Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Check

Started by eriol8 , Oct 05 2012 03:00 AM

  • Please log in to reply

#1
eriol8
Posted 05 October 2012 - 03:00 AM

eriol8

    Member

  • Member
  • PipPipPip
  • 221 posts
Hey there, can you do a malware check for my computer?

These are the logs,

OTL logfile created on: 10/5/2012 4:48:16 PM - Run 2
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Fabian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.74 Gb Total Physical Memory | 0.50 Gb Available Physical Memory | 28.65% Memory free
3.48 Gb Paging File | 2.07 Gb Available in Paging File | 59.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.45 Gb Total Space | 162.80 Gb Free Space | 72.21% Space Free | Partition Type: NTFS
Drive D: | 226.21 Gb Total Space | 108.52 Gb Free Space | 47.98% Space Free | Partition Type: NTFS
Drive E: | 1.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/05 16:41:46 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Downloads\OTL.exe
PRC - [2012/10/04 21:08:02 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/03 18:44:09 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/01 11:38:56 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2010/08/10 17:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/10 17:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/10 17:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/29 07:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/06/29 07:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/04/14 01:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/14 01:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/05 11:44:09 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11130592f022b933435e4d63b0c87e85\IAStorUtil.ni.dll
MOD - [2012/10/05 10:15:47 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a0b35ba07be52485fdb6f36c2b1f880a\System.Web.ni.dll
MOD - [2012/10/05 10:15:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012/10/05 10:15:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012/10/05 10:14:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012/10/05 10:14:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012/10/05 10:14:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012/10/05 10:14:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012/10/05 10:14:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012/10/05 10:13:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2012/10/04 21:08:01 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/03 18:44:08 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012/07/18 04:02:20 | 000,970,240 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/29 07:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 14:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/28 03:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/26 01:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/06/12 06:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/03 04:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/04 21:08:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:58:37 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/01 11:38:54 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/04/06 06:56:00 | 004,065,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/02/17 03:22:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 17:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/29 07:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/14 01:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 14:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 14:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/07/06 16:20:43 | 000,031,880 | ---- | M] (CSII) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PECKP_x64.SYS -- (PECKbdProtector)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/22 09:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/09 11:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/26 01:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/26 01:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/26 01:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/26 01:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/26 01:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/21 17:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/04 03:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/15 21:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/04/20 10:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/14 01:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/13 18:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/03 04:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/18 15:20:00 | 000,180,280 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/12 14:37:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2008/03/13 15:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/09/12 09:56:50 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2006/03/26 20:24:03 | 000,069,120 | ---- | M] (Protection Technology (StarForce)) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2006/03/13 17:38:53 | 000,007,168 | ---- | M] (Protection Technology (StarForce)) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2011/11/28 22:01:50 | 000,040,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys -- (wolf)
DRV - [2011/07/05 15:46:58 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\izxjzt.sys -- (xctnhy)
DRV - [2011/07/05 15:42:03 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\iedwoq.sys -- (vtnga)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/12/31 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.sg"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.0
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.2
FF - prefs.js..extensions.enabledAddons: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:13.0.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/09/16 15:30:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/04 21:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/05 14:19:04 | 000,000,000 | ---D | M]

[2011/04/02 16:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions
[2012/10/04 17:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions
[2012/10/03 17:50:16 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\[email protected]
[2012/10/03 17:50:18 | 000,340,018 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2011/04/17 11:58:28 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012/10/03 17:31:15 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/03 17:50:18 | 000,030,312 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\nmtbhh2u.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/10/04 21:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/04 21:12:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/04 21:08:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/15 20:20:18 | 001,034,544 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/10/04 21:07:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/04 21:07:59 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Fabian\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\Fabian\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\Fabian\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Fabian\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Fabian\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: psbc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FB08F1E-ADB8-4482-AB0D-EFF17928CF38}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 00:49:19 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/09/23 05:52:11 | 000,039,400 | R--- | M] (Firefly Studios) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/03/14 23:30:41 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3142511a-9410-11e0-b621-1c7508ca76ce}\Shell - "" = AutoRun
O33 - MountPoints2\{3142511a-9410-11e0-b621-1c7508ca76ce}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b3d61633-39fd-11e0-bd97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b3d61633-39fd-11e0-bd97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/09/23 05:52:11 | 000,039,400 | R--- | M] (Firefly Studios)
O33 - MountPoints2\{eb6c43c9-b1c7-11e0-a4f0-1c7508ca76ce}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6c43c9-b1c7-11e0-a4f0-1c7508ca76ce}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{eb6c43cb-b1c7-11e0-a4f0-1c7508ca76ce}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6c43cb-b1c7-11e0-a4f0-1c7508ca76ce}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{eb6c43d1-b1c7-11e0-a4f0-1c7508ca76ce}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6c43d1-b1c7-11e0-a4f0-1c7508ca76ce}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{f4e9ab03-c263-11e0-918f-1c7508ca76ce}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e9ab03-c263-11e0-918f-1c7508ca76ce}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/05 16:22:20 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/05 16:12:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/10/05 15:30:45 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012/10/05 14:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/10/05 14:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2012/10/05 10:03:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/04 23:56:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/10/04 23:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/04 23:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/04 21:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/04 17:11:13 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\.techniclauncher
[2012/10/03 18:45:07 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Macromedia
[2012/10/03 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/03 18:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/03 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/03 18:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/03 18:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/03 17:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/03 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/03 17:48:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Logishrd
[2012/10/03 17:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/09/17 22:22:41 | 000,945,120 | ---- | C] (techPowerUp (www.techpowerup.com)) -- C:\Users\Fabian\GPU-Z.0.5.5(1).exe

========== Files - Modified Within 30 Days ==========

[2012/10/05 16:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 16:44:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 16:43:26 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/05 16:43:26 | 000,629,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/05 16:43:26 | 000,111,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/05 16:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 16:36:45 | 1401,978,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 15:35:04 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012/10/05 15:34:38 | 000,002,256 | ---- | M] () -- C:\Users\Public\Desktop\Play Stronghold Legends.lnk
[2012/10/05 14:34:00 | 000,000,460 | ---- | M] () -- C:\Fabian © - Shortcut.lnk
[2012/10/05 14:13:31 | 000,001,085 | ---- | M] () -- C:\Users\Fabian\Desktop\SpywareBlaster.lnk
[2012/10/05 10:13:22 | 000,275,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/05 10:04:07 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/04 18:14:05 | 002,068,462 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/10/04 17:11:18 | 000,000,336 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2012/10/04 17:06:34 | 000,248,488 | ---- | M] () -- C:\Users\Fabian\Desktop\Capture4.JPG
[2012/10/04 16:37:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 18:54:56 | 022,612,184 | ---- | M] () -- C:\Users\Fabian\Documents\clip0033.avi
[2012/10/03 18:32:35 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/03 17:42:01 | 000,000,992 | ---- | M] () -- C:\Users\Fabian\Core Temp.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/05 15:34:38 | 000,002,256 | ---- | C] () -- C:\Users\Public\Desktop\Play Stronghold Legends.lnk
[2012/10/05 14:34:00 | 000,000,460 | ---- | C] () -- C:\Fabian © - Shortcut.lnk
[2012/10/05 14:13:31 | 000,001,085 | ---- | C] () -- C:\Users\Fabian\Desktop\SpywareBlaster.lnk
[2012/10/04 17:06:31 | 000,248,488 | ---- | C] () -- C:\Users\Fabian\Desktop\Capture4.JPG
[2012/10/04 16:37:58 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 18:54:48 | 022,612,184 | ---- | C] () -- C:\Users\Fabian\Documents\clip0033.avi
[2012/10/03 18:32:35 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/21 12:09:07 | 000,000,844 | ---- | C] () -- C:\Users\Fabian\.recently-used.xbel
[2011/10/26 21:04:22 | 000,111,846 | ---- | C] () -- C:\Users\Fabian\link_to.jpg
[2011/10/23 17:53:43 | 000,216,160 | ---- | C] () -- C:\Users\Fabian\Capture5.JPG
[2011/10/23 17:49:54 | 000,207,684 | ---- | C] () -- C:\Users\Fabian\Capture4.JPG
[2011/10/23 00:23:58 | 000,252,578 | ---- | C] () -- C:\Users\Fabian\Capture3.JPG
[2011/10/22 23:06:57 | 000,180,343 | ---- | C] () -- C:\Users\Fabian\Capture2 (2).JPG
[2011/10/22 23:05:44 | 000,171,866 | ---- | C] () -- C:\Users\Fabian\Capture (5).JPG
[2011/10/21 00:06:47 | 000,310,635 | ---- | C] () -- C:\Users\Fabian\Capture (4).JPG
[2011/10/19 11:03:01 | 000,001,789 | ---- | C] () -- C:\Users\Fabian\iTunes (2).lnk
[2011/10/18 13:49:29 | 000,253,238 | ---- | C] () -- C:\Users\Fabian\astroborat.JPG
[2011/10/18 13:48:52 | 000,214,400 | ---- | C] () -- C:\Users\Fabian\Xiaotinton.JPG
[2011/10/16 21:20:17 | 000,139,015 | ---- | C] () -- C:\Users\Fabian\Capture (3).JPG
[2011/10/15 23:04:24 | 000,082,589 | ---- | C] () -- C:\Users\Fabian\Capture2.JPG
[2011/10/09 14:20:46 | 000,000,992 | ---- | C] () -- C:\Users\Fabian\Core Temp.lnk
[2011/09/24 22:36:03 | 000,087,056 | ---- | C] () -- C:\Users\Fabian\Capture (2).JPG
[2011/09/19 17:11:12 | 000,232,466 | ---- | C] () -- C:\Users\Fabian\Capture.JPG
[2011/09/16 15:30:14 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/09/07 12:07:35 | 000,001,789 | ---- | C] () -- C:\Users\Fabian\iTunes.lnk
[2011/08/09 12:56:56 | 000,000,287 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/07/29 14:09:47 | 000,000,336 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011/07/05 16:14:56 | 000,000,632 | RHS- | C] () -- C:\Users\Fabian\ntuser.pol
[2011/07/05 15:46:58 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\izxjzt.sys
[2011/07/05 15:42:02 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\iedwoq.sys
[2011/06/18 23:21:25 | 000,000,269 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/04 14:07:19 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/26 16:41:00 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 19:35:55 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/24 17:59:41 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/24 17:59:41 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/24 17:59:41 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/23 14:24:09 | 000,001,219 | ---- | C] () -- C:\Users\Fabian\FlashGet 3.7.lnk
[2011/04/15 16:03:43 | 000,000,923 | ---- | C] () -- C:\Users\Fabian\Steam.lnk
[2011/04/02 18:37:18 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2011/04/02 18:37:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/04/02 16:23:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/17 23:24:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/17 23:23:53 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/17 23:16:18 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/17 23:16:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/17 23:16:18 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/17 23:16:18 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/17 23:16:15 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/10 17:53:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft
[2012/10/04 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.techniclauncher
[2011/08/04 23:16:06 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BitComet
[2011/05/01 10:11:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BitCometLite
[2012/10/04 17:11:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BITS
[2011/04/03 22:22:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FlashGet
[2011/04/07 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FlashGetBHO
[2011/12/21 12:09:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2011/08/28 11:35:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ijjigame
[2012/10/04 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Lead
[2011/07/31 18:37:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2011/09/16 13:52:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ManyCam
[2011/06/18 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\NoNameScript
[2011/04/26 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera
[2011/10/14 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PCToolsFirewallPlus
[2011/09/17 22:39:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PPStream
[2011/09/16 13:59:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\scar5
[2012/10/03 23:58:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SoftGrid Client
[2011/05/10 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SystemRequirementsLab
[2011/09/08 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TP
[2011/06/25 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C31F31E6
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP