res.dll,-22008
"E:\《完美世界》国际版\ec_patch_113-230.cup.exe" = E:\«????»???\ec_patch_113-230.cup.exe:*:Disabled:@xpsp2res.dll,-22008
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ragnarok\Offline\Server\char-server.exe" = C:\Program Files\Ragnarok\Offline\Server\char-server.exe:*:Enabled:char-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\map-server.exe" = C:\Program Files\Ragnarok\Offline\Server\map-server.exe:*:Enabled:map-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\login-server.exe" = C:\Program Files\Ragnarok\Offline\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\char-server.exe" = F:\Program Files\Gravity\ERO\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\ERO\Server\login-server.exe" = F:\Program Files\Gravity\ERO\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\map-server.exe" = F:\Program Files\Gravity\ERO\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\char-server.exe" = F:\Program Files\Gravity\GeoRo\Server\char-server.exe:*:Enabled:char-server
"F:\Program Files\Gravity\GeoRo\Server\login-server.exe" = F:\Program Files\Gravity\GeoRo\Server\login-server.exe:*:Enabled:login-server
"F:\Program Files\Gravity\GeoRo\Server\map-server.exe" = F:\Program Files\Gravity\GeoRo\Server\map-server.exe:*:Enabled:map-server
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe:*:Enabled:char-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe:*:Enabled:login-server -- ()
"C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN" = C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Maxis Broadband\Maxis Broadband.exe" = C:\Program Files\Maxis Broadband\Maxis Broadband.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe:*:Enabled:ipsec
"C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" = C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE:*:Enabled:ipsec -- (Dritek System Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\OpenOffice.org 2.0\program\soffice.exe" = C:\Program Files\OpenOffice.org 2.0\program\soffice.exe:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ElkCtrl.exe" = C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ipsec -- (Logitech Inc.)
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
"C:\WINDOWS\Alaunch.exe" = C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ipsec -- (HiTRUST)
"C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe" = C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe:*:Enabled:ipsec
"C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" = C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\virus 20 06 2012\OTL.exe" = C:\virus 20 06 2012\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)
"C:\ComboFix\CF7338.3XE" = C:\ComboFix\CF7338.3XE:*:Enabled:ipsec -- ()
"c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" = c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:*:Enabled:ipsec -- (Logitech)
"C:\WINDOWS\TEMP\kdrpn.exe" = C:\WINDOWS\TEMP\kdrpn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\umcab.exe" = C:\WINDOWS\TEMP\umcab.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wintyrgu.exe" = C:\WINDOWS\TEMP\wintyrgu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winlqkes.exe" = C:\WINDOWS\TEMP\winlqkes.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\yfdco.exe" = C:\WINDOWS\TEMP\yfdco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xlbrmd.exe" = C:\WINDOWS\TEMP\xlbrmd.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhfvpbn.exe" = C:\WINDOWS\TEMP\winhfvpbn.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winebeitk.exe" = C:\WINDOWS\TEMP\winebeitk.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ovpb.exe" = C:\WINDOWS\TEMP\ovpb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winitfeww.exe" = C:\WINDOWS\TEMP\winitfeww.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ydxvj.exe" = C:\WINDOWS\TEMP\ydxvj.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\jkwde.exe" = C:\WINDOWS\TEMP\jkwde.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wincognjr.exe" = C:\WINDOWS\TEMP\wincognjr.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\xrimha.exe" = C:\WINDOWS\TEMP\xrimha.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxcyt.exe" = C:\WINDOWS\TEMP\winxcyt.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wineuqofu.exe" = C:\WINDOWS\TEMP\wineuqofu.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\evrcl.exe" = C:\WINDOWS\TEMP\evrcl.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnpsx.exe" = C:\WINDOWS\TEMP\winnpsx.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\windtkkyq.exe" = C:\WINDOWS\TEMP\windtkkyq.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\ujgcco.exe" = C:\WINDOWS\TEMP\ujgcco.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winqtctb.exe" = C:\WINDOWS\TEMP\winqtctb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winspwe.exe" = C:\WINDOWS\TEMP\winspwe.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winnwndbh.exe" = C:\WINDOWS\TEMP\winnwndbh.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winaxtw.exe" = C:\WINDOWS\TEMP\winaxtw.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winrgrb.exe" = C:\WINDOWS\TEMP\winrgrb.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\wingjbwll.exe" = C:\WINDOWS\TEMP\wingjbwll.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winxvug.exe" = C:\WINDOWS\TEMP\winxvug.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winmdjhuc.exe" = C:\WINDOWS\TEMP\winmdjhuc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winhqve.exe" = C:\WINDOWS\TEMP\winhqve.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\cgrvfc.exe" = C:\WINDOWS\TEMP\cgrvfc.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\lnfedm.exe" = C:\WINDOWS\TEMP\lnfedm.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winurbya.exe" = C:\WINDOWS\TEMP\winurbya.exe:*:Enabled:ipsec
"C:\WINDOWS\TEMP\winehosd.exe" = C:\WINDOWS\TEMP\winehosd.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0357458A-7259-4CFD-AF7F-69410DD33821}" = Easy Flyer Creator
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{227E06B7-1AD8-4BA5-9298-C37237A58F72}" = Celcom Desktop CPPRS Setup
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{269683A1-7486-4D6F-93CC-91D4BE808025}" = UG-04
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A24088A-8940-408F-BA98-7A32FDBC3E04}" = UG-00-V1
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{656BE550-DC84-40C6-AF0F-2688ED441FB3}" = UG-00-V1
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76FFD3FD-26EF-438B-9A56-B4908AC14319}" = UG-05
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD90297F-EE7D-4E91-A27E-04A7331B1C92}" = UG-04
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84AD4D2-A9C2-4455-AE12-CFCBB824FCDD}" = UG-05
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F86E01B6-A97B-4023-BEEE-CBADC56BC436}" = SexyBeach2
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"´ºÇïQ´«online_is1" = ´ºÇïQ´«online
"7-Zip" = 7-Zip 4.42
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"am-totemtribe" = Totem Tribe
"ARO 2012_is1" = ARO 2012
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"Balloon Blast_is1" = Balloon Blast
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"BitComet" = BitComet 1.06
"Bob the Builder Can Do Zoo1.0" = Bob the Builder Can Do Zoo
"Burger Island_is1" = Burger Island
"Burger Rush" = Burger Rush
"Burger Shop" = Burger Shop (remove only)
"Burger Shop by mrs.apple" = Burger Shop by mrs.apple
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chameleon Gems" = Chameleon Gems
"Cheatbook Database 2012" = Cheatbook Database 2012
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"DivXG400" = DivXG400
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ePresentation" = Acer ePresentation Management
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party 1.0.1.0" = Farm Frenzy - Pizza Party 1.0.1.0
"Farm Mania 2_is1" = Farm Mania 2
"Feeding Frenzy 2" = Feeding Frenzy 2
"FiberTwig" = FiberTwig
"Fishdom" = Fishdom (remove only)
"Gearz" = Gearz
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"GridVista" = Acer GridVista
"Gutterball 2" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"ie8" = Windows Internet Explorer 8
"Incredible Ink" = Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Island Realms" = Island Realms
"iSpeak7.0" = iSpeak 7.0
"iWinArcade" = iWin Games (remove only)
"Janes Zoo_is1" = Janes Zoo
"Jewel Quest_is1" = Jewel Quest
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"LimeWire" = LimeWire 4.18.8
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LManager" = Launch Manager
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"MagicInlay" = MagicInlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Maxis Broadband" = Maxis Broadband
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" =
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSNINST" = MSN
"NJStar Communicator" = NJStar Communicator
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Pizza Frenzy" = Pizza Frenzy
"Platypus" = Platypus
"ProInst" = Intel® PROSet/Wireless Software
"Ragnarok Offline" = Ragnarok Offline 1.20
"Rainbow Drops Buster_is1" = Rainbow Drops Buster
"Secrets of Six Seas" = Secrets of Six Seas (remove only)
"Snowy Lunch Rush_is1" = Snowy Lunch Rush
"Snowy Treasure Hunter 3_is1" = Snowy Treasure Hunter 3
"Snowy: Treasure Hunter 2" = Snowy: Treasure Hunter 2
"Snowy: Treasure Hunter 3" = Snowy: Treasure Hunter 3
"ST6UNST #1" = DiGi MyKad Prepaid Registration
"Supercow_is1" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.20_is1" = Total Video Converter 3.20 090104
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"beanfun!" = beanfun!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 04-Aug-2012 6:56:40 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.6.3.5565, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06-Aug-2012 9:33:41 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12-Aug-2012 6:36:13 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12-Aug-2012 7:30:07 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 03-Jul-2012 8:57:30 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application SexyBeach2DVD.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:41:00 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 9:49:16 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jul-2012 11:25:25 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 4:03:09 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29-Jul-2012 8:57:43 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application Adelantado.exe, version 1.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 04-Aug-2012 6:56:40 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.6.3.5565, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 06-Aug-2012 9:33:41 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12-Aug-2012 6:36:13 AM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12-Aug-2012 7:30:07 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 14-Aug-2012 12:29:12 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 14-Aug-2012 12:29:13 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 14-Aug-2012 12:29:13 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 14-Aug-2012 12:29:13 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 14-Aug-2012 12:29:14 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 14-Aug-2012 12:29:15 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 14-Aug-2012 12:29:15 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 14-Aug-2012 12:29:16 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 14-Aug-2012 12:29:16 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 14-Aug-2012 12:29:16 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053


< End of report >
  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Sorry, must have lost your reply.

See if the free Revo uninstaller can help remove the old programs:

http://www.revounins...e_download.html
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP