Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.Sality Virus


  • Please log in to reply

#61
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Windows Installer not working .. The windows installer service could not be accessed ..Reinstalled WindowsInstaller-KB893803-v2-x86.exe ..Still same error ..
  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#63
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Farbar Service Scanner Version: 19-09-2012
Ran by Peter (administrator) on 04-10-2012 at 00:28:37
Running from "C:\virus 20 06 2012"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 05:00] - [2008-08-14 17:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 05:00] - [2008-06-20 18:45] - 0360320 ____N (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0198144 ____N (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0170496 ____N (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 05:00] - [2004-08-04 05:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0382464 ____N (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 05:00] - [2008-07-08 04:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 05:00] - [2004-08-04 05:00] - 0060416 ____N (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 05:00] - [2004-08-04 05:00] - 0014336 ____N (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 05:00] - [2009-02-09 18:01] - 0401408 ____A (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 05:00] - [2009-02-06 18:22] - 0110592 ____N (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
AegisP(11) Gpc(7) IPSec(5) irda(3) NdisFilt(13) NetBT(6) NETMNT(12) NwlnkIpx(14) NwlnkNb(15) PSched(8) RFCOMM(9) s24trans(10) Tcpip(4)
0x0F0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#64
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/10/2012 12:32:48 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/10/2012 12:32:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:32:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:31:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:31:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:31:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:30:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:30:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:30:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:29:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:29:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:29:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:28:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:28:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:28:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:27:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:27:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:27:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:26:57 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:26:37 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

Log: 'System' Date/Time: 04/10/2012 12:26:17 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}. The error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe" -Embedding

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#65
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/10/2012 12:34:36 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/10/2012 12:17:16 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 01/10/2012 9:31:20 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 30/09/2012 1:36:12 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application powerdvd9.exe, version 9.0.2115.0, faulting module dxm_x.imp, version 9.0.2115.0, fault address 0x00010215.

Log: 'Application' Date/Time: 30/09/2012 1:29:24 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 30/09/2012 1:18:00 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 30/09/2012 1:11:46 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 30/09/2012 1:10:20 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 30/09/2012 12:58:17 AM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 29/09/2012 11:51:08 PM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 29/09/2012 11:43:48 PM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 29/09/2012 11:39:45 PM
Type: error Category: 0
Event: 11719 Source: MsiInstaller
Product: PowerDVD -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 17/09/2012 11:21:06 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application wordpad.exe, version 5.1.2600.3355, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 11:17:37 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 11:17:35 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 11:16:08 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 5:57:52 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 5:54:41 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 9:29:27 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application wordpad.exe, version 5.1.2600.3355, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 17/09/2012 9:28:06 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application wordpad.exe, version 5.1.2600.3355, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 13/08/2012 7:30:07 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/10/2012 11:33:24 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 11:15:38 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 11:09:36 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 11:07:17 PM
Type: warning Category: 0
Event: 2203 Source: perfctrs
No SPX Devices are currently open or the NWLink SPX/SPXII service has not been started. SPX performance data cannot be collected.

Log: 'Application' Date/Time: 03/10/2012 11:05:56 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ACER-8C1E498EF8\Peter registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 03/10/2012 11:02:21 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 11:01:12 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 10:59:56 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 10:43:10 PM
Type: warning Category: 0
Event: 2203 Source: perfctrs
No SPX Devices are currently open or the NWLink SPX/SPXII service has not been started. SPX performance data cannot be collected.

Log: 'Application' Date/Time: 03/10/2012 10:41:51 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ACER-8C1E498EF8\Peter registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 03/10/2012 10:25:42 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 10:19:43 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ACER-8C1E498EF8\Peter registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 03/10/2012 10:10:34 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 10:09:39 PM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 8:35:06 PM
Type: warning Category: 1
Event: 32066 Source: Microsoft Fax
At least one of the devices in the outgoing routing group is not valid. Group name: '<All devices>'

Log: 'Application' Date/Time: 03/10/2012 12:18:43 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ACER-8C1E498EF8\Peter registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 03/10/2012 12:11:44 AM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 03/10/2012 12:11:13 AM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 02/10/2012 6:37:32 PM
Type: warning Category: 0
Event: 2203 Source: perfctrs
No SPX Devices are currently open or the NWLink SPX/SPXII service has not been started. SPX performance data cannot be collected.

Log: 'Application' Date/Time: 02/10/2012 9:24:19 AM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ACER-8C1E498EF8\Peter registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Farbar says you don't have connection to Yahoo or Google. Is that true?

Start, Run, msiexec, OK.

That should bring up a little help window for msi. Does it?

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


I don't suppose it will let you install UPHClean

Download UPHClean. To download and install UPHClean, visit the following Microsoft Web site:
http://www.microsoft...70-42470E2F3582
You will be prompted to validate your copy of Windows.
As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
In the User Profile Hive Cleanup Service installation wizard, click Next.
In the License Agreement page, read the license agreement, select I Agree, and then click Next.
In the Select Installation Folder page, click Next.
In the Confirm Installation page, click Next.
When UPHClean is installed, click Close.
  • 0

#67
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Popup Windows for

Windows installer v3.1.4000.1823 ...
  • 0

#68
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 05-Oct-2012 8:11:15 AM - Run 9
OTL by OldTimer - Version 3.2.70.2 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.92% Memory free
2.85 Gb Paging File | 2.20 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 31.05 Gb Free Space | 40.01% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.43 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 18.91 Gb Free Space | 24.36% Space Free | Partition Type: NTFS
Drive H: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.72 Gb Total Space | 0.31 Gb Free Space | 8.38% Space Free | Partition Type: FAT32

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-05 08:10:04 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-08-04 00:56:10 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Peter\Local Settings\temp\RtkBtMnt.exe
PRC - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
PRC - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009-09-01 17:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009-07-27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008-04-21 18:02:08 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2006-02-24 17:28:06 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006-02-24 17:28:02 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006-01-17 18:28:54 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005-12-06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005-12-02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005-12-02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-11-30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-11-29 14:45:06 | 000,438,272 | ---- | M] (Acer) -- C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
PRC - [2005-11-02 00:11:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-10-24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005-10-19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005-09-09 19:09:24 | 001,531,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe
PRC - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2005-08-12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-11-01 17:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002-05-10 16:34:38 | 000,073,728 | ---- | M] (VeNoM386 and SwENSkE) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-08 08:27:08 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012-06-26 03:13:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7156f9fe\mscorlib.dll
MOD - [2012-06-26 03:12:50 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
MOD - [2012-06-26 03:12:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea2dc3e1\system.xml.dll
MOD - [2012-06-26 03:12:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4db9f700\system.windows.forms.dll
MOD - [2012-06-26 03:12:12 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39b14579\system.dll
MOD - [2012-06-26 03:12:04 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012-06-26 03:12:02 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012-06-23 23:52:00 | 000,536,576 | ---- | M] () -- C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MOD - [2011-05-21 09:55:32 | 000,237,568 | ---- | M] () -- C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MOD - [2011-01-05 19:43:08 | 000,163,840 | ---- | M] () -- C:\Program Files\Maxis Broadband\SMSPlugin.dll
MOD - [2010-04-15 19:48:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MOD - [2010-04-15 19:47:38 | 000,032,768 | ---- | M] () -- C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MOD - [2010-04-15 19:46:18 | 000,057,344 | ---- | M] () -- C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MOD - [2010-04-15 19:45:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MOD - [2010-04-15 19:43:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MOD - [2010-04-15 19:42:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MOD - [2010-04-15 19:41:16 | 000,245,760 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MOD - [2010-04-15 19:28:00 | 001,015,808 | ---- | M] () -- C:\Program Files\Maxis Broadband\NDISAPI.dll
MOD - [2010-04-15 19:15:46 | 000,172,032 | ---- | M] () -- C:\Program Files\Maxis Broadband\DetectDev.dll
MOD - [2010-04-15 19:15:42 | 000,598,016 | ---- | M] () -- C:\Program Files\Maxis Broadband\atcomm.dll
MOD - [2010-04-06 15:21:36 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\DeviceOperate.dll
MOD - [2010-04-06 15:21:26 | 000,061,440 | ---- | M] () -- C:\Program Files\Maxis Broadband\XCodec.dll
MOD - [2010-02-06 02:40:58 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007-08-23 16:39:30 | 000,014,848 | R--- | M] () -- C:\Program Files\Maxis Broadband\isaputrace.dll
MOD - [2007-07-31 15:50:04 | 000,090,112 | R--- | M] () -- C:\Program Files\Maxis Broadband\FileManager.dll
MOD - [2006-02-10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MOD - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005-12-02 15:42:54 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005-12-02 15:42:54 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005-12-02 15:42:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005-12-02 15:42:54 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005-10-20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005-10-11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005-09-05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005-08-24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005-07-06 13:50:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\HokHIDKC.dll
MOD - [2004-08-04 05:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004-08-04 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004-08-04 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-12-29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2003-04-04 06:06:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2003-04-04 06:06:12 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2003-04-04 06:06:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2003-04-04 06:06:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2003-04-04 06:06:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-09-08 08:27:08 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-03-14 23:27:28 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,073,728 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..keyword.URL: "http://klit.startnow...5.1-x86-SP2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-08 08:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-08 08:27:02 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2012-07-04 07:46:12 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012-07-25 07:58:50 | 000,001,384 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\searchplugins\yahoo-zugo.xml
[2012-09-08 08:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-08 08:27:08 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll
[2012-08-31 13:53:24 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012-08-31 13:53:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012-08-04 00:53:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe (Acer)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe (Acer)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\aro.exe (Support.com, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_Maxis Broadband] C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F554DE5E-248F-47C8-9ACF-F4EF2BBCA7ED}: NameServer = 58.71.136.10 58.71.132.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011-09-29 15:06:08 | 000,000,000 | ---D | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: vds - Service
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy


ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: midimapper - midimap.dll File not found
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.N264 - C:\WINDOWS\System32\NVH264vfw.dll ()
Drivers32: vidc.NUB2 - C:\WINDOWS\System32\NuB2.dll ()
Drivers32: vidc.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-10-05 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-10-01 09:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012-10-01 09:20:58 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012-10-01 09:20:58 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012-10-01 09:20:58 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012-10-01 09:20:58 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012-10-01 09:20:58 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012-10-01 09:20:58 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012-10-01 09:20:58 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012-10-01 09:20:58 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012-10-01 09:20:58 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012-10-01 09:20:58 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2012-10-01 09:20:58 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2012-10-01 09:20:58 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2012-10-01 09:20:58 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2012-10-01 09:20:58 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2012-10-01 09:20:58 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2012-10-01 09:20:58 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2012-10-01 09:20:57 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012-10-01 09:20:57 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012-10-01 09:20:57 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012-10-01 09:20:57 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2012-10-01 09:20:57 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012-10-01 09:20:57 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012-10-01 09:20:57 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012-10-01 09:20:57 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012-10-01 09:20:57 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012-10-01 09:20:57 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012-10-01 09:20:57 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012-10-01 09:20:57 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012-10-01 09:20:57 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012-10-01 09:20:57 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012-10-01 09:20:57 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012-10-01 09:20:57 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2012-10-01 09:20:57 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012-10-01 09:20:57 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012-10-01 09:20:57 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2012-10-01 09:20:57 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012-10-01 09:20:57 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2012-10-01 09:20:57 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2012-10-01 09:20:57 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2012-10-01 09:20:57 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2012-10-01 09:20:57 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2012-10-01 09:20:57 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2012-10-01 09:20:57 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012-10-01 09:20:57 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2012-10-01 09:20:57 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012-10-01 09:20:57 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012-10-01 09:20:57 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012-10-01 09:20:57 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012-10-01 09:20:57 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2012-10-01 09:20:57 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2012-10-01 09:20:57 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2012-10-01 09:20:57 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2012-10-01 09:20:57 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2012-10-01 09:20:57 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2012-10-01 09:20:57 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2012-10-01 09:20:57 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2012-10-01 09:20:57 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2012-10-01 09:20:56 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012-10-01 09:20:56 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2012-10-01 09:20:56 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2012-10-01 09:20:56 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2012-10-01 09:20:56 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2012-10-01 09:20:56 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2012-10-01 09:20:56 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2012-10-01 09:20:56 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2012-10-01 09:20:56 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2012-10-01 09:20:56 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2012-10-01 09:20:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2012-10-01 09:20:56 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2012-10-01 09:20:56 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2012-10-01 09:20:56 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2012-10-01 09:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012-09-30 00:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Revo Uninstaller
[2012-09-30 00:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012-09-28 08:27:28 | 000,000,000 | ---D | C] -- C:\TV Series
[2012-09-17 23:47:53 | 003,077,496 | ---- | C] (Tencent) -- C:\WINDOWS\System32\QQPinyin.ime
[2012-09-17 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent
[2012-09-17 23:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tencent
[2012-09-17 23:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2012-09-17 23:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\Tencent
[2012-09-17 23:35:12 | 024,940,080 | ---- | C] (Tencent Inc.) -- C:\QQPinyin_Setup_4.5.1206.400.exe
[2012-09-08 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-05 08:16:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-10-05 08:00:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-05 07:59:58 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-05 05:36:18 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-10-03 20:34:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-03 00:10:26 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-10-02 09:24:32 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-02 09:24:32 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-01 09:27:42 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-10-01 09:27:42 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Windows Media Player.lnk
[2012-10-01 09:27:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012-10-01 09:26:08 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-10-01 09:21:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012-09-30 13:33:14 | 000,023,119 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Warcraft III Cheat.rtf
[2012-09-30 00:54:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-09-30 00:06:56 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Revo Uninstaller.lnk
[2012-09-24 08:00:38 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-09-24 08:00:38 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-09-17 23:46:42 | 024,940,080 | ---- | M] (Tencent Inc.) -- C:\QQPinyin_Setup_4.5.1206.400.exe
[2012-09-17 17:20:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-09-16 10:33:20 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-09-15 00:57:24 | 000,038,107 | ---- | M] () -- C:\564334_266230533496710_2110436510_n.jpg
[2012-09-14 18:42:40 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-09 19:23:00 | 000,000,353 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\tv series.rtf
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-01 09:20:57 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012-10-01 09:20:57 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012-10-01 09:20:57 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012-10-01 09:20:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2012-09-30 13:19:13 | 000,023,119 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Warcraft III Cheat.rtf
[2012-09-30 00:06:54 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Revo Uninstaller.lnk
[2012-09-15 00:57:22 | 000,038,107 | ---- | C] () -- C:\564334_266230533496710_2110436510_n.jpg
[2012-09-11 06:47:52 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Games.lnk
[2012-07-01 21:05:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2003-04-04 06:05:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-01-07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 18:01:54 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9250827AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: USB DISK 2.0 USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: HUAWEI SD Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 155.00GB
Starting Offset: 83354987520
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 4128768
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe
[2012-09-17 23:46:42 | 024,940,080 | ---- | M] (Tencent Inc.) -- C:\QQPinyin_Setup_4.5.1206.400.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2010-12-05 06:28:28 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\install_flash_player.exe
[2012-09-17 23:46:42 | 024,940,080 | ---- | M] (Tencent Inc.) -- C:\QQPinyin_Setup_4.5.1206.400.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2003-04-04 03:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Identities
[2003-04-04 06:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\ATI
[2003-04-04 02:50:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Peter\Application Data\Microsoft
[2008-11-09 23:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Macromedia
[2008-11-10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Acer
[2008-11-09 09:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Symantec
[2008-11-09 10:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Yahoo!
[2008-11-09 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\CyberLink
[2008-11-09 12:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Mozilla
[2008-11-10 09:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Adobe
[2008-11-10 10:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Help
[2008-11-11 09:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenOffice.org2
[2008-11-13 23:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Media Player Classic
[2008-11-14 09:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AdobeUM
[2008-11-21 14:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\WinRAR
[2008-11-23 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GameHouse
[2008-11-24 10:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sun
[2008-12-04 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\LimeWire
[2008-12-10 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Malwarebytes
[2008-12-18 00:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ahead
[2009-01-02 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AlwaysNeat
[2009-01-11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Playrix Entertainment
[2009-01-17 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Alawar
[2009-02-07 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Super-Cow
[2009-04-05 20:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\InstallShield
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\MegauploadToolbar
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EmailNotifier
[2009-04-05 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Megaupload
[2009-10-22 18:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\mIRC
[2009-11-17 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GlarySoft
[2009-11-20 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ancient Quest of Saqqarah__iwin
[2010-01-10 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Reflexive JanesZOO
[2010-02-14 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Gamelab
[2010-06-05 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PIPI
[2010-09-17 17:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Wildfire
[2011-04-02 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Magic Match
[2011-05-19 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sandlot Games
[2011-05-26 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Angkor
[2011-05-29 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ohana Games
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2011-09-30 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Incredible Ink
[2012-02-14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Rovio
[2012-02-17 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband
[2012-02-20 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Independent
[2012-04-05 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenCandy
[2012-06-25 22:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Oracle
[2012-06-25 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sammsoft
[2012-07-04 07:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\QuickScan
[2012-07-15 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\realore_whiterra_adelantado_beta
[2012-08-21 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Islands3
[2012-09-17 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Tencent

< MD5 for: ATAPI.SYS >
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004-08-04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004-08-04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-04-14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008-04-14 08:12:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\csrss.exe
[2004-08-04 00:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2004-08-04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\csrss.exe
[2004-08-03 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008-04-14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004-08-04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008-06-21 01:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008-06-21 01:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\system32\mswsock.dll
[2008-06-21 01:36:12 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004-08-04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2004-08-04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2004-08-04 00:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008-06-21 01:46:58 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008-04-14 08:12:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mswsock.dll
[2008-06-21 01:43:06 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008-04-14 08:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\nwprovau.dll
[2004-08-04 00:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2004-08-04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2004-08-04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004-08-04 00:56:46 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2004-08-04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2004-08-04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\system32\pnrpnsp.dll
[2008-04-14 08:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008-04-14 08:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rsvpsp.dll
[2004-08-04 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\system32\dllcache\rsvpsp.dll
[2004-08-04 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009-02-06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008-04-14 08:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2009-02-06 18:22:22 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\dllcache\services.exe
[2009-02-06 18:22:22 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\services.exe
[2009-02-06 19:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2004-08-04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004-08-04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ERDNT\cache\services.exe
[2004-08-04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SVCHOST.EXE >
[2008-04-14 08:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004-08-04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004-08-03 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004-08-04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USER32.DLL >
[2008-04-14 08:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[2004-08-04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2004-08-04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2004-08-03 21:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\dllcache\user32.dll
[2004-08-04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004-08-04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008-04-14 08:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004-08-04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004-08-03 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 08:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004-08-04 00:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2004-08-04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2004-08-04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\system32\winrnr.dll
[2008-04-14 08:12:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 08:27:08 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 08:27:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004-08-04 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Files - Unicode (All) ==========
[2012-09-17 23:47:57 | 000,000,000 | ---D | C](C:\Documents and Settings\Peter\Start Menu\Programs\????) -- C:\Documents and Settings\Peter\Start Menu\Programs\腾讯软件
[2012-07-25 09:14:20 | 000,000,353 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-07-25 09:14:20 | 000,000,353 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\????.lnk) -- C:\Documents and Settings\Peter\Desktop\回到三国.lnk
[2012-02-21 12:39:35 | 000,000,310 | ---- | C] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2012-02-21 12:39:24 | 000,000,310 | ---- | M] ()(C:\Documents and Settings\Peter\Desktop\?????.url) -- C:\Documents and Settings\Peter\Desktop\西游网贵宾.url
[2010-10-16 18:33:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
[2010-10-16 18:29:08 | 000,000,000 | ---D | M](C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
[2009-07-12 10:23:37 | 000,806,637 | ---- | C] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
[2009-01-08 02:58:36 | 000,806,637 | ---- | M] ()(C:\WINDOWS\System32\??.mp3) -- C:\WINDOWS\System32\报警.mp3
(C:\Program Files\???????) -- C:\Program Files\偙偄偸偺僐儘儘
(C:\Documents and Settings\Peter\Start Menu\Programs\????) -- C:\Documents and Settings\Peter\Start Menu\Programs\《武林外传》
(C:\Documents and Settings\Peter\Local Settings\Application Data\???????) -- C:\Documents and Settings\Peter\Local Settings\Application Data\偙偄偸偺僐儘儘
(C:\Documents and Settings\All Users\Start Menu\Programs\????) -- C:\Documents and Settings\All Users\Start Menu\Programs\盛大网络

< End of report >
  • 0

#69
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL Extras logfile created on: 05-Oct-2012 8:11:15 AM - Run 9
OTL by OldTimer - Version 3.2.70.2 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 52.92% Memory free
2.85 Gb Paging File | 2.20 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 31.05 Gb Free Space | 40.01% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 15.43 Gb Free Space | 19.87% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 18.91 Gb Free Space | 24.36% Space Free | Partition Type: NTFS
Drive H: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 3.72 Gb Total Space | 0.31 Gb Free Space | 8.38% Space Free | Partition Type: FAT32

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Unable to open value key
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7808:TCP" = 7808:TCP:*:Enabled:BitComet 7808 TCP
"7808:UDP" = 7808:UDP:*:Enabled:BitComet 7808 UDP
"36394:TCP" = 36394:TCP:*:Disabled:Limewire1 TCP
"36394:UDP" = 36394:UDP:*:Disabled:Limewire1 UDP
"49156:TCP" = 49156:TCP:*:Disabled:Limewire2 TCP
"49156:UDP" = 49156:UDP:*:Disabled:Limewire2 UDP
"8085:UDP" = 8085:UDP:*:Disabled:8085 udp
"8085:TCP" = 8085:TCP:*:Disabled:8085 tcp
"8086:TCP" = 8086:TCP:*:Disabled:8086 tcp
"8086:UDP" = 8086:UDP:*:Disabled:8086 udp
"57245:TCP" = 57245:TCP:*:Enabled:Pando Media Booster
"57245:UDP" = 57245:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPCDetector.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPCDetector.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYConfig.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYConfig.exe:*:Enabled:QQ????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLiveup.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLiveup.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLevel.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLevel.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYDict.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYDict.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegDict.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegDict.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegSkin.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegSkin.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeDownload.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeDownload.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYMBlog.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYMBlog.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYHandInput.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYHandInput.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYCloud.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYCloud.exe:*:Enabled:QQ???????? -- (Tencent)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Disabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Disabled:iWin Games updater. -- ()
"C:\Program Files\bmoworld\BomberMan.exe" = C:\Program Files\bmoworld\BomberMan.exe:*:Disabled:BomberMan -- (Wizgate)
"C:\Program Files\PWRD\PD\pd.exe" = C:\Program Files\PWRD\PD\pd.exe:*:Disabled:pd -- ()
"E:\Program Files\pipi\HttpDownLoad.exe" = E:\Program Files\pipi\HttpDownLoad.exe:*:Disabled:HttpDownLoad
"E:\Program Files\pipi\jfCacheMgr.exe" = E:\Program Files\pipi\jfCacheMgr.exe:*:Disabled:PIPI CacheMgr
"E:\Program Files\pipi\KmLiveUpdate.exe" = E:\Program Files\pipi\KmLiveUpdate.exe:*:Disabled:PIPI LiveUpdate
"E:\Program Files\pipi\PIPIPlayer.exe" = E:\Program Files\pipi\PIPIPlayer.exe:*:Disabled:PIPIPlayer
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" = C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Disabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe" = E:\Program Files\Changetech\iSpeak7.0\iSpeak.exe:*:Disabled:iSpeak7.0 -- (上海勤和互联网技术软件开发有限公司)
"E:\wanmeicn\ec_patch_388-564.exe" = E:\wanmeicn\ec_patch_388-564.exe:*:Disabled:@xpsp2res.dll,-22008
"E:\《完美世界》国际版\ec_patch_113-230.cup.exe" = E:\???????\ec_patch_113-230.cup.exe:*:Disabled:@xpsp2res.dll,-22008
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Ragnarok\Offline\Server\char-server.exe" = C:\Program Files\Ragnarok\Offline\Server\char-server.exe:*:Enabled:char-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\map-server.exe" = C:\Program Files\Ragnarok\Offline\Server\map-server.exe:*:Enabled:map-server -- ()
"C:\Program Files\Ragnarok\Offline\Server\login-server.exe" = C:\Program Files\Ragnarok\Offline\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\char-server.exe" = F:\Program Files\Gravity\ERO\Server\char-server.exe:*:Enabled:char-server -- ()
"F:\Program Files\Gravity\ERO\Server\login-server.exe" = F:\Program Files\Gravity\ERO\Server\login-server.exe:*:Enabled:login-server -- ()
"F:\Program Files\Gravity\ERO\Server\map-server.exe" = F:\Program Files\Gravity\ERO\Server\map-server.exe:*:Enabled:map-server -- ()
"F:\Program Files\Gravity\GeoRo\Server\char-server.exe" = F:\Program Files\Gravity\GeoRo\Server\char-server.exe:*:Enabled:char-server
"F:\Program Files\Gravity\GeoRo\Server\login-server.exe" = F:\Program Files\Gravity\GeoRo\Server\login-server.exe:*:Enabled:login-server
"F:\Program Files\Gravity\GeoRo\Server\map-server.exe" = F:\Program Files\Gravity\GeoRo\Server\map-server.exe:*:Enabled:map-server
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\char-server.exe:*:Enabled:char-server -- ()
"F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe" = F:\Ragnarok Offline\Yare-CVS\yare_CVS-06-10-03\yare\login-server.exe:*:Enabled:login-server -- ()
"C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN" = C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Maxis Broadband\Maxis Broadband.exe" = C:\Program Files\Maxis Broadband\Maxis Broadband.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\gwhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\vtah.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\aapvj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpqok.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winkcwy.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winriobwh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winebxohg.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjtia.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winnhtljk.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winhgfeeq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winxiale.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ooyntv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqvrun.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ovwhi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winifodds.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ealbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\oebp.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winvubm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ieae.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\windichip.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qkqjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\uasht.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\xqas.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\fmcb.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winksji.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wintlly.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\lbkw.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dpani.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpxfj.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ndkbkd.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winovvt.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winqcel.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winawdow.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\dypudq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\qopxq.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winfoyc.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winthllvh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winubliuq.exe:*:Enabled:ipsec
"C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" = C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE:*:Enabled:ipsec -- (Dritek System Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winquesm.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winpivvo.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\wincfam.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winybis.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winehnvng.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\sihi.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\howqv.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\tpxjh.exe:*:Enabled:ipsec
"C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\ixgtv.exe:*:Enabled:ipsec
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\OpenOffice.org 2.0\program\soffice.exe" = C:\Program Files\OpenOffice.org 2.0\program\soffice.exe:*:Enabled:ipsec -- (OpenOffice.org)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ElkCtrl.exe" = C:\WINDOWS\system32\ElkCtrl.exe:*:Enabled:ipsec -- (Logitech Inc.)
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe:*:Enabled:ipsec -- (Nero AG)
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" = C:\Program Files\ATI Technologies\ATI.ACE\cli.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:ipsec -- (Synaptics, Inc.)
"C:\WINDOWS\Alaunch.exe" = C:\WINDOWS\Alaunch.exe:*:Enabled:ipsec -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe:*:Enabled:ipsec -- (HiTRUST)
"C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe" = C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\WINDOWS\system32\Ati2evxx.exe" = C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ipsec -- (ATI Technologies Inc.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe" = C:\DOCUME~1\Peter\LOCALS~1\Temp\winjoyqoi.exe:*:Enabled:ipsec
"C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" = C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe:*:Enabled:ipsec -- (CyberLink Corp.)
"C:\WINDOWS\system32\ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\virus 20 06 2012\OTL.exe" = C:\virus 20 06 2012\OTL.exe:*:Enabled:ipsec -- (OldTimer Tools)
"C:\ComboFix\CF7338.3XE" = C:\ComboFix\CF7338.3XE:*:Enabled:ipsec -- ()
"c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" = c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe:*:Enabled:ipsec -- (Logitech)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPCDetector.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPCDetector.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYConfig.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYConfig.exe:*:Enabled:QQ????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLiveup.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLiveup.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLevel.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYLevel.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYDict.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYDict.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegDict.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegDict.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegSkin.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeRegSkin.exe:*:Enabled:QQ??????????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeDownload.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQImeDownload.exe:*:Enabled:QQ??????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYMBlog.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYMBlog.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYHandInput.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYHandInput.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYCloud.exe" = C:\Program Files\Tencent\QQPinyin\4.5.1206.400\QQPYCloud.exe:*:Enabled:QQ???????? -- (Tencent)
"C:\Program Files\Common Files\Tencent\QQDownload\110\Tencentdl.exe" = C:\Program Files\Common Files\Tencent\QQDownload\110\Tencentdl.exe:*:Enabled:ѶƷ -- (Tencent)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0357458A-7259-4CFD-AF7F-69410DD33821}" = Easy Flyer Creator
"{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}" = OpenOffice.org 2.0
"{0C9C323B-395D-4483-A444-F7E11EE5B610}_is1" = BMO WORLD 4.4.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{227E06B7-1AD8-4BA5-9298-C37237A58F72}" = Celcom Desktop CPPRS Setup
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{269683A1-7486-4D6F-93CC-91D4BE808025}" = UG-04
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}" = Norton Ghost 10.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{3A24088A-8940-408F-BA98-7A32FDBC3E04}" = UG-00-V1
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{656BE550-DC84-40C6-AF0F-2688ED441FB3}" = UG-00-V1
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{76FFD3FD-26EF-438B-9A56-B4908AC14319}" = UG-05
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{94A7D275-E658-4B29-8C7F-2AAEF6CF453F}" = DAEMON Tools
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD90297F-EE7D-4E91-A27E-04A7331B1C92}" = UG-04
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84AD4D2-A9C2-4455-AE12-CFCBB824FCDD}" = UG-05
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F86E01B6-A97B-4023-BEEE-CBADC56BC436}" = SexyBeach2
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"Qonline_is1" = Qonline
"7-Zip" = 7-Zip 4.42
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"am-totemtribe" = Totem Tribe
"ARO 2012_is1" = ARO 2012
"ATI Display Driver" = ATI Display Driver
"audcle" = Plus! MP3 Audio Converter LE
"Balloon Blast_is1" = Balloon Blast
"Big Kahuna Reef 2 - Chain Reaction_is1" = Big Kahuna Reef 2 - Chain Reaction
"BitComet" = BitComet 1.06
"Bob the Builder Can Do Zoo1.0" = Bob the Builder Can Do Zoo
"Burger Island_is1" = Burger Island
"Burger Rush" = Burger Rush
"Burger Shop" = Burger Shop (remove only)
"Burger Shop by mrs.apple" = Burger Shop by mrs.apple
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chameleon Gems" = Chameleon Gems
"Cheatbook Database 2012" = Cheatbook Database 2012
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"DivXG400" = DivXG400
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"ePresentation" = Acer ePresentation Management
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Farm Frenzy" = Farm Frenzy
"Farm Frenzy - Pizza Party 1.0.1.0" = Farm Frenzy - Pizza Party 1.0.1.0
"Farm Mania 2_is1" = Farm Mania 2
"Feeding Frenzy 2" = Feeding Frenzy 2
"FiberTwig" = FiberTwig
"Fishdom" = Fishdom (remove only)
"Gearz" = Gearz
"Glary Registry Repair_is1" = Glary Registry Repair 3.2.0.828
"GridVista" = Acer GridVista
"Gutterball 2" = Gutterball 2
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"ie8" = Windows Internet Explorer 8
"Incredible Ink" = Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"Island Realms" = Island Realms
"iSpeak7.0" = iSpeak 7.0
"iWinArcade" = iWin Games (remove only)
"Janes Zoo_is1" = Janes Zoo
"Jewel Quest_is1" = Jewel Quest
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"LimeWire" = LimeWire 4.18.8
"Liong The Dragon Dance_is1" = Liong The Dragon Dance
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LManager" = Launch Manager
"Luxor" = Luxor
"Luxor: Amun Rising" = Luxor: Amun Rising
"MagicInlay" = MagicInlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Maxis Broadband" = Maxis Broadband
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" =
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSNINST" = MSN
"NJStar Communicator" = NJStar Communicator
"NuB2Codec" = NuB2 For Windows Codec (1.0.0.1)
"Pizza Frenzy" = Pizza Frenzy
"Platypus" = Platypus
"ProInst" = Intel® PROSet/Wireless Software
"QQ拼音输入法" = QQ拼音输入法4.5
"Ragnarok Offline" = Ragnarok Offline 1.20
"Rainbow Drops Buster_is1" = Rainbow Drops Buster
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secrets of Six Seas" = Secrets of Six Seas (remove only)
"Snowy Lunch Rush_is1" = Snowy Lunch Rush
"Snowy Treasure Hunter 3_is1" = Snowy Treasure Hunter 3
"Snowy: Treasure Hunter 2" = Snowy: Treasure Hunter 2
"Snowy: Treasure Hunter 3" = Snowy: Treasure Hunter 3
"ST6UNST #1" = DiGi MyKad Prepaid Registration
"Supercow_is1" = Supercow
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.20_is1" = Total Video Converter 3.20 090104
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"beanfun!" = beanfun!

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29-Sep-2012 11:43:48 AM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 11:51:08 AM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 12:58:17 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 1:10:20 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 1:11:46 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 1:18:00 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 1:29:24 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 29-Sep-2012 1:36:12 PM | Computer Name = ACER-8C1E498EF8 | Source = Application Error | ID = 1000
Description = Faulting application powerdvd9.exe, version 9.0.2115.0, faulting module
dxm_x.imp, version 9.0.2115.0, fault address 0x00010215.

Error - 30-Sep-2012 9:31:20 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

Error - 02-Oct-2012 12:17:16 PM | Computer Name = ACER-8C1E498EF8 | Source = MsiInstaller | ID = 11719
Description = Product: PowerDVD -- Error 1719.Windows Installer service could not
be accessed. Contact your support personnel to verify that it is properly registered
and enabled.

[ System Events ]
Error - 04-Oct-2012 8:22:26 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 04-Oct-2012 8:22:26 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 04-Oct-2012 8:22:26 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 04-Oct-2012 8:22:27 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 04-Oct-2012 8:22:27 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 04-Oct-2012 8:22:27 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 04-Oct-2012 8:22:28 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service Symantec Core
LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}

Error - 04-Oct-2012 8:22:28 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Symantec Core LC service
to connect.

Error - 04-Oct-2012 8:22:28 PM | Computer Name = ACER-8C1E498EF8 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%1053

Error - 04-Oct-2012 8:22:29 PM | Computer Name = ACER-8C1E498EF8 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {121BC3CF-7F8A-4CFF-80DB-3853231BE619}.
The
error: "%2" Happened while starting this command: "C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe"
-Embedding


< End of report >
  • 0

#70
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
UPHClean fail to install .. it needs a working windows installer ..
  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Method 1 Verify the DCOM Permissions

========================

1. Log on an account with administrator privileges.

2. Click Start, type dcomcnfg, and then press Enter.

3. Expand Component Services and Computers, right click My Computer and select Properties.

4. On the Default properties tab:

5. In the Default Authentication Level list, click Connect.

6. In the Default Impersonation Level list, click Identify, and then click OK.



Method 2 Give Full Control Permission to the SYSTEM Account

=======================================

1. Start Windows Explorer, right-click the computers root hard drive, and then click Properties.

2. Click the Security tab, and then click Edit.

3. In the Group or user names box, click the SYSTEM account.

4. Under Allow, make sure the Full Control checkbox is checked , and then click OK.



Method 3 Verify the Registry Permissions

==========================

1. Click Start, type Regedt32 and then press Enter.

2. Select HKEY_CLASSES_ROOT, on the Edit menu, click Permissions.

3. Verify that the SYSTEM account has been added and that it has Full control. If it does not, add the SYSTEM account with Full control.

4. Please use the same method to give Full control permission to the following registry keys:



HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_CONFIG



Method 4 Verify the Windows Installer service properties

===================================

1. Open the Service control panel by searching for services.msc on the Start Menu.

2. Right-click on Windows Installer and then select Properties.

3. Verify that the service is set to Manual Startup type and that the path to the executable is c:\Windows\system32\msiexec /V. (I am assuming C is your system drive)

4. Verify that the service is set to Log on as the Local System account on the Log On tab.
  • 0

#72
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
HKEY_CURRENT_CONFIG contain:

Account Unknown(S-1-5-32-547)
Allow - Read
  • 0

#73
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
services.msc

Windows Installer not found ...
  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
see next post
  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Download the msiserver.reg file in the previous post and save it to your desktop. Right click on it and Merge. If you don't get an error then look in services.msc again and see if you now have windows installer. Will it Start?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP