1. No problems executing the instructions.
2.
OTM scan output.All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
C:\Users\@k3yM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\175c55de-445e2d3e moved successfully.
D:\Documents and Settings\installer\BugdoctorSetup.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\G. Chinese Software and Translator Tools\Babylon Pro 6 R32+Add-Ons\babylon.pro.6.xx-patch.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\I. Internet Tools\FlashGet v1.72\KEYGEN.EXE moved successfully.
C:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe moved successfully.
C:\Users\@k3yM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\32931bd7-210d3b54 moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\D. Burning Tools\Alcohol 120% v1.9.6.3923\alcohol120 1_9_5_3823.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\I. Internet Tools\MIRC 6.17\mirc617.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\I. Internet Tools\RaidenFTPD 2.4.2065\raidenftpd2.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\J. Multimedia Converter Tools\Magic DVD Ripper 4.1+ key\Magic DVD Ripper 4.1.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\K. Gaming and Virtual Tools\DAEMON Tools v4.03 X64\daemon403-x64.exe moved successfully.
D:\Documents and Settings\installer\msoff\! INSTALLER !\K. Gaming and Virtual Tools\DAEMON Tools v4.03 X86\daemon403-x86.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: @k3yM
->Temp folder emptied: 296994 bytes
->Temporary Internet Files folder emptied: 11190109 bytes
->Java cache emptied: 56476994 bytes
->FireFox cache emptied: 36383156 bytes
->Flash cache emptied: 251092 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12616 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100.00 mb
OTM by OldTimer - Version 3.1.12.2 log created on 06122010_164818
Files moved on Reboot...
File C:\Windows\temp\mcmsc_3n7eaRrEj5yJhxk not found!
File C:\Windows\temp\mcmsc_d2rFZjwb9neYUPJ not found!
C:\Windows\temp\sqlite_Bt5iZ77xyxMK5pi moved successfully.
C:\Windows\temp\sqlite_ML9DEqGjJMXX0xJ moved successfully.
Registry entries deleted on Reboot...
3.
MBAM scan results (no infection found)Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.orgDatabase version: 4192
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/12/2010 7:42:04 PM
mbam-log-2010-06-12 (19-42-04).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 290748
Time elapsed: 2 hour(s), 44 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
4.
Panda Active scan results.;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-06-12 23:57:34
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 5
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@tradedoubler[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@tribalfusion[3].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@mediaplex[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@linksynergy[2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@entrepreneur[2].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@gostats[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@azjmp[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@counter.hitslink[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@www.burstbeacon[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[7].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[8].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[5].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[6].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[4].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[9].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[9].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[8].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[7].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[5].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[4].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@zedo[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\low\@k3ym@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@target[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@ads.addynamix[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No c:\users\@k3ym\appdata\roaming\microsoft\windows\cookies\@k3ym@enhance[1].txt
03587590 Adware/Yassist Adware No 0 No No d:\documents and settings\installer\divxbundle.exe[²çç\y_toolbar.exe][²èç]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\_otm\movedfiles\06122010_164818\d_documents and settings\installer\msoff\! installer !\g. chinese software and translator tools\babylon pro 6 r32+add-ons\babylon.pro.6.xx-patch.exe
No c:\_otm\movedfiles\06122010_164818\d_documents and settings\installer\msoff\! installer !\i. internet tools\flashget v1.72\keygen.exe
No c:\_otm\movedfiles\06122010_164818\d_documents and settings\installer\msoff\! installer !\k. gaming and virtual tools\daemon tools v4.03 x64\daemon403-x64.exe
No d:\documents and settings\installer\iphone\iphonevideoconverter.exe[install.dll]
No d:\documents and settings\installer\msoff\! installer !\k. gaming and virtual tools\winimage 6.1\keygen\keygen_winimage.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
5.
New RSIT log.txt contents.Logfile of random's system information tool 1.07 (written by random/random)
Run by @k3yM at 2010-06-13 00:41:34
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 6 GB (8%) free of 71 GB
Total RAM: 2813 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:21 AM, on 6/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Electronic Arts\EADownloadManager\EACoreServer.exe
C:\Program Files\Electronic Arts\EADownloadManager\EADownloadManager\EADownloadManager.exe
C:\Users\@k3yM\Downloads\RSIT.exe
C:\Program Files\trend micro\@k3yM.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.us.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.us.acer.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan ... stubie.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: DYXPPQO - Unknown owner - C:\Users\@k3yM\AppData\Local\Temp\DYXPPQO.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: GMYZBU - Unknown owner - C:\Users\@k3yM\AppData\Local\Temp\GMYZBU.exe (file missing)
O23 - Service: HRU - Unknown owner - C:\Users\@k3yM\AppData\Local\Temp\HRU.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7910 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2506131056-3247040052-1697288011-1000Core1cac652556b953c.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-11-11 62784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-05 312880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-12 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2009-08-22 1114112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-26 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-12 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-05-09 397312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\@k3yM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-05 821768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-05-19 6139904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-14 1033512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2008-04-23 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-07-20 813584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-06-12 19:47:29 ----D---- C:\Program Files\Panda Security
2010-06-12 16:48:18 ----D---- C:\_OTM
2010-06-11 16:30:25 ----D---- C:\Program Files\Common Files\Java
2010-06-11 16:29:53 ----A---- C:\Windows\system32\javaws.exe
2010-06-11 16:29:53 ----A---- C:\Windows\system32\javaw.exe
2010-06-11 16:29:53 ----A---- C:\Windows\system32\java.exe
2010-06-11 16:29:53 ----A---- C:\Windows\system32\deployJava1.dll
2010-06-11 16:29:23 ----D---- C:\Program Files\Java
2010-06-11 15:27:18 ----D---- C:\Program Files\Adobe
2010-06-11 15:24:39 ----SHD---- C:\Config.Msi
2010-06-11 13:56:12 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-11 13:55:58 ----A---- C:\Windows\system32\atmfd.dll
2010-06-11 13:55:57 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 13:55:38 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 13:55:38 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 13:55:38 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 13:55:36 ----A---- C:\Windows\system32\ieui.dll
2010-06-11 13:55:36 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 13:55:35 ----A---- C:\Windows\system32\mshtmled.dll
2010-06-11 13:55:35 ----A---- C:\Windows\system32\iepeers.dll
2010-06-11 13:55:35 ----A---- C:\Windows\system32\ieencode.dll
2010-06-11 13:55:35 ----A---- C:\Windows\system32\ieapfltr.dll
2010-06-11 01:36:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-06-11 00:20:30 ----D---- C:\rsit
2010-06-10 13:20:09 ----D---- C:\Program Files\ESET
2010-06-09 13:56:44 ----A---- C:\ComboFix.txt
2010-06-09 13:56:04 ----SHD---- C:\$RECYCLE.BIN
2010-06-09 13:46:20 ----A---- C:\Windows\zip.exe
2010-06-09 13:46:20 ----A---- C:\Windows\SWSC.exe
2010-06-09 13:46:20 ----A---- C:\Windows\SWREG.exe
2010-06-09 13:46:20 ----A---- C:\Windows\sed.exe
2010-06-09 13:46:20 ----A---- C:\Windows\PEV.exe
2010-06-09 13:46:20 ----A---- C:\Windows\NIRCMD.exe
2010-06-09 13:46:20 ----A---- C:\Windows\MBR.exe
2010-06-09 13:46:20 ----A---- C:\Windows\grep.exe
2010-06-09 13:45:23 ----D---- C:\Qoobox
2010-06-09 13:45:03 ----A---- C:\Windows\SWXCACLS.exe
2010-06-04 17:09:40 ----D---- C:\Windows\ERDNT
2010-06-04 17:07:47 ----D---- C:\Program Files\ERUNT
2010-05-31 14:29:42 ----D---- C:\Program Files\Sports Interactive
2010-05-31 14:20:56 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-25 22:49:51 ----A---- C:\Windows\system32\tzres.dll
2010-05-16 22:16:13 ----A---- C:\ProgramData\xml49B8.tmp
2010-05-16 22:16:13 ----A---- C:\ProgramData\xml47F3.tmp
2010-05-16 22:16:07 ----A---- C:\ProgramData\xml2F44.tmp
2010-05-15 15:39:44 ----A---- C:\ProgramData\xml205E.tmp
2010-05-15 15:39:44 ----A---- C:\ProgramData\xml205D.tmp
2010-05-15 15:39:44 ----A---- C:\ProgramData\xml204D.tmp
2010-05-15 15:39:41 ----A---- C:\ProgramData\xml16BB.tmp
2010-05-15 15:38:19 ----D---- C:\Windows\system32\directx
2010-05-15 15:37:47 ----D---- C:\Program Files\SiSoftware
======List of files/folders modified in the last 1 months======
2010-06-13 00:41:52 ----D---- C:\Windows\Temp
2010-06-13 00:41:45 ----D---- C:\Program Files\Trend Micro
2010-06-13 00:36:08 ----SHD---- C:\System Volume Information
2010-06-12 19:52:07 ----D---- C:\Windows\system32\drivers
2010-06-12 19:47:56 ----D---- C:\Windows\Prefetch
2010-06-12 19:47:29 ----RD---- C:\Program Files
2010-06-12 19:47:21 ----SD---- C:\Windows\Downloaded Program Files
2010-06-12 14:26:44 ----D---- C:\Windows\Microsoft.NET
2010-06-12 14:26:36 ----RSD---- C:\Windows\assembly
2010-06-12 14:25:13 ----D---- C:\Windows\winsxs
2010-06-12 14:15:08 ----D---- C:\Windows
2010-06-12 14:15:00 ----D---- C:\Windows\system32\catroot
2010-06-12 03:32:08 ----D---- C:\Windows\System32
2010-06-12 03:32:04 ----D---- C:\Program Files\Windows Mail
2010-06-12 03:09:47 ----SHD---- C:\Windows\Installer
2010-06-12 03:02:18 ----D---- C:\Windows\system32\wbem
2010-06-11 17:03:58 ----AD---- C:\ProgramData\TEMP
2010-06-11 16:30:25 ----D---- C:\Program Files\Common Files
2010-06-11 15:28:24 ----D---- C:\ProgramData\Adobe
2010-06-11 15:27:53 ----D---- C:\Program Files\Common Files\Adobe
2010-06-11 13:53:18 ----D---- C:\Windows\system32\catroot2
2010-06-09 13:54:30 ----A---- C:\Windows\system.ini
2010-06-09 13:50:44 ----D---- C:\Windows\AppPatch
2010-06-07 21:16:40 ----SD---- C:\ProgramData\Microsoft
2010-06-05 04:38:18 ----D---- C:\Windows\Minidump
2010-06-02 13:19:14 ----SD---- C:\Users\@k3yM\AppData\Roaming\Microsoft
2010-06-01 22:56:17 ----D---- C:\Windows\inf
2010-06-01 22:56:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-31 15:09:52 ----D---- C:\Users\@k3yM\AppData\Roaming\Sports Interactive
2010-05-31 14:20:34 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-05-30 04:21:16 ----D---- C:\Windows\system32\WDI
2010-05-28 15:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-27 09:18:10 ----D---- C:\Windows\rescache
2010-05-26 03:02:42 ----D---- C:\Windows\system32\en-US
2010-05-16 22:16:40 ----D---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-11-11 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-05-05 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-05-05 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-18 761856]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-04-09 210432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-05-05 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-05-05 207872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-19 2136920]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-11-11 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-11-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-11 40552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-18 7446656]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-05-06 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-05-06 62976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-02-14 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-05 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-05-05 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-05-05 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-05-05 16168]
S3 catchme;catchme; \??\C:\Users\@k3yM\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-11-11 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x86\Sandra.sys [2009-08-07 23112]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-08 691696]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2010-02-11 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-11 144704]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-18 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-08 272024]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-05-05 386560]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-11 606736]
S3 DYXPPQO;DYXPPQO; C:\Users\@k3yM\AppData\Local\Temp\DYXPPQO.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GMYZBU;GMYZBU; C:\Users\@k3yM\AppData\Local\Temp\GMYZBU.exe []
S3 HRU;HRU; C:\Users\@k3yM\AppData\Local\Temp\HRU.exe []
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2010-01-25 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
-----------------EOF-----------------
6. My computer is performing good.