1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Increased Number of data.scr files and Low Memory

Discussion in 'Malware and Virus Removal Archive' started by Paco, 2012/01/20.

Page 1 of 2
  1. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    [Resolved] Increased Number of data.scr files and Low Memory

    Hi.
    I have this problem form a few months. It happened after I formatted my laptop (as I usually do every couple of months).
    But something happens (even after formatting it a couple of times more) and that is I notice a huge drop in speed and numerous errors such as: Your Computer is Low on Memory. Generic Host processes for Win32 has stopped working and also the sound system stops working until I restart it.

    One thing I noticed is that when I open my task manager I find a big number of data.scr files, like here :

    [​IMG]

    I hope it gives some kind of clue ...
    They usually rise up to 100's of data.scr files, but I took this shot at the beginning of the problem..

    Thank you for taking the time to read this, I hope you can help me & Thank you.
     
    Paco,
    #1
  2. 2012/01/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    I can't imagine why you would want to reformat every few months :eek:

     
    PeteC,
    #2


  3. to hide this advert.

  4. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    lol, i like it to be clean :)

    I finished the steps and have the logs, I tried to post it in a new thread and it told me that it was too long (over 55,000) characters.
    Do u need all the scan logs for all 4?

    Thank you for replying .
     
    Paco,
    #3
  5. 2012/01/20
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    An efficient, fully updated antivirus and firewall will achieve that with 99% certainty, plus responsible use of the internet.

    Post the logs in your next post(s) in this thread - split the log(s) over 2 or more posts as necessary.

    Our Malware Analyst requires all the logs requested including Attach.txt for which you should post the contents here - it cannot be attached.
     
    PeteC,
    #4
  6. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.20.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 7.0.6002.18005
    Abu7maid :: ABU7MAID-PC [administrator]

    Protection: Enabled

    1/20/2012 4:49:23 PM
    mbam-log-2012-01-20 (16-49-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 177716
    Time elapsed: 9 minute(s), 54 second(s)

    Memory Processes Detected: 2
    C:\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\cftmon.exe (Trojan.Dropper) -> 5236 -> Delete on reboot.
    C:\Users\Abu7maid\AppData\Local\Temp\svchost.com (Trojan.Dropper) -> 5568 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|User Agent (Trojan.Dropper) -> Data: C:\Users\Abu7maid\AppData\Local\Temp\svchost.com -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HotKey (Trojan.Dropper) -> Data: C:\Users\Abu7maid\Templates\cache\SFCsrvc.pif -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Worm.AutoRun) -> Data: C:\Users\Abu7maid\AppData\Local\Temp\svchost.com -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|run (Worm.AutoRun) -> Data: C:\Users\Abu7maid\AppData\Local\Temp\svchost.com -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Dropper) -> Bad: (C:\Users\Abu7maid\AppData\Local\Temp\svchost.com) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Run (Trojan.Dropper) -> Bad: (C:\Users\Abu7maid\AppData\Local\Temp\svchost.com) Good: () -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 9
    C:\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\cftmon.exe (Trojan.Dropper) -> Delete on reboot.
    C:\Users\Abu7maid\AppData\Local\Temp\svchost.com (Trojan.Dropper) -> Delete on reboot.
    C:\Users\Abu7maid\Templates\cache\SFCsrvc.pif (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Roaming\Help\cliconf.chm (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sndvol32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Local\Temp\scr\Acer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Local\Temp\scr\data.scr (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Local\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\crump.dat (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Abu7maid\AppData\Local\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\Nf2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

    (end)


    -----------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-20 17:37:30
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB4O
    Running: iy2kk04z.exe; Driver: C:\Users\Abu7maid\AppData\Local\Temp\axlyqkod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\drivers\vsmkdrnx.sys The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[5028] kernel32.dll!SetUnhandledExceptionFilter 76D0A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74457817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7445BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7444F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7444E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74488395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7445DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7444FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7444FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7447C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7444D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74446853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7444687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[356] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74452AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74457817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [744AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7445BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7444F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [744575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7444E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74488395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7445DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7444FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7444FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [744471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [744DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7447C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7444D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74446853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7444687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74452AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e29dc0
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26e29dc0 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-20 17:38:54
    -----------------------------
    17:38:54.935 OS Version: Windows 6.0.6002 Service Pack 2
    17:38:54.935 Number of processors: 2 586 0xF0A
    17:38:54.935 ComputerName: ABU7MAID-PC UserName: Abu7maid
    17:38:55.965 Initialize success
    17:39:15.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:39:15.347 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
    17:39:16.221 Disk 0 MBR read successfully
    17:39:16.252 Disk 0 MBR scan
    17:39:16.252 Disk 0 unknown MBR code
    17:39:16.314 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 10000 MB offset 2048
    17:39:16.361 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 69771 MB offset 20482048
    17:39:16.424 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 69782 MB offset 163373056
    17:39:16.486 Disk 0 Partition 4 00 12 Compaq diag NTFS 3072 MB offset 306286592
    17:39:17.266 Disk 0 scanning sectors +312578048
    17:39:17.578 Disk 0 scanning C:\Windows\system32\drivers
    17:39:57.000 Service scanning
    17:39:58.342 Modules scanning
    17:40:54.487 Disk 0 trace - called modules:
    17:40:55.049 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    17:40:55.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85771ac8]
    17:40:55.064 3 CLASSPNP.SYS[883b88b3] -> nt!IofCallDriver -> [0x842807c0]
    17:40:55.080 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8428a030]
    17:40:55.096 Scan finished successfully
    17:41:36.336 Disk 0 MBR has been saved successfully to "C:\Users\Abu7maid\Desktop\MBR.dat "
    17:41:36.352 The log file has been saved successfully to "C:\Users\Abu7maid\Desktop\aswMBR.txt "
     
    Paco,
    #5
  7. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vistaâ„¢ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/7/2011 8:54:57 AM
    System Uptime: 1/20/2012 5:02:49 PM (0 hours ago)
    .
    Motherboard: Acer | | Tahoe
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 68 GiB total, 8.241 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 4.21 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP160: 1/19/2012 12:07:09 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    32 Bit HP CIO Components Installer
    Acer Arcade Deluxe
    Acer Crystal Eye webcam
    Acer eAudio Management
    Acer eDataSecurity Management
    Acer eLock Management
    Acer Empowering Technology
    Acer eNet Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Mobility Center Plug-In
    Acer ScreenSaver
    Acer Tour
    Acer VCM
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.1.0
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Agere Systems HDA Modem
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AV
    Big Kahuna Reef 2
    Bonjour
    Broadcom Gigabit Integrated Controller
    BufferChm
    C3100
    c3100_Help
    Cake Mania
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-Branding
    ccc-core-static
    ccc-utility
    ccCommon
    Complitly
    Connectify
    Copy
    CustomerResearchQFolder
    Destinations
    DeviceManagementQFolder
    DivX Setup
    DocProc
    DocProcQFolder
    Dynasty
    eSupportQFolder
    Fax
    Free Video Flip and Rotate version 1.8.13.908
    Free YouTube Download version 3.0.20.1228
    Freecorder 5
    Freecorder Toolbar
    Galapago
    GoldWave v5.22
    Google Chrome
    Google Update Helper
    Guitar Pro 5.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 2.24
    HP Customer Participation Program 8.0
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) Matrix Storage Manager
    iTunes
    Launch Manager
    LightScribe 1.4.142.1
    LiveUpdate 3.2 (Symantec Corporation)
    Luxor 2
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.6.25)
    MSRedist
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Case Files - Prime Suspects
    Mystery Case Files Ravenhearst
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    NTI Backup NOW! 4.7
    NTI CD & DVD-Maker
    O2Micro Flash Memory Card Reader Driver Installer(x86)
    PDF Settings
    PitchPerfect Uninstall
    PowerProducer 3.72
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SolutionCenter
    SPBBC 32bit
    Star Defender 3
    Status
    Symantec Real Time Storage Protection Component
    SymNet
    Synaptics Pointing Device Driver
    TEFView 2.71
    Toolbox
    TrayApp
    Treasures of the Deep
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.0.5
    WebReg
    WIDCOMM Bluetooth Software 6.0.1.3900
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinRAR 4.10 beta 3 (32-bit)
    WinSoftMEsti
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2012 9:06:57 AM, Error: EventLog [6008] - The previous system shutdown at 9:05:51 AM on 1/20/2012 was unexpected.
    1/20/2012 5:03:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/20/2012 4:10:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.74.32.7 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.76.63.254 (The DHCP Server sent a DHCPNACK message).
    1/20/2012 3:49:58 PM, Error: EventLog [6008] - The previous system shutdown at 3:48:03 PM on 1/20/2012 was unexpected.
    1/20/2012 2:05:45 AM, Error: volsnap [6] - The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory.
    1/20/2012 12:07:44 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:40 AM on 1/20/2012 was unexpected.
    1/19/2012 9:55:53 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\DEFAULT'.
    1/19/2012 9:55:53 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\Abu7maid\ntuser.dat'.
    1/19/2012 8:55:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0016D3E8D045 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/19/2012 8:21:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:20:21 AM on 1/19/2012 was unexpected.
    1/19/2012 4:14:06 PM, Error: EventLog [6008] - The previous system shutdown at 4:09:08 PM on 1/19/2012 was unexpected.
    1/19/2012 11:21:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:20:12 PM on 1/19/2012 was unexpected.
    1/19/2012 10:59:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.66.72.35 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.74.39.254 (The DHCP Server sent a DHCPNACK message).
    1/19/2012 10:55:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.47.40.29 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.66.79.254 (The DHCP Server sent a DHCPNACK message).
    1/18/2012 9:57:11 AM, Error: EventLog [6008] - The previous system shutdown at 9:55:19 AM on 1/18/2012 was unexpected.
    1/18/2012 8:53:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.83.128.52 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.47.47.254 (The DHCP Server sent a DHCPNACK message).
    1/18/2012 4:52:16 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\SOFTWARE'.
    1/18/2012 4:27:26 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00FFB5A4C365. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    1/18/2012 4:27:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.62.96.31 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.88.135.254 (The DHCP Server sent a DHCPNACK message).
    1/18/2012 4:22:43 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    1/18/2012 3:10:53 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    1/18/2012 10:45:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.94.32.10 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.62.103.254 (The DHCP Server sent a DHCPNACK message).
    1/17/2012 1:46:41 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The paging file is too small for this operation to complete.
    1/17/2012 1:46:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1455" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    1/17/2012 1:46:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    1/17/2012 1:46:40 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/17/2012 1:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    1/16/2012 2:39:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    1/16/2012 2:39:00 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/16/2012 2:39:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    1/16/2012 2:25:12 AM, Error: Service Control Manager [7031] - The Symantec AppCore Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/16/2012 11:00:47 PM, Error: PlugPlayManager [12] - The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_1217&DEV_00F7&SUBSYS_012B1025&REV_02\4&6ad4b7a&0&30F0) disappeared from the system without first being prepared for removal.
    1/15/2012 9:01:18 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.81.16.16 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.66.15.254 (The DHCP Server sent a DHCPNACK message).
    1/15/2012 8:30:55 AM, Error: EventLog [6008] - The previous system shutdown at 8:12:41 AM on 1/15/2012 was unexpected.
    1/15/2012 7:59:47 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\Abu7maid\AppData\Local\Microsoft\Windows\UsrClass.dat'.
    1/15/2012 3:06:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.76.112.47 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.82.135.254 (The DHCP Server sent a DHCPNACK message).
    1/15/2012 2:24:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.66.80.43 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.76.119.254 (The DHCP Server sent a DHCPNACK message).
    1/15/2012 10:37:54 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.82.128.8 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.69.63.254 (The DHCP Server sent a DHCPNACK message).
    1/15/2012 10:02:03 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.66.8.14 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.66.87.254 (The DHCP Server sent a DHCPNACK message).
    1/14/2012 9:52:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.47.96.59 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.81.23.254 (The DHCP Server sent a DHCPNACK message).
    1/14/2012 9:49:29 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.74.96.72 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.47.103.254 (The DHCP Server sent a DHCPNACK message).
    1/14/2012 7:03:34 PM, Error: EventLog [6008] - The previous system shutdown at 7:00:53 PM on 1/14/2012 was unexpected.
    1/14/2012 2:45:16 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.74.104.27 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.71.135.254 (The DHCP Server sent a DHCPNACK message).
    1/14/2012 12:07:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/14/2012 12:07:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 12:07:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/14/2012 12:07:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    1/14/2012 12:07:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/14/2012 12:06:50 PM, Error: EventLog [6008] - The previous system shutdown at 12:01:23 PM on 1/14/2012 was unexpected.
    1/14/2012 1:49:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Abu7maid-PC\Abu7maid SID (S-1-5-21-3336766475-2461988827-1827967731-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/13/2012 9:35:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.84.128.26 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.72.15.254 (The DHCP Server sent a DHCPNACK message).
    1/13/2012 9:34:49 AM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).
    1/13/2012 9:34:45 AM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/13/2012 9:15:15 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.97.56.21 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.84.135.254 (The DHCP Server sent a DHCPNACK message).
    1/13/2012 5:15:03 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.90.80.28 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.74.111.254 (The DHCP Server sent a DHCPNACK message).
    1/13/2012 3:03:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2007 suites (KB2596686).
    1/13/2012 2:39:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.39.24.63 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.90.87.254 (The DHCP Server sent a DHCPNACK message).
    1/13/2012 2:37:08 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.72.8.78 for the Network Card with network address 00FFB5A4C365 has been denied by the DHCP server 10.39.31.254 (The DHCP Server sent a DHCPNACK message).
    1/13/2012 11:07:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WLAN AutoConfig service, but this action failed with the following error: An instance of the service is already running.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 11:05:54 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2012 10:59:45 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    .
    ==== End Of File ===========================


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005
    Run by Abu7maid at 17:42:18 on 2012-01-20
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2046.784 [GMT 4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Connectify\ConnectifyService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Program Files\Connectify\ConnectifyD.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
    C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Acer\Acer VCM\VC.exe
    C:\Program Files\Acer\Acer VCM\acp2HID.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Windows\System32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Abu7maid\Downloads\aswMBR.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\abu7maid\appdata\roaming\complitly\Complitly.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Connectify] c:\program files\connectify\Connectify.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [IS CfgWiz] "c:\program files\common files\symantec shared\opc\{31011d49-d90c-4da0-878b-78d28ad507af}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT "
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe "
    mRun: [Acer Tour]
    mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe "
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [eRecoveryService]
    mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe "
    mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\abu7maid\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B5A4C365-59C1-4F0C-AEC6-AAA5D3EA657A} : DhcpNameServer = 10.76.56.1
    TCP: Interfaces\{B853D050-9ADF-44FB-8332-36BC1EAF9EBC} : DhcpNameServer = 192.168.1.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko10.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko5.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko6.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko7.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko8.dll
    FF - component: c:\users\abu7maid\appdata\roaming\mozilla\firefox\profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko9.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Hotspot Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-3 35712]
    R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2011-11-7 13560]
    R2 Connectify;Connectify;c:\program files\connectify\ConnectifyService.exe [2011-12-1 69632]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-11-9 21504]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-20 652872]
    R3 axlyqkod;axlyqkod;C:\axlyqkod.sys [2012-1-20 100864]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-9 179712]
    R3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys [2011-12-25 31344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-20 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-7 135664]
    S3 cnnctfy2;Connectify Service;c:\windows\system32\drivers\cnnctfy2.sys [2011-12-25 31344]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-7 135664]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2007-8-15 202872]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-15 1174152]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-20 13:09:59 100864 ----a-w- C:\axlyqkod.sys
    2012-01-20 13:03:11 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d0e96fb7-451d-42d0-8ae4-7e71d461c4b7}\offreg.dll
    2012-01-20 12:48:03 -------- d-----w- c:\users\abu7maid\appdata\roaming\Malwarebytes
    2012-01-20 12:47:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-20 12:47:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-20 12:47:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-13 11:34:28 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d0e96fb7-451d-42d0-8ae4-7e71d461c4b7}\mpengine.dll
    2012-01-12 23:25:54 -------- d-----w- c:\windows\system32\???Å ??
    2012-01-12 23:25:49 -------- d-----w- c:\windows\system32\???Å ??
    2012-01-12 10:02:24 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-12 10:02:24 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-12 10:02:19 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 10:02:16 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 10:02:12 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-12 10:02:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-12 10:01:36 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-12 10:01:36 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-09 13:49:28 -------- d-----w- c:\program files\GoldWave
    2012-01-06 05:06:30 -------- d-sh--w- C:\found.000
    2012-01-04 16:48:18 -------- d-----w- c:\users\abu7maid\appdata\roaming\DVDVideoSoftIEHelpers
    2011-12-30 18:50:18 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
    2011-12-30 17:45:27 -------- d-----w- c:\program files\TablEdit
    2011-12-28 23:55:34 -------- d-----w- c:\windows\system32\??????
    2011-12-28 23:55:32 -------- d-----w- c:\windows\system32\??????
    2011-12-26 05:12:56 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-12-26 05:12:56 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-12-26 05:12:51 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-12-26 05:12:36 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-12-26 04:50:29 -------- d-----w- c:\windows\system32\??????
    2011-12-26 04:50:23 -------- d-----w- c:\windows\system32\??????
    2011-12-26 04:50:23 -------- d-----w- C:\microsoft
    2011-12-25 18:30:32 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
    2011-12-25 18:30:05 -------- d-----w- c:\programdata\Connectify
    2011-12-25 18:30:03 -------- d-----w- c:\program files\Connectify
    .
    ==================== Find3M ====================
    .
    2012-01-19 20:03:45 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 10:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-09 04:30:43 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-11-09 04:30:29 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-07 05:27:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 17:43:01.18 ===============
     
    Paco,
    #6
  8. 2012/01/20
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
    Admin.,
    #7
  9. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Thanks for the help I really appreciate it.
    The problem stopped when I did the first steps. Computer seemed stable and didn't go back to its previous problems but I continued and ran Combofix just in case it is not 100% clean.

    Here is the log I received:

    ComboFix 12-01-19.02 - Abu7maid 01/21/2012 0:48.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1035 [GMT 4:00]
    Running from: c:\users\Abu7maid\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
    C:\Microsoft
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\crump.dat
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\desktop.ini
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\Nf2.exe
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\reshacker.exe
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\temp.db
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\tmp.db
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\upx.exe
    c:\users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\desktop.ini
    c:\windows\Temp\log.txt
    d:\$recycle.bin\{5F229C11-5039-40E4-8537-6950BB1C9ECC}
    D:\autorun.inf
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-20 20:58 . 2012-01-20 20:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E96FB7-451D-42D0-8AE4-7E71D461C4B7}\offreg.dll
    2012-01-20 20:56 . 2012-01-20 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-20 13:09 . 2012-01-20 13:09 100864 ----a-w- C:\axlyqkod.sys
    2012-01-20 12:48 . 2012-01-20 12:48 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\Malwarebytes
    2012-01-20 12:47 . 2012-01-20 12:47 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-13 11:34 . 2011-11-29 22:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E96FB7-451D-42D0-8AE4-7E71D461C4B7}\mpengine.dll
    2012-01-12 23:25 . 2012-01-12 23:25 -------- d-----w- c:\windows\system32\6AE0~1
    2012-01-12 23:25 . 2012-01-12 23:25 -------- d-----w- c:\windows\system32\6A6F~1
    2012-01-12 10:02 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-12 10:02 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-12 10:02 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 10:02 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 10:02 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-12 10:02 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-12 10:01 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-12 10:01 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-09 13:49 . 2012-01-09 13:49 -------- d-----w- c:\program files\GoldWave
    2012-01-06 05:06 . 2012-01-06 05:06 -------- d-----w- C:\found.000
    2012-01-04 16:48 . 2012-01-04 16:48 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers
    2011-12-30 18:50 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
    2011-12-30 17:45 . 2011-12-30 17:45 -------- d-----w- c:\program files\TablEdit
    2011-12-28 23:55 . 2011-12-28 23:55 -------- d-----w- c:\windows\system32\4FA9~1
    2011-12-28 23:55 . 2011-12-28 23:55 -------- d-----w- c:\windows\system32\4F28~1
    2011-12-26 05:12 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-12-26 05:12 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-12-26 05:12 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-12-26 05:12 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-12-26 04:50 . 2011-12-26 04:50 -------- d-----w- c:\windows\system32\83FF~1
    2011-12-26 04:50 . 2011-12-26 04:50 -------- d-----w- c:\windows\system32\8376~1
    2011-12-24 11:06 . 2012-01-19 15:26 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\dvdcss
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-19 20:03 . 2007-08-15 11:17 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-11-23 13:37 . 2011-12-18 13:02 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 10:29 . 2011-12-18 19:06 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-09 04:30 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-11-09 04:30 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-11-08 14:42 . 2011-12-18 13:01 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-07 05:27 . 2011-11-07 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 14:54 . 2011-12-18 13:06 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01 . 2011-12-18 13:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01 . 2011-12-18 13:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56 . 2011-12-18 13:02 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\Freecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-10 2153472]
    "Acer Tour Reminder "= "c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2011-11-07 394616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
    "IS CfgWiz "= "c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-11-21 46728]
    "osCheck "= "c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
    "PLFSet "= "c:\windows\PLFSet.dll" [2007-04-24 45056]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
    "PlayMovie "= "c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
    "eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
    "eAudio "= "c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
    "WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "TkBellExe "= "c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-11-07 273528]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    "Freecorder FLV Service "= "c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-11-7 1208320]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-15 535336]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-07 05:29]
    .
    2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-07 05:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Hotspot Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath "= "\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5016)
    c:\windows\system32\MsnChatHook.dll
    c:\windows\system32\ShowErrMsg.dll
    c:\windows\system32\sysenv.dll
    c:\windows\system32\BatchCrypto.dll
    c:\windows\system32\CryptoAPI.dll
    c:\windows\system32\keyManager.dll
    c:\users\Abu7maid\AppData\Local\FLVService\lib\FLVSrvLib.dll
    c:\windows\system32\btmmhook.dll
    c:\acer\Empowering Technology\EPOWER\SysHook.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\eDStoolbar.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\program files\Common Files\Symantec Shared\ccL60U.dll
    c:\windows\system32\ActiveToolBand.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Hotspot Shield\bin\hsswd.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\O2Micro Oz128 Driver\o2flash.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conime.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\Launch Manager\LManager.exe
    c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
    c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
    c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Acer\Acer VCM\VC.exe
    c:\program files\Acer\Acer VCM\acp2HID.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-21 01:09:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-20 21:08
    .
    Pre-Run: 9,468,551,168 bytes free
    Post-Run: 9,817,849,856 bytes free
    .
    - - End Of File - - 1C91443A6D6680C863B47FFCEAE4C08C
     
    Paco,
    #9
  11. 2012/01/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's why we run different scans to make sure you're clean.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
C:\axlyqkod.sys

Folder::
c:\windows\system32\8376~1
c:\windows\system32\83FF~1
c:\windows\system32\4F28~1
c:\windows\system32\4FA9~1
c:\windows\system32\6A6F~1
c:\windows\system32\6AE0~1

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring "=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring "=dword:00000000

ClearJavaCache::

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #10
  12. 2012/01/20
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    The problem is that I dragged the CFScript to the Installer file because I didn't find an installed (shortcut) for Combofix.

    I received this log:

    ComboFix 12-01-19.02 - Abu7maid 01/21/2012 9:42.2.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2046.989 [GMT 4:00]
    Running from: c:\users\Abu7maid\Downloads\ComboFix.exe
    Command switches used :: c:\users\Abu7maid\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "C:\axlyqkod.sys "
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\axlyqkod.sys
    c:\windows\system32\4F28~1
    c:\windows\system32\4FA9~1
    c:\windows\system32\6A6F~1
    c:\windows\system32\6AE0~1
    c:\windows\system32\8376~1
    c:\windows\system32\83FF~1
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-21 05:49 . 2012-01-21 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-21 03:18 . 2012-01-21 03:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E96FB7-451D-42D0-8AE4-7E71D461C4B7}\offreg.dll
    2012-01-20 12:48 . 2012-01-20 12:48 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\Malwarebytes
    2012-01-20 12:47 . 2012-01-20 12:47 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-19 18:43 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-19 18:43 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-19 18:43 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-19 18:43 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-19 18:43 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-19 18:43 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-13 11:34 . 2011-11-29 22:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0E96FB7-451D-42D0-8AE4-7E71D461C4B7}\mpengine.dll
    2012-01-12 10:02 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-12 10:02 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-12 10:02 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 10:02 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 10:02 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-12 10:02 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-12 10:01 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-12 10:01 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-09 13:49 . 2012-01-09 13:49 -------- d-----w- c:\program files\GoldWave
    2012-01-06 05:06 . 2012-01-06 05:06 -------- d-----w- C:\found.000
    2012-01-04 16:48 . 2012-01-04 16:48 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers
    2011-12-30 18:50 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
    2011-12-30 17:45 . 2011-12-30 17:45 -------- d-----w- c:\program files\TablEdit
    2011-12-26 05:12 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2011-12-26 05:12 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2011-12-26 05:12 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-12-24 11:06 . 2012-01-19 15:26 -------- d-----w- c:\users\Abu7maid\AppData\Roaming\dvdcss
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-19 20:03 . 2007-08-15 11:17 319456 ----a-w- c:\windows\DIFxAPI.dll
    2011-11-23 13:37 . 2011-12-18 13:02 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 10:29 . 2011-12-18 19:06 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-09 04:30 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-11-09 04:30 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-11-08 14:42 . 2011-12-18 13:01 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-07 05:27 . 2011-11-07 05:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-04 14:54 . 2011-12-18 13:06 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01 . 2011-12-18 13:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01 . 2011-12-18 13:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56 . 2011-12-18 13:02 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\Freecorder\prxtbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612} "= "c:\program files\Freecorder\prxtbFree.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "WindowsWelcomeCenter "= "oobefldr.dll" [2009-04-10 2153472]
    "Acer Tour Reminder "= "c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
    "uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2011-11-07 394616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
    "ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
    "IS CfgWiz "= "c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-11-21 46728]
    "osCheck "= "c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
    "PLFSet "= "c:\windows\PLFSet.dll" [2007-04-24 45056]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
    "PlayMovie "= "c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
    "eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
    "eAudio "= "c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
    "WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "TkBellExe "= "c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-11-07 273528]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    "Freecorder FLV Service "= "c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-11-7 1208320]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-15 535336]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-07 05:29]
    .
    2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-07 05:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
    FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Hotspot Shield Helper (Please allow this installation): afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: Complitly - Speed up your search with your personal search suggestions tool: {33e0daa6-3af3-d8b5-6752-10e949c61516} - %profile%\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-21 09:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002
    .
    CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    user != kernel MBR !!!
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath "= "\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    Completion time: 2012-01-21 09:52:53
    ComboFix-quarantined-files.txt 2012-01-21 05:52
    ComboFix2.txt 2012-01-20 21:09
    .
    Pre-Run: 5,561,520,128 bytes free
    Post-Run: 5,422,166,016 bytes free
    .
    - - End Of File - - C2FBDF609ECC27BC858986BCA98F4A8D
     
    Paco,
    #11
  13. 2012/01/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
    broni,
    #12
  14. 2012/01/21
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
    Boot sector MD5 is: dc220266e2471b59f5999b434294b525

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
    Paco,
    #13
  15. 2012/01/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #14
  16. 2012/01/22
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Hi.
    Thank you for asking and for your help.
    My computer is doing great, I can finally leave it for hours and come back to see its still on the same condition, and not filled with error messages.

    These are the logs I received:
    (THE OTL log was over the limit in terms of characters so I'll split it over two posts
    OTL:
     
    Paco,
    #15
  17. 2012/01/22
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    OTL logfile created on: 1/23/2012 9:08:24 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Abu7maid\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.55% Memory free
    4.94 Gb Paging File | 3.10 Gb Available in Paging File | 62.77% Paging File free
    Paging file location(s): c:\pagefile.sys 3069 3069 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 68.14 Gb Total Space | 11.66 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
    Drive D: | 68.15 Gb Total Space | 4.21 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
    Drive G: | 464.43 Gb Total Space | 155.47 Gb Free Space | 33.48% Space Free | Partition Type: NTFS

    Computer Name: ABU7MAID-PC | User Name: Abu7maid | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/23 09:06:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Abu7maid\Desktop\OTL.exe
    PRC - [2012/01/06 22:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    PRC - [2012/01/05 03:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2012/01/05 03:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2011/11/07 09:41:29 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/11/07 09:19:53 | 000,394,616 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/03/24 10:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2007/08/15 15:32:31 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2007/07/06 11:07:52 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    PRC - [2007/07/04 07:08:30 | 000,834,056 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2007/06/13 16:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
    PRC - [2007/06/13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
    PRC - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    PRC - [2007/06/11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
    PRC - [2007/05/24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
    PRC - [2007/05/10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    PRC - [2007/04/27 14:08:28 | 001,208,320 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    PRC - [2007/04/25 22:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    PRC - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    PRC - [2007/04/25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    PRC - [2007/04/03 11:28:46 | 000,999,424 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer VCM\VC.exe
    PRC - [2007/03/27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer VCM\acp2HID.exe
    PRC - [2007/03/22 00:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/22 00:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    PRC - [2007/02/13 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    PRC - [2007/02/09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2007/01/19 19:51:16 | 000,711,472 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
    PRC - [2006/11/22 00:45:00 | 000,194,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2006/11/22 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2006/11/22 00:44:28 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/11/22 00:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    PRC - [2006/10/05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/11 03:06:15 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
    MOD - [2012/01/11 03:02:55 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b6da684a4289bb2053ab12bbb773e808\System.Data.ni.dll
    MOD - [2011/12/29 03:40:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
    MOD - [2011/12/29 03:38:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/12/29 03:36:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/12/29 03:32:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0d34a2f81f5d945e604ff66c1e64fc72\System.Xml.ni.dll
    MOD - [2011/12/29 03:31:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/12/29 03:27:53 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/12/29 03:27:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/11/07 08:12:58 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2764.39489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2011/11/07 08:12:58 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2764.39718__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2011/11/07 08:12:58 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2764.39446__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:58 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2764.39503__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2011/11/07 08:12:58 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2764.39709__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:58 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2764.39668__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2764.39480__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2011/11/07 08:12:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2764.39502__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2764.39466__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2011/11/07 08:12:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2011/11/07 08:12:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2011/11/07 08:12:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2011/11/07 08:12:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2011/11/07 08:12:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2011/11/07 08:12:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2011/11/07 08:12:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2011/11/07 08:12:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
    MOD - [2011/11/07 08:12:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2011/11/07 08:12:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2011/11/07 08:12:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2011/11/07 08:12:56 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2011/11/07 08:12:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2011/11/07 08:12:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2011/11/07 08:12:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2011/11/07 08:12:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2011/11/07 08:12:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2011/11/07 08:12:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2011/11/07 08:12:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2011/11/07 08:12:45 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2764.39730__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2011/11/07 08:12:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2764.39729__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2011/11/07 08:12:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2764.39776__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2011/11/07 08:12:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2011/11/07 08:12:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2011/11/07 08:12:45 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2764.39436__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2011/11/07 08:12:44 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2764.39475__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2011/11/07 08:12:44 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2764.39723__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2011/11/07 08:12:44 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2764.39438__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2011/11/07 08:12:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2011/11/07 08:12:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2011/11/07 08:12:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2011/11/07 08:12:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2011/11/07 08:12:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2764.39730__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2011/11/07 08:12:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2011/11/07 08:12:42 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2764.39438__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2011/11/07 08:12:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2764.39437__90ba9c70f846762e\APM.Server.dll
    MOD - [2011/11/07 08:12:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2764.39436__90ba9c70f846762e\AEM.Server.dll
    MOD - [2011/11/07 08:12:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2011/11/05 18:28:07 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/03/29 21:42:20 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    MOD - [2009/03/29 21:42:20 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2009/03/29 21:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2007/07/28 11:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2007/06/13 16:56:36 | 000,249,856 | R--- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
    MOD - [2007/06/11 14:54:18 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
    MOD - [2007/05/10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
    MOD - [2007/05/10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
    MOD - [2007/05/10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
    MOD - [2007/05/10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
    MOD - [2007/04/25 22:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
    MOD - [2007/04/25 22:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
    MOD - [2007/04/25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
    MOD - [2007/04/25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
    MOD - [2007/04/11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
    MOD - [2007/03/22 16:30:30 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2007/03/14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
    MOD - [2007/03/02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    MOD - [2007/02/13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2007/02/07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
    MOD - [2007/01/19 19:39:14 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/01/19 19:11:16 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
    MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    MOD - [2006/11/22 00:41:44 | 000,009,376 | ---- | M] () -- c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
    MOD - [2006/10/16 15:51:18 | 000,618,496 | ---- | M] () -- C:\Program Files\Acer\Acer VCM\AcerControl.dll
    MOD - [2003/06/08 01:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/06 22:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2012/01/06 22:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2012/01/05 03:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2012/01/05 03:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2011/11/07 16:28:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/15 15:32:31 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2007/06/13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
    SRV - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
    SRV - [2007/05/10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
    SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/03/22 00:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
    SRV - [2007/02/13 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
    SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
    SRV - [2006/11/22 00:45:00 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2006/11/22 00:45:00 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2006/11/22 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2006/11/22 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2006/11/22 00:44:32 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2006/11/22 00:43:42 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
    SRV - [2006/11/22 00:42:52 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2006/11/22 00:42:12 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
    SRV - [2006/10/05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/26 21:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2011/03/01 01:36:54 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
    DRV - [2007/08/15 15:34:06 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2007/07/28 11:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/04/30 18:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/04/03 21:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
    DRV - [2007/04/03 03:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
    DRV - [2007/03/10 00:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/03/02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2007/02/07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2006/11/22 00:45:42 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2006/11/22 00:45:42 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2006/11/22 00:45:42 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2006/11/22 00:45:36 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2006/11/22 00:44:14 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
    DRV - [2006/11/22 00:44:12 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
    DRV - [2006/11/22 00:44:10 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2006/11/22 00:42:22 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
    DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
    DRV - [2006/11/02 11:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2006/11/02 11:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/11/02 11:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} "
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.9.0.3
    FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
    FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:2.0
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
    FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q= "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/07 09:41:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/25 07:00:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 20:03:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 20:03:48 | 000,000,000 | ---D | M]

    [2011/11/07 09:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Extensions
    [2012/01/22 16:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\extensions
    [2012/01/15 08:33:24 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    [2011/12/16 22:04:18 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/01/04 20:48:34 | 000,000,000 | ---D | M] ( "Free YouTube Download (Free Studio) Menu ") -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/01/15 08:33:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/12/15 11:26:10 | 000,000,923 | ---- | M] () -- C:\Users\Abu7maid\AppData\Roaming\Mozilla\Firefox\Profiles\o1assjpg.default\searchplugins\conduit.xml
    [2012/01/21 13:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/21 13:23:08 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
    [2011/11/25 07:00:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2011/11/07 09:41:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2011/12/28 03:12:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Complitly plugin for chrome = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Abu7maid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/01/21 09:49:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Abu7maid\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
    O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E48494-8AD5-4F5F-BD84-9152D0A34021}: DhcpNameServer = 10.47.40.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B853D050-9ADF-44FB-8332-36BC1EAF9EBC}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER03.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER03.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2011/10/02 15:34:56 | 000,000,288 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
     
    Paco,
    #16
  18. 2012/01/22
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/23 09:07:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Abu7maid\Desktop\OTL.exe
    [2012/01/22 09:29:16 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Abu7maid\Desktop\boot_cleaner.exe
    [2012/01/21 13:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
    [2012/01/21 13:23:21 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
    [2012/01/21 13:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
    [2012/01/21 13:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
    [2012/01/21 09:52:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/21 09:52:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/21 09:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/21 09:41:18 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/01/21 00:46:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/21 00:46:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/21 00:45:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/21 00:45:52 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/20 16:48:03 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\AppData\Roaming\Malwarebytes
    [2012/01/20 16:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/20 16:46:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Abu7maid\Desktop\dds.scr
    [2012/01/10 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\Documents\MGT360
    [2012/01/09 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldWave
    [2012/01/09 17:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoldWave
    [2012/01/09 17:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
    [2012/01/06 09:06:30 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/01/04 21:40:05 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\Documents\TRA
    [2012/01/04 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012/01/02 17:54:35 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\Documents\deli
    [2011/12/30 21:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TablEdit
    [2011/12/30 21:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\TablEdit
    [2011/12/24 15:06:29 | 000,000,000 | ---D | C] -- C:\Users\Abu7maid\AppData\Roaming\dvdcss
    [2011/11/07 08:54:12 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2011/11/07 08:54:12 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2011/11/07 08:54:12 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
    [2011/11/07 08:32:07 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
    [2007/08/15 15:48:13 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/23 09:06:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Abu7maid\Desktop\OTL.exe
    [2012/01/23 08:39:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/23 07:21:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/23 07:21:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/22 16:27:38 | 000,189,952 | ---- | M] () -- C:\Users\Abu7maid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/22 14:50:31 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/22 14:50:31 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/22 09:45:49 | 000,039,821 | ---- | M] () -- C:\Users\Abu7maid\Desktop\PacoPortrait2.jpg
    [2012/01/22 09:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/21 13:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/21 13:21:26 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/21 13:19:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/01/21 09:49:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/01/20 17:41:36 | 000,000,512 | ---- | M] () -- C:\Users\Abu7maid\Desktop\MBR.dat
    [2012/01/20 16:46:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Abu7maid\Desktop\dds.scr
    [2012/01/15 08:30:41 | 250,863,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/01/05 23:37:58 | 733,778,996 | ---- | M] () -- C:\Users\Abu7maid\Desktop\the.bachelor.s16e01.hdtv.xvid-2hd.avi
    [2012/01/02 15:17:20 | 000,007,484 | ---- | M] () -- C:\Users\Abu7maid\AppData\Local\d3d9caps.dat
    [2012/01/01 20:07:33 | 001,737,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/25 01:23:41 | 000,049,293 | ---- | M] () -- C:\Users\Abu7maid\Desktop\c41f745e-01a6-4add-9ce4-449c05661c74.jpg

    ========== Files Created - No Company Name ==========

    [2012/01/22 09:45:47 | 000,039,821 | ---- | C] () -- C:\Users\Abu7maid\Desktop\PacoPortrait2.jpg
    [2012/01/21 00:46:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/21 00:46:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/21 00:46:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/21 00:46:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/21 00:46:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/20 17:41:36 | 000,000,512 | ---- | C] () -- C:\Users\Abu7maid\Desktop\MBR.dat
    [2012/01/20 00:04:19 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
    [2012/01/03 23:10:58 | 733,778,996 | ---- | C] () -- C:\Users\Abu7maid\Desktop\the.bachelor.s16e01.hdtv.xvid-2hd.avi
    [2011/12/25 01:23:37 | 000,049,293 | ---- | C] () -- C:\Users\Abu7maid\Desktop\c41f745e-01a6-4add-9ce4-449c05661c74.jpg
    [2011/12/21 08:24:01 | 000,007,484 | ---- | C] () -- C:\Users\Abu7maid\AppData\Local\d3d9caps.dat
    [2011/11/11 20:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2011/11/10 12:50:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/11/10 12:49:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/11/10 12:49:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/11/08 06:16:30 | 000,130,234 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
    [2011/11/08 06:16:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
    [2011/11/08 06:16:20 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
    [2011/11/08 05:56:21 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
    [2011/11/07 19:49:07 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2011/11/07 19:48:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2011/11/07 19:48:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2011/11/07 19:48:55 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/11/07 09:14:02 | 000,189,952 | ---- | C] () -- C:\Users\Abu7maid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/07 08:54:12 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2011/11/07 08:53:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2011/11/07 08:32:54 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
    [2011/11/07 08:32:54 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
    [2011/11/07 08:32:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
    [2011/11/07 08:31:31 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
    [2007/08/15 19:57:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
    [2007/08/15 15:48:11 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
    [2007/08/14 15:11:08 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2007/08/14 15:11:08 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2007/08/14 15:11:08 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
    [2007/04/25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
    [2007/04/25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
    [2007/04/25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
    [2007/04/25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
    [2007/04/25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
    [2007/04/25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
    [2007/01/19 19:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
    [2006/11/13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
    [2006/11/02 16:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 16:47:37 | 001,737,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 16:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 14:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 14:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 14:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 14:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 14:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 14:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 12:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 12:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 11:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 11:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/12/27 02:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [2001/09/04 09:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/31 02:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 08:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2011/11/07 08:39:22 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\Acer
    [2011/12/16 22:04:17 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\Complitly
    [2012/01/04 20:49:02 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\DVDVideoSoft
    [2012/01/04 20:48:18 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/12/15 07:56:59 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\Image Zone Express
    [2011/12/15 07:56:59 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\Printer Info Cache
    [2012/01/23 09:12:01 | 000,000,000 | ---D | M] -- C:\Users\Abu7maid\AppData\Roaming\uTorrent
    [2012/01/21 13:19:36 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/11/07 08:29:46 | 000,003,380 | ---- | M] () -- C:\-20111107.log
    [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/11 11:41:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/01/21 09:52:53 | 000,013,099 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/19 01:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/01/21 13:21:26 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
    [2005/08/16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
    [2006/11/30 11:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss
    [2011/11/07 08:22:48 | 000,000,020 | ---- | M] () -- C:\Medion.ini
    [2012/01/21 13:20:51 | 3218,079,744 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/07 08:16:41 | 000,000,058 | ---- | M] () -- C:\Partition.txt
    [2007/09/03 23:32:04 | 000,002,976 | -HS- | M] () -- C:\Patch.rev
    [2007/08/15 17:47:39 | 000,000,134 | RHS- | M] () -- C:\preload.rev
    [2011/11/07 08:33:39 | 001,678,146 | ---- | M] () -- C:\vcredist_x86.log
    [2007/08/14 15:11:13 | 000,000,004 | ---- | M] () -- C:\wps.dat

    < %systemroot%\Fonts\*.com >
    [2006/11/02 16:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 16:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 16:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/11/10 13:00:50 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 01:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
    [2006/11/02 16:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/27 06:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/11/09 08:59:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 14:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 14:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 14:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 14:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 14:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/10 13:21:22 | 000,000,221 | -HS- | M] () -- C:\Users\Abu7maid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 07:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Abu7maid\Desktop\boot_cleaner.exe
    [2012/01/23 09:06:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Abu7maid\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/07 08:08:36 | 000,000,402 | -HS- | M] () -- C:\Users\Abu7maid\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/17 00:09:25 | 000,001,634 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Abu7maid\Desktop\the.bachelor.s16e01.hdtv.xvid-2hd.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Abu7maid\Desktop\revenge.108.hdtv-lol.avi:TOC.WMV

    < End of report >
     
    Paco,
    #17
  19. 2012/01/22
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Extras:

    OTL Extras logfile created on: 1/23/2012 9:08:24 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Abu7maid\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.55% Memory free
    4.94 Gb Paging File | 3.10 Gb Available in Paging File | 62.77% Paging File free
    Paging file location(s): c:\pagefile.sys 3069 3069 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 68.14 Gb Total Space | 11.66 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
    Drive D: | 68.15 Gb Total Space | 4.21 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
    Drive G: | 464.43 Gb Total Space | 155.47 Gb Free Space | 33.48% Space Free | Partition Type: NTFS

    Computer Name: ABU7MAID-PC | User Name: Abu7maid | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C7B7F4E-9E23-46F6-A518-27E728545A10}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{64FACA0E-42A9-4AD5-9F19-B8C169449896}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{CE45D897-F31B-410F-A1C3-29B471208230}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{157188A3-532F-4E14-8828-155E6CBB3833}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{27481C32-E48C-4FAC-9E6C-64CD8845F438}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{2A5217BB-0B42-4B0B-82DE-B22A138BAB0F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{362C7C0D-8304-415F-B498-3E47ADDDD698}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
    "{38EC29A3-D3F7-4DD1-849C-5E338FB1AECB}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
    "{41C6D994-1161-456D-8BB1-65C36E901880}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{46376ED6-55CF-44E9-BC53-1AAF6AE474F5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
    "{684BCE73-5709-4D33-B6FE-E8A63DB03E78}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{7A17D011-219D-443E-B019-2E478AA22870}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
    "{7C91A58B-2DEF-426E-B359-7DC0C58C3147}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
    "{816CA72F-7A9C-446B-AB11-70DD25F7F1DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9DD5A2B1-E4D8-4FB2-9F30-E9FB7BD2B023}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
    "{AAE534F9-E429-4DDA-95F5-30DD94239DAB}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{B830056A-5832-4922-A3DB-17E98D77331A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{CF428810-4CC9-429B-B2CC-6FE05973D530}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{DE497244-B90A-4012-858D-29AE5C318F92}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{DFB55317-9717-4FDF-9444-948E7407B5B5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
    "{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
    "{14A5537C-3F8F-4681-A741-138D8515B8CC}" = Adobe Setup
    "{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
    "{1FFB45AE-120B-4A9D-A914-BE466C6BBB0A}" = WinSoftMEsti
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
    "{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
    "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
    "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
    "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
    "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
    "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
    "{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
    "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
    "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
    "{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
    "{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
    "{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
    "{7678C8F6-1EEE-4832-8E22-199B01333ECC}" = Adobe Photoshop CS3
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
    "{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
    "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F968571-D33F-1E3E-222A-676AF9AAAA11}" = ATI Catalyst Install Manager
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
    "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
    "{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
    "{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
    "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
    "{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
    "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
    "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
    "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
    "{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
    "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
    "{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_f6203f42fc049f762bd88baa6920a29" = Adobe Photoshop CS3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "DivX Setup" = DivX Setup
    "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.908
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
    "Freecorder Toolbar" = Freecorder Toolbar
    "Freecorder5.1" = Freecorder 5
    "GoldWave v5.22" = GoldWave v5.22
    "Google Chrome" = Google Chrome
    "GridVista" = Acer GridVista
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HotspotShield" = Hotspot Shield 2.24
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "LManager" = Launch Manager
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "PitchPerfect" = PitchPerfect Uninstall
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RealPlayer 12.0" = RealPlayer
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TEFView_is1" = TEFView 2.71
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
    Paco,
    #18
  20. 2012/01/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
@Alternate Data Stream - 64 bytes -> C:\Users\Abu7maid\Desktop\the.bachelor.s16e01.hdtv.xvid-2hd.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Abu7maid\Desktop\revenge.108.hdtv-lol.avi:TOC.WMV

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #19
  21. 2012/01/24
    Paco

    Paco Inactive Thread Starter

    Joined:
    2012/01/20
    Messages:
    17
    Likes Received:
    0
    Hi again.
    OTL:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    ADS C:\Users\Abu7maid\Desktop\the.bachelor.s16e01.hdtv.xvid-2hd.avi:TOC.WMV deleted successfully.
    ADS C:\Users\Abu7maid\Desktop\revenge.108.hdtv-lol.avi:TOC.WMV deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Abu7maid
    ->Temp folder emptied: 196124223 bytes
    ->Temporary Internet Files folder emptied: 191116717 bytes
    ->FireFox cache emptied: 111540688 bytes
    ->Google Chrome cache emptied: 24594095 bytes
    ->Flash cache emptied: 87806 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6725771 bytes
    RecycleBin emptied: 638558 bytes

    Total Files Cleaned = 506.00 mb


    [EMPTYJAVA]

    User: Abu7maid

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Abu7maid
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01242012_091239

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    -----------------

    Checkup:

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Norton AntiVirus
    Norton Internet Security (Symantec Corporation)
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player 11.0.1.152
    Mozilla Firefox (3.6.25) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Norton ccSvcHst.exe
    Empowering Technology eSettings Service capuserv.exe
    ``````````End of Log````````````


    ---------------------------------------

    FSS:

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Abu7maid (administrator) on 24-01-2012 at 09:26:17
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2011-11-10 12:51] - [2009-04-10 23:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2011-11-10 12:50] - [2009-04-10 23:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    -----------------------------------

    ESET:

    C:\Qoobox\Quarantine\C\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\crump.dat.vir Win32/Autoit.NIB trojan deleted - quarantined
    C:\Qoobox\Quarantine\C\Users\Abu7maid\AppData\Roaming\Microsoft\Windows\Templates\cache\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\Nf2.exe.vir probably a variant of Win32/AutoRun.Autoit.BU worm deleted - quarantined
    C:\Qoobox\Quarantine\D\autorun.inf.vir Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    D:\Thumbs.db Win32/Autoit.NIB trojan deleted - quarantined
    D:\Backup20112\Stuff\SoftonicDownloader_for_youtube-downloader-hd.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    D:\Nero-UltraEdition-8.3.6.0\Nero-8.3.6.0.exe multiple threats deleted - quarantined
    D:\VLC Media Player 0.9.2 NEW RELEASE! (September 15th 2008)\vlc-0.9.2-win32.exe a variant of Win32/TrojanDownloader.FakeAlert.JI trojan deleted - quarantined
    F:\Thumbs.db Win32/Autoit.NIB trojan deleted - quarantined
    F:\autorun.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\crump.dat Win32/Autoit.NIB trojan deleted - quarantined
    F:\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\Nf2.exe probably a variant of Win32/AutoRun.Autoit.BU worm deleted - quarantined
    F:\Programs\Uniblue PowerSuite.zip a variant of Win32/UbSpyEraser application deleted - quarantined
    F:\Programs\Ahead.Nero.v8.3.2.1.Incl.Keymaker-EMBRACE\Nero-8.3.2.1_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
    F:\Programs\Uniblue Powersuite\powersuite.exe a variant of Win32/UbSpyEraser application deleted - quarantined
    F:\Programs\Hide IP Platinum 3.5 And Keygen (New Version)\keygen.exe probably a variant of Win32/Agent.KGCDPQN trojan cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP98\A0031571.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP104\A0039325.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP104\A0039326.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP105\A0040359.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP105\A0041483.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP108\A0042705.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP111\A0051867.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP116\A0057424.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP119\A0058502.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\System Volume Information\_restore{0E777E65-88DC-45E0-B535-95CB302592B8}\RP460\A0096687.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    F:\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\crack&keygen.backup rar.rar probably a variant of Win32/Agent.BCOVDCM trojan deleted - quarantined
    F:\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\SonyVegasProCRACK.exe probably a variant of Win32/Agent.BCOVDCM trojan cleaned by deleting - quarantined
    G:\autorun.inf Win32/AutoRun.VB.DU worm cleaned by deleting - quarantined
    G:\Thumbs.db Win32/Autoit.NIB trojan deleted - quarantined
     
    Paco,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...