Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirecting Virus Please Help

Started by squall.eu , Sep 06 2012 03:25 PM

  • Please log in to reply

#1
squall.eu
Posted 06 September 2012 - 03:25 PM

squall.eu

    New Member

  • Member
  • Pip
  • 5 posts
Hi everybody,
I spent last few days trying to get rid of this horrible virus.I've tried simply everything, TDSS rootkit removing tool and TDSS Fix Tool don't even want to start (also changed file names and extensions - still nothing). Any Anti-Virus/Anti-Malware software don't find anything as well as other small removal tools (fix zero access, rootkitremover etc.) Google search results redirect me to random adverts websites, both IE and Firefox work extremely slooooow. Don't know what else can I do, so as a last hope I'm asking you guys for some help. Pls find enclosed logs from OTL. Your help would be much appreciated.Thx
  • 0

Advertisements

#2
squall.eu
Posted 06 September 2012 - 03:26 PM

squall.eu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 06/09/2012 21:49:34 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Squall\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 42.70% Memory free
7.35 Gb Paging File | 5.01 Gb Available in Paging File | 68.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.76 Gb Total Space | 367.98 Gb Free Space | 82.18% Space Free | Partition Type: NTFS
Drive W: | 232.83 Gb Total Space | 36.27 Gb Free Space | 15.58% Space Free | Partition Type: FAT
Drive X: | 443.23 Gb Total Space | 374.74 Gb Free Space | 84.55% Space Free | Partition Type: NTFS
Drive Y: | 146.48 Gb Total Space | 108.76 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive Z: | 341.79 Gb Total Space | 341.49 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: SQUALL-ACER8943 | User Name: Squall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/06 21:49:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Squall\Downloads\OTL.scr
PRC - [2012/06/22 15:34:12 | 002,673,624 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2012/06/22 14:21:46 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 06:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/09 00:56:22 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/08 03:36:42 | 004,204,400 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
PRC - [2010/03/08 03:36:28 | 003,577,712 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2010/03/08 03:36:24 | 003,456,880 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2010/03/08 03:35:54 | 003,367,792 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/02 00:56:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/02/09 19:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/02/01 19:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/01/30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/25 02:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/25 02:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 20:01:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/13 20:01:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/13 00:46:00 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/13 00:45:47 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/13 00:45:43 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/13 00:45:37 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/13 00:45:35 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/05/13 14:05:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012/05/13 14:04:30 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\d4536a218c5ab9ba3518030444e73118\UIAutomationTypes.ni.dll
MOD - [2012/05/13 14:04:30 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\ecbeb1905e243a1665d0b718f35867f7\UIAutomationProvider.ni.dll
MOD - [2012/05/13 14:04:29 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\367837cb7f83c9e52f09278f4e6c3ccd\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 14:04:23 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/13 14:04:23 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\60ecaf9aecbc69812f7cbdcec86ab5b9\System.Xml.Linq.ni.dll
MOD - [2012/05/13 14:01:34 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/05/13 13:55:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 13:54:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/13 13:54:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/13 13:54:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/13 13:54:26 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/13 13:54:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/13 00:22:33 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 00:19:55 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/13 00:19:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/13 00:19:51 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\ae351af49028e7faf15334c7b0d2cacf\System.Security.ni.dll
MOD - [2012/05/13 00:19:45 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/13 00:19:40 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/04/09 21:00:20 | 000,115,137 | ---- | M] () -- C:\Users\Squall\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/04 06:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/06 00:41:39 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/01/10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/01/10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/01/10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/01/10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/21 08:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/03/10 09:36:42 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/22 06:46:19 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2009/01/15 12:21:25 | 000,048,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Home Base Control Center\Hbapcs.exe -- (Belkin Home Base Control Center Service)
SRV:64bit: - [2007/02/12 09:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdcoreservice)
SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 14:21:46 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/17 20:13:15 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/08 03:36:24 | 003,456,880 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 19:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/22 15:35:22 | 000,092,928 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/06/22 15:35:00 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/06/22 15:29:48 | 000,341,200 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/06/22 14:21:48 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2012/06/22 14:21:48 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2012/06/22 14:21:48 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2012/06/22 11:39:20 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/10 15:46:20 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/02/16 01:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/16 01:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/01/29 00:04:03 | 004,572,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/06/06 19:28:14 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/21 07:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/21 07:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/04/21 02:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/14 11:39:40 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/07 21:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/05 11:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/05 07:38:20 | 000,075,624 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 16:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/14 21:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/18 08:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/13 16:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/13 16:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/12 16:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
DRV:64bit: - [2010/01/11 11:48:00 | 000,050,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdgx64.sys -- (O2SDGRDR)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/31 23:36:18 | 000,006,656 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidshim.sys -- (hidshim)
DRV:64bit: - [2009/08/31 23:36:16 | 000,026,624 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys -- (nuvotonhidcir)
DRV:64bit: - [2009/08/31 21:45:20 | 000,068,096 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuvotonir.sys -- (nuvotonir)
DRV:64bit: - [2009/08/31 20:42:04 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 11:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/22 08:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 09:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 09:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010/02/25 18:32:54 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/06/06 19:55:02] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl -- ({6E090BD5-4EF5-4bf0-A968-74049E88E935})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...33z105t5611l44s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...33z105t5611l44s
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...33z105t5611l44s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...33z105t5611l44s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...33z105t5611l44s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB435GB435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2012/09/03 01:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/05 22:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/14 15:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/09/03 01:18:00 | 000,000,000 | ---D | M]

[2011/07/10 10:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Squall\AppData\Roaming\Mozilla\Extensions
[2011/07/10 10:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Squall\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Squall\AppData\Roaming\Mozilla\Firefox\Profiles\h26qwkkq.default\extensions
[2012/09/03 01:21:03 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Squall\AppData\Roaming\Mozilla\Firefox\Profiles\h26qwkkq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Squall\AppData\Roaming\Mozilla\Firefox\Profiles\h26qwkkq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Squall\AppData\Roaming\Mozilla\Firefox\Profiles\h26qwkkq.default\extensions\[email protected]
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Squall\AppData\Roaming\Mozilla\Firefox\Profiles\h26qwkkq.default\extensions\trash
[2012/02/13 00:16:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/14 15:59:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/13 00:15:55 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/13 00:15:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/13 00:15:55 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/13 00:15:55 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/13 00:15:55 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Squall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk = File not found
O4 - Startup: C:\Users\Squall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78060EDA-3B58-4935-894E-267A245168CD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{793530DD-1151-4629-9B9A-62989555314E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 00:59:17 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\abc123.com
[2012/09/05 22:57:52 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/09/05 22:57:52 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/09/05 22:57:52 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/09/05 22:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/09/05 22:24:04 | 000,179,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2012/09/05 22:24:04 | 000,119,688 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2012/09/05 22:24:04 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2012/09/05 22:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/09/05 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\Squall\AppData\Roaming\PC Tools
[2012/09/05 21:53:29 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/09/05 21:53:26 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/09/05 21:53:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0922.old
[2012/09/05 21:53:25 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/09/05 21:53:25 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0922.old
[2012/09/05 21:53:25 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/09/05 21:52:29 | 000,341,200 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/09/05 21:52:29 | 000,145,464 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/09/05 21:52:18 | 000,014,808 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/09/05 21:52:16 | 000,092,928 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/09/05 21:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/09/05 21:48:39 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/09/05 21:48:39 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/09/05 21:48:35 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/09/05 21:48:34 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/09/05 21:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/05 21:30:31 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\aaasss.com
[2012/09/03 22:38:42 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/09/03 02:00:51 | 000,000,000 | ---D | C] -- C:\Users\Squall\AppData\Roaming\Malwarebytes
[2012/09/03 02:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/03 02:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/03 02:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/03 00:05:36 | 000,000,000 | ---D | C] -- C:\Users\Squall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/08/28 22:12:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2012/08/28 22:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Printers

========== Files - Modified Within 30 Days ==========

[2012/09/06 21:44:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 21:44:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 21:39:35 | 000,001,225 | ---- | M] () -- C:\Users\Squall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Home Base Control Center.lnk
[2012/09/06 21:39:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 21:38:19 | 002,613,269 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/06 21:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 21:36:35 | 2960,494,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 00:59:18 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\abc123.scr
[2012/09/06 00:26:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 00:04:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/05 22:53:47 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/09/05 21:48:18 | 000,001,503 | ---- | M] () -- C:\Users\Squall\Desktop\sdsetup.exe.lnk
[2012/09/05 21:45:04 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/09/05 21:30:32 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\aaasss.scr
[2012/09/04 23:00:11 | 000,007,609 | ---- | M] () -- C:\Users\Squall\AppData\Local\Resmon.ResmonCfg
[2012/09/04 00:00:37 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2012/09/03 02:00:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/03 00:05:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEBr
[2012/09/03 00:05:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEB
[2012/09/03 00:05:36 | 000,000,368 | ---- | M] () -- C:\ProgramData\2JzYIxTdF1wsEB
[2012/09/03 00:02:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\qo8OY8Cw98d9gz
[2012/09/03 00:02:01 | 000,000,112 | ---- | M] () -- C:\ProgramData\CbSRNePlsJZk9k
[2012/09/02 21:17:18 | 002,136,818 | ---- | M] () -- C:\Users\Squall\Desktop\v5c_2 ro60hku.jpg
[2012/08/28 23:37:08 | 000,022,826 | ---- | M] () -- C:\Users\Squall\Desktop\breville.jpg
[2012/08/28 00:20:10 | 000,008,048 | ---- | M] () -- C:\Users\Squall\Desktop\ryan conversion.ods
[2012/08/27 22:09:19 | 000,669,870 | ---- | M] () -- C:\Users\Squall\Desktop\www.bookryanair.com - booking W&A OCT.pdf
[2012/08/27 22:02:44 | 000,672,089 | ---- | M] () -- C:\Users\Squall\Desktop\www.bookryanair.com - booking AGA.pdf
[2012/08/22 00:20:52 | 000,052,136 | ---- | M] () -- C:\Users\Squall\Desktop\Google Accounts 123Qwerty.pdf
[2012/08/16 23:59:46 | 000,000,551 | ---- | M] () -- C:\Users\Squall\AppData\Roaming\AutoGK.ini
[2012/08/16 22:06:20 | 000,379,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/09 21:32:44 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Lifetime Updater.lnk
[2012/08/08 23:10:30 | 000,180,329 | ---- | M] () -- C:\DIR655 SETTINGS 08082012.gws

========== Files Created - No Company Name ==========

[2012/09/05 22:53:47 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/09/05 22:24:23 | 002,613,269 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/05 21:53:28 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/09/05 21:53:28 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0922.old
[2012/09/05 21:53:27 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/09/05 21:53:26 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/09/05 21:53:26 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/09/05 21:53:25 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/09/05 21:48:18 | 000,001,503 | ---- | C] () -- C:\Users\Squall\Desktop\sdsetup.exe.lnk
[2012/09/04 23:00:11 | 000,007,609 | ---- | C] () -- C:\Users\Squall\AppData\Local\Resmon.ResmonCfg
[2012/09/04 00:00:37 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2012/09/03 02:00:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/03 00:05:37 | 000,000,160 | ---- | C] () -- C:\ProgramData\-2JzYIxTdF1wsEBr
[2012/09/03 00:05:37 | 000,000,144 | ---- | C] () -- C:\ProgramData\-2JzYIxTdF1wsEB
[2012/09/03 00:05:32 | 000,000,368 | ---- | C] () -- C:\ProgramData\2JzYIxTdF1wsEB
[2012/09/03 00:02:30 | 000,000,256 | ---- | C] () -- C:\ProgramData\qo8OY8Cw98d9gz
[2012/09/03 00:02:01 | 000,000,112 | ---- | C] () -- C:\ProgramData\CbSRNePlsJZk9k
[2012/09/02 21:17:18 | 002,136,818 | ---- | C] () -- C:\Users\Squall\Desktop\v5c_2 ro60hku.jpg
[2012/08/28 23:37:07 | 000,022,826 | ---- | C] () -- C:\Users\Squall\Desktop\breville.jpg
[2012/08/28 00:20:09 | 000,008,048 | ---- | C] () -- C:\Users\Squall\Desktop\ryan conversion.ods
[2012/08/27 22:09:19 | 000,669,870 | ---- | C] () -- C:\Users\Squall\Desktop\www.bookryanair.com - booking W&A OCT.pdf
[2012/08/27 22:02:44 | 000,672,089 | ---- | C] () -- C:\Users\Squall\Desktop\www.bookryanair.com - booking AGA.pdf
[2012/08/22 00:20:53 | 000,052,136 | ---- | C] () -- C:\Users\Squall\Desktop\Google Accounts 123Qwerty.pdf
[2012/08/08 23:10:29 | 000,180,329 | ---- | C] () -- C:\DIR655 SETTINGS 08082012.gws
[2012/01/31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/29 22:29:18 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/29 22:29:17 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/29 22:29:15 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/29 01:47:22 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2012/01/17 22:47:27 | 000,000,551 | ---- | C] () -- C:\Users\Squall\AppData\Roaming\AutoGK.ini
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/11/10 22:36:21 | 000,000,000 | ---- | C] () -- C:\Users\Squall\AppData\Local\{558797F7-BBC5-4686-BF57-3150EF8CE53B}
[2011/09/13 21:50:35 | 000,000,000 | ---- | C] () -- C:\Users\Squall\AppData\Local\{65D2F199-2632-4051-93E7-BB780A81E913}
[2011/06/07 11:11:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/07 11:06:18 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/06/06 19:33:45 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2011/06/06 19:33:45 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/06 19:33:45 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/06/06 19:33:45 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/06/06 19:33:45 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/06/06 19:33:45 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/06/06 17:46:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/06 17:43:55 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/04/28 12:36:25 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011/06/21 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Canon
[2011/08/12 23:47:00 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/03 01:20:46 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\EgisTec
[2012/09/03 01:20:47 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Garmin
[2012/09/04 00:31:45 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\GHISLER
[2012/09/03 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\IrfanView
[2011/06/07 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\NetMeter
[2012/09/03 01:21:05 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Nokia
[2012/03/09 00:46:22 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Nokia Suite
[2012/09/03 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\OpenOffice.org
[2012/02/08 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\PC Suite
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\PDF Writer
[2012/09/03 01:26:05 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\PowerCinema
[2012/08/09 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\QuickScan
[2012/09/03 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Samsung
[2011/06/07 11:06:13 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\ScanSoft
[2012/04/09 21:01:09 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Temp
[2011/12/02 21:15:07 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\TestApp
[2012/09/03 01:21:22 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\TomTom
[2011/09/08 23:07:43 | 000,000,000 | ---D | M] -- C:\Users\Squall\AppData\Roaming\Zoner
[2012/08/15 21:33:52 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

#3
squall.eu
Posted 06 September 2012 - 03:27 PM

squall.eu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 06/09/2012 21:49:35 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Squall\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.68 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 42.70% Memory free
7.35 Gb Paging File | 5.01 Gb Available in Paging File | 68.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.76 Gb Total Space | 367.98 Gb Free Space | 82.18% Space Free | Partition Type: NTFS
Drive W: | 232.83 Gb Total Space | 36.27 Gb Free Space | 15.58% Space Free | Partition Type: FAT
Drive X: | 443.23 Gb Total Space | 374.74 Gb Free Space | 84.55% Space Free | Partition Type: NTFS
Drive Y: | 146.48 Gb Total Space | 108.76 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive Z: | 341.79 Gb Total Space | 341.49 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: SQUALL-ACER8943 | User Name: Squall | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15DDE6CB-10DB-4E7F-B1CB-896185B517C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{192464B7-3949-4FBD-B130-03FB45145DAE}" = lport=445 | protocol=6 | dir=in | app=system |
"{26C59E17-4326-40AD-8F26-C41FC6FFF580}" = rport=138 | protocol=17 | dir=out | app=system |
"{30A69283-2F4D-4F07-9A0F-20A5EAE3E5AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{36FEF48F-1733-42E1-88D9-EC25AFE1AC3C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3710B826-7A8F-45D5-A048-327264AF377B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3DAC2928-798D-441E-BE87-CB693B4C6A72}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E4DD7F2-A833-4213-8CA5-7AE98DF5044B}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{4F9F8FC7-13FF-402A-860D-B2D190CEE6E7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F928DE2-FB9B-4E04-92E8-785687373C1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79A175B7-70FB-4210-A8E8-309E8AFB4282}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79B1ECD9-BD5D-47D5-84F1-D425B2717EC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{883BA8EC-E996-4B66-9797-74DCE09652B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EAB29F5-1DE3-4205-AC49-6D34F69934CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96D8E093-5D21-4510-A97C-0D6BA144BDA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{97ED2268-E811-4C57-A8BD-21C1D3075B45}" = rport=137 | protocol=17 | dir=out | app=system |
"{A2DF859F-8FC7-4441-AA4C-EBD849A6BAE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADF2BD53-78CE-4C34-B4C7-213D0703F3F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B3B34422-405A-426A-9728-4D92AB84F503}" = lport=137 | protocol=17 | dir=in | app=system |
"{C34795AC-EA3A-4AF8-BE6A-9B746EB1923B}" = lport=139 | protocol=6 | dir=in | app=system |
"{CEB7F32D-3B47-4034-A2E4-C991C20A60BB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CFD2414E-3D34-4260-8B96-9A1F00FB9584}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D253DC2D-4C7A-4166-88AF-1978ACFE2A34}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E0F0C400-1A76-4011-A4E9-05CB93ED4812}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA20EB0E-5D1F-4C52-AF24-E96A695D3FB6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5BE97EC-90DD-488C-86DF-595F033E83C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFE445F-4C60-4DB8-BF5E-B066A5423A3B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{1429FC7E-5A60-4530-A983-AA80BBB8A88C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{149C37E3-6667-44E9-8475-A8E6744F6369}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{16DA3CE4-F28A-4070-8009-8F5A985C8D53}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1A1F9B9E-6644-421A-A18E-C1173EB13E7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A504D8E-0DDF-44E2-873E-B7CAD4234DE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20E8CF5A-3E00-4ECC-956F-38873048931F}" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |
"{27BAF57B-3C4E-4CDE-85FF-2F026A9B92DA}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{3572800E-74D5-4980-BF71-245FAF1E76E5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39D878C4-1BD6-49ED-B32C-BB56874B26E3}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{3A52A121-CE37-459E-93BC-7B452643C0EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BA3CDDD-A237-45A6-AF24-A557EBE373EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44B8EB2E-F212-4C06-9489-C4847C3B7FBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58991652-E3FA-40B3-ADC0-EED16753E0E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58A4F0CF-7DB6-4173-83D8-73FA5BF13CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5BBBB48C-17C1-46C8-BACD-2663B4AD2EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5DC13F88-6CF7-44D9-A158-5F212D63965B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{6162C2F0-FC7B-4843-B148-759D091CD65F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C8ECA39-F6CC-4F68-BB52-19453DEEEDAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{728CA0BA-4F5F-489B-8F7F-AA135F218ADA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7359588D-76AC-4590-B14A-75BF9A39E431}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{79399B22-33AB-43BE-B5A4-ED28B3A7BD3D}" = protocol=6 | dir=out | app=system |
"{7E18D4B6-FDCA-456B-B7F6-F387170600BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8AD2E005-686C-468F-9110-F477C54A4055}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8BCB362C-1236-4383-A770-9CEE3726FA57}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{8E984A7C-0784-49D8-9698-CD41ED944E16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F99C8EC-54A4-49FE-A073-940BBC740637}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{930A03F7-6D44-4931-9E6F-EEFAACCB2A23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A724D2DF-569E-4298-BD59-CB32D3EC07EF}" = protocol=1 | dir=in | [email protected],-28543 |
"{ADAA4FD6-6E50-4544-854C-6693C48978A0}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{AE292B72-45B8-4C18-A9C4-D80AFEEAC0C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEBC8C1E-A015-44A8-A1C1-233920278C41}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B16C524A-73F0-40DD-9C29-6D9D8D73DC4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B689E457-87A3-477A-813E-5CF9A6311CCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDC772AF-6169-498E-9E2B-423B1EF18592}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEDA1EEE-1444-4D32-A294-862B2D4720D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C30F8B95-EA8C-409A-A10B-A331670A0BDB}" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |
"{C8C46744-78E5-48F5-952B-A42598B0DEE1}" = protocol=58 | dir=out | [email protected],-28546 |
"{D2119D0A-D6B4-4FC0-8D67-F27A3890CB01}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D2C90850-FBAD-46B9-AE22-A6D26736E088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9ED02D0-25F5-49AE-81AF-DF640C67C5FE}" = protocol=58 | dir=in | [email protected],-28545 |
"{DC840AD4-E104-4D47-B890-B2549BFAEEEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD345655-3BD2-4EDF-9BD8-7B83EF127914}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF05DF0B-B252-4CEE-89D6-6E7493FF1220}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E1B20726-4B76-426F-8E63-5C9EE46585ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E26565F1-FB83-4BF9-9588-B85591B23A31}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EDD1D969-3F15-4944-A830-16FDA1CA123D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{EE66F492-EEBD-48A5-8973-AD297934D999}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2BCAB15-23CD-41BB-95F8-6086F41882D6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F4F5172F-D112-4343-9D00-BA7AD1361AEF}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD14B1D4-6F14-45D2-911E-D95BA2108B01}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{FF890F9C-0BF4-4508-8E2A-CA2EB12B5D7A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"TCP Query User{A7C10FA5-FADE-4F56-AAB6-9C1090FCC99D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{CD390038-1BD2-49A5-AD7C-FA8EB2E64BFE}C:\program files\belkin\home base control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |
"UDP Query User{73F68F20-EDCE-46EB-9E92-B309210AEF1C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{FA1C7797-3DFC-4AB6-B3A4-E9453E21A52F}C:\program files\belkin\home base control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AFC44A23-E6A8-4625-B6B1-23D438525D59}" = O2Micro 1394 OHCI Compliant Host Controller Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Belkin Home Base Control Center" = Belkin Home Base Control Center
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}" = Flash Drive Tester v1.14
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{48BCA9A6-1D2A-4E4B-BB55-F82A888CE344}" = Garmin POI Loader
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{90573AE3-E7FC-4A5C-A7FB-D2E1482BA84A}" = Acer Arcade Instant On
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{B6E1FE30-4AB3-48B8-BDA9-6027B0CBC694}" = Power Finder
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F55A5517-4AD4-4F5D-9290-2862E623C12B}" = Tesco Complete Office
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Guard 4.0
"Flash Memory Toolkit trial_is1" = Flash Memory Toolkit trial 2.01
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}" = O2Micro 1394 OHCI Compliant Host Controller Driver
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"Nokia Suite" = Nokia Suite
"Recovery Toolbox for Excel_is1" = Recovery Toolbox for Excel 1.1
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13 FREE

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2012 17:56:23 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 17/03/2012 17:56:25 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 17/03/2012 17:56:26 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 17/03/2012 17:56:26 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/03/2012 17:11:07 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 31/03/2012 17:12:20 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 01/04/2012 11:02:07 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 01/04/2012 11:02:48 | Computer Name = Squall-Acer8943 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 09/04/2012 17:48:34 | Computer Name = Squall-Acer8943 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 10.0.2.4428,
time stamp: 0x4f3cdac0 Faulting module name: ole32.dll, version: 6.1.7600.16624,
time stamp: 0x4c297c56 Exception code: 0xc0000005 Fault offset: 0x0002f36a Faulting
process id: 0xa18 Faulting application start time: 0x01cd169a753d165d Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\syswow64\ole32.dll Report Id: c0e3eddb-828d-11e1-a88d-c80aa97d5884

Error - 10/04/2012 16:13:36 | Computer Name = Squall-Acer8943 | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 10.0.2.4428,
time stamp: 0x4f3cdac0 Faulting module name: ole32.dll, version: 6.1.7600.16624,
time stamp: 0x4c297c56 Exception code: 0xc0000005 Fault offset: 0x0002f36a Faulting
process id: 0xe24 Faulting application start time: 0x01cd1754f1bff444 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\syswow64\ole32.dll Report Id: a6d413bc-8349-11e1-9632-acec28a17815

[ System Events ]
Error - 05/09/2012 20:26:25 | Computer Name = Squall-Acer8943 | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 05/09/2012 20:26:25 | Computer Name = Squall-Acer8943 | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 05/09/2012 20:26:25 | Computer Name = Squall-Acer8943 | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 05/09/2012 20:26:39 | Computer Name = Squall-Acer8943 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD archlp DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy pavboot
pctgntdi
PCTSD
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl

Error - 06/09/2012 16:37:03 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 06/09/2012 16:37:07 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 06/09/2012 16:37:22 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 06/09/2012 16:37:22 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 06/09/2012 16:37:23 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 06/09/2012 16:40:47 | Computer Name = Squall-Acer8943 | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
  • 0

#4
RKinner
Posted 06 September 2012 - 07:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c


:OTL
[2012/09/03 00:05:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEBr
[2012/09/03 00:05:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEB
[2012/09/03 00:05:36 | 000,000,368 | ---- | M] () -- C:\ProgramData\2JzYIxTdF1wsEB
[2012/09/03 00:02:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\qo8OY8Cw98d9gz
[2012/09/03 00:02:01 | 000,000,112 | ---- | M] () -- C:\ProgramData\CbSRNePlsJZk9k

:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09062012-some number.log.

If any of the following do not want to work, just skip them and go on to the next one.


  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • attach the RKreport.txt located on your desktop.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.




Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#5
squall.eu
Posted 07 September 2012 - 03:12 PM

squall.eu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you very much for your response. I run OTL using the commands you gave me, tried TDSSkiller after computer rebooted, but still doesn't start. Google still redirects, I even got a bluescreen once now when browsing web. Pls find below the report from OTL run
========== OTL ==========
C:\ProgramData\-2JzYIxTdF1wsEBr moved successfully.
C:\ProgramData\-2JzYIxTdF1wsEB moved successfully.
C:\ProgramData\2JzYIxTdF1wsEB moved successfully.
C:\ProgramData\qo8OY8Cw98d9gz moved successfully.
C:\ProgramData\CbSRNePlsJZk9k moved successfully.
========== FILES ==========
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Squall
->Flash cache emptied: 2553 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Squall
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 09072012_213049

Anything else I can/should do. Can you actually see in OTL logs that my computer is infected? Thanks for your help so far. Greetings
  • 0

#6
RKinner
Posted 07 September 2012 - 03:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
These entries in OTL are obvious malware:

[2012/09/03 00:05:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEBr
[2012/09/03 00:05:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-2JzYIxTdF1wsEB
[2012/09/03 00:05:36 | 000,000,368 | ---- | M] () -- C:\ProgramData\2JzYIxTdF1wsEB
[2012/09/03 00:02:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\qo8OY8Cw98d9gz
[2012/09/03 00:02:01 | 000,000,112 | ---- | M] () -- C:\ProgramData\CbSRNePlsJZk9k

There's probably more but the standard scan doesn't show all of the possible points. I do another scan toward the end which shows a lot more.


Please try the other scans. If one won't work go on to the next one.
  • 0

#7
squall.eu
Posted 09 September 2012 - 02:11 PM

squall.eu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,
I managed to solve the problem myself :) Unfortunately neither of the programs you have kindly adviced me to try didn't seem to work for me- some of them started (rougekiller, combofix) but after they finished scanning virus was still there. What I did was quite simple, I used Hiren's Boot Cd to boot the computer from diffrent system and then used the tools on the cd to kill malware. TDSS run from cd started with no problem and immediatelly found and cured trojan files sitting in MBR of my main HDD0 system partition. After a restart, I run TDSS again, this time on my normal system and it started fine (for the first time on main system), scanned and haven't found any other threads. Web browsers stoped redirecting the search results and browsing speed is back to normal! Hurray!:) I wish I remember about my Hiren's cd earlier (haven't used it for a while), what a great tool it is, could have saved me a lot of time. It is the simplest way to disable the malicious process and to bypass the virus'es mechanisms of hiding itself and blocking any antimalware software from working.

Anyway I really appreciate your willingness to help me so huge thank you for your time and I hope that my experience will be useful for you.
Greetings.
Matthew
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP