Solve : Indonesaian text at top of web browser & intermitten connectio

1.	Solve : Indonesaian text at top of web browser & intermitten connection to website?
Answer» have above problem and done the TrendMicro HijackThis scan here is the scanned log file. Can anyone help to anlayse what has gone wrong ? thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39:42 AM, on 2/5/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WordWeb\wweb32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wahai anak2 Triakti... Belajarlah yang rajin. Jangan ngebokep mulu... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: &WordWeb... - res://C:\Windows\wweb32.dll/lookup.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Update Service (gupdate1c9876777235ff) (gupdate1c9876777235ff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 11013 bytes Go to Add or Remove Programs and uninstall: Cyberdefender Live Update - Symantec Corporation . ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click SETUP. Once open Click Next* Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next and the tool will start running. Once finished restart the PC. Delete Nortonremoval tool from your Desktop. . ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wahai anak2 Triakti... Belajarlah yang rajin. Jangan ngebokep mulu... R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) . Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download Malwarebytes' Anti-Malware (MBAM) Alternate MBAM download link Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire report in your next reply. . Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.Thanks for your advice :after follow your instruction, the "Indonesian text" disappeared. But I still facing problem in using "Internet Explorer " to get into any Website. Most of the time, I receive statement "Internet Explorer cannot display the Webpage ". Have to logout and log in Explorer many times. By chance, have to repaet several times before success. I though it was due to " Indonesian text visrus " . Now the text is gone, Internet Explorer log in problem still there . Please advice solution . Thanks in advance for your help . nb. As requested , here is the logfile after "Anti-Malware" scanned. Malwarebytes' Anti-Malware 1.36 Database version: 2069 Windows 6.0.6001 Service Pack 1 3/5/2009 7:44:32 PM mbam-log-2009-05-03 (19-44-32).txt Scan type: Quick Scan Objects scanned: 68595 Time elapsed: 4 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 220 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -&GT; Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Acer\AppData\Roaming\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010 (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully. Files Infected: C:\Users\Acer\AppData\Roaming\RegTool\Logs\2009-04-28 19-29-120.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Users\Acer\AppData\Roaming\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix Follow your instruction and here is the ComboFix log, please help to analyse . Thanks . -------------------------------------------------------------------------------------------------------------------- ComboFix 09-05-03.1 - Acer 04/05/2009 23:09.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1290 [GMT 8:00] Running from: c:\users\Acer\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 ))))))))))))))))))))))))))))))) . 2009-05-03 10:34 . 2009-05-03 10:34 -------- d-----w c:\programdata\NortonInstaller 2009-05-03 10:34 . 2009-05-03 10:34 -------- d-----w c:\users\All Users\NortonInstaller 2009-05-02 03:37 . 2009-05-02 03:37 -------- d-----w c:\program files\Trend Micro 2009-04-27 16:35 . 2009-04-27 16:35 -------- d-----w c:\program files\RegCure 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\users\Acer\AppData\Roaming\Malwarebytes 2009-04-27 14:21 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-27 14:21 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\programdata\Malwarebytes 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-27 14:21 . 2009-05-03 11:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\programdata\SiteAdvisor 2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\users\All Users\SiteAdvisor 2009-04-25 09:17 . 2009-04-25 09:22 -------- d-----w c:\program files\SiteAdvisor 2009-04-25 09:14 . 2009-03-25 03:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-04-25 09:14 . 2009-03-25 03:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-04-25 09:14 . 2009-03-25 03:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-04-25 09:14 . 2008-10-23 05:08 130424 ----a-w c:\windows\system32\drivers\Mpfp.sys 2009-04-25 09:14 . 2009-04-25 09:14 -------- d-----w c:\program files\Common Files\McAfee 2009-04-25 09:14 . 2009-04-25 09:14 -------- d-----w c:\program files\McAfee.com 2009-04-25 09:14 . 2009-04-27 14:18 -------- d-----w c:\program files\McAfee 2009-04-25 09:13 . 2009-03-25 03:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-04-25 09:00 . 2009-04-25 09:18 -------- d-----w c:\programdata\McAfee 2009-04-25 09:00 . 2009-04-25 09:18 -------- d-----w c:\users\All Users\McAfee 2009-04-20 12:06 . 2009-04-25 08:39 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-20 12:02 . 2009-04-20 12:02 -------- d-----w c:\program files\BitDefender 2009-04-20 11:54 . 2009-04-20 15:39 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-19 00:58 . 2009-04-19 00:58 -------- d-----w C:\Sounds 2009-04-19 00:53 . 2008-09-03 22:27 24832 ----a-w c:\windows\system32\drivers\lgusbmodem.sys 2009-04-19 00:53 . 2008-09-03 22:28 19968 ----a-w c:\windows\system32\drivers\lgusbdiag.sys 2009-04-19 00:53 . 2008-09-03 22:27 13056 ----a-w c:\windows\system32\drivers\lgusbbus.sys 2009-04-19 00:53 . 2009-04-19 00:53 -------- d-----w c:\program files\LG Electronics 2009-04-19 00:51 . 2007-11-08 08:26 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll 2009-04-19 00:51 . 2009-04-19 09:59 -------- d-----w c:\users\Acer\AppData\Roaming\LG Electronics 2009-04-19 00:51 . 2009-04-19 10:00 -------- d-----w c:\program files\LG PC Suite II . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 14:59 . 2009-03-24 11:17 420 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job 2009-05-04 14:43 . 2008-12-20 14:28 868 ----a-w c:\windows\Tasks\Google Software Updater.job 2009-05-04 14:38 . 2009-02-05 07:54 882 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job 2009-05-04 14:38 . 2009-04-28 11:29 352 ----a-w c:\windows\Tasks\RegTool Startup.job 2009-05-04 14:38 . 2009-04-27 16:35 436 ----a-w c:\windows\Tasks\RegCure Program Check.job 2009-05-04 14:38 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-03 10:35 . 2007-07-17 06:57 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-28 10:52 . 2009-04-27 16:35 370 ----a-w c:\windows\Tasks\RegCure.job 2009-04-26 04:06 . 2009-04-25 09:14 338 ----a-w c:\windows\Tasks\McDefragTask.job 2009-04-26 04:06 . 2009-04-25 09:14 330 ----a-w c:\windows\Tasks\McQcTask.job 2009-04-19 00:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-19 00:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-19 00:56 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-04-19 00:53 . 2007-07-17 06:18 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-19 00:50 . 2008-01-21 08:04 7376 ----a-w c:\users\Acer\AppData\Local\d3d9caps.dat 2009-04-17 12:42 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-01 13:02 . 2008-12-20 14:28 -------- d-----w c:\program files\Google 2009-03-25 03:06 . 2009-03-25 03:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-17 03:38 . 2009-04-17 11:15 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-17 11:15 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 11:15 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-08 11:34 . 2009-03-24 11:06 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-03-24 11:06 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-03-24 11:06 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-03-24 11:06 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-03-24 11:06 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-03-24 11:06 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-03-24 11:06 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-03-24 11:06 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-03-24 11:06 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-03-24 11:06 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-03-24 11:06 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 11:32 . 2009-03-24 11:06 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-03-24 11:06 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-03-24 11:06 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-03-24 11:06 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-03-24 11:06 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 11:31 . 2009-03-24 11:06 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 11:22 . 2009-03-24 11:06 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 06:33 . 2009-03-08 06:33 -------- d-----w c:\program files\Rationale 2 2009-03-03 04:46 . 2009-04-17 11:15 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-17 11:15 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-17 11:15 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-17 11:15 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-17 11:15 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-17 11:15 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-17 11:15 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-17 11:15 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-17 11:15 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-17 11:15 17408 ----a-w c:\windows\system32\iashost.exe 2009-02-13 08:49 . 2009-04-17 11:15 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-17 11:15 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-11 10:12 2033152 ----a-w c:\windows\system32\win32k.sys 2008-08-31 14:39 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-14 178280] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312] c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-22 42168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave2"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CC798B78-DE13-4976-9DBA-0015A8CE56F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{81030BAF-357C-40FB-8793-B99ADE4212A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0E0174-247F-4069-9F52-9AD19DC71D83}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{560429FD-BAD7-4E9A-857F-AA8C893A477F}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{ED9E9E19-C630-464A-87A6-C20269418FC1}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{492EC220-FB41-4472-8B20-E400B5B81034}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{63C2B5ED-23AB-4CB2-AC71-1114E8E91419}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{9C8A4F83-9400-4816-BA61-125CC31F09BB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{D174244A-0FBB-4C36-8948-020059CF029E}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{7DDAC852-04CD-4EFE-8DE0-1361BE28FB87}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{A737C415-9154-4556-87F7-B5F30470A416}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie "{5D969526-27C1-40B7-9F52-8278DA307BA0}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{3C4ED021-08D7-40ED-B0AD-E27D445943AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7675F91E-FBB7-4E0C-9628-6432ED104CA4}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{50E32A91-4CD3-4573-90F9-B49D58FF0C3A}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{D6C8BEFB-D7A5-43B3-AEC2-F1A90A04DF7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{89879D53-A003-402C-835D-7BFE787E063A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{9C6250F4-9A47-482F-89D3-7CD7534C3986}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{E8376ABB-C3B1-4964-95E9-E750169D22B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2B15D7A0-01B8-4442-B9F8-24F7164354DE}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{38BE90AF-D3C8-4C9E-94E6-E0A458035CB9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{6B4DD4C0-2194-43F9-A598-60A6148EFAA6}"= Profile=Private\|Profile=Public\|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 0 (0x0) R2 gupdate1c9876777235ff;Google Update Service (gupdate1c9876777235ff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104] R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-18 81832] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 23:51 13560] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f3f3c6-b6f5-11dd-9a93-0019214a2749}] \shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bccb4bb-ccfc-11dd-8560-0019214a2749}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678b971c-d966-11dc-b513-00120e82456d}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe k4l0n62.sys.vbs [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 09:38] 2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 07:54] 2009-04-26 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53] 2009-04-26 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53] 2009-05-04 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] 2009-04-28 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] 2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job - c:\windows\system32\msfeedssync.exe [2009-03-24 11:31] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Acer Tour Reminder - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\rgir4l13.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-04 23:15 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe" [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Shockwave Flash Object" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] ="0" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] ="ShockwaveFlash.ShockwaveFlash.10" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] ="1.0" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="ShockwaveFlash.ShockwaveFlash" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Macromedia Flash Factory Object" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] ="FlashFactory.FlashFactory.1" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] ="1.0" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="FlashFactory.FlashFactory" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] Denied: (A 2) (Everyone) ="IFlashBroker2" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] Denied: (A 2) (Everyone) [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] ="Shockwave Flash" [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] Denied: (A 2) (Everyone) ="" [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] ="FlashBroker" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-05-04 23:17 ComboFix-quarantined-files.txt 2009-05-04 15:17 Pre-Run: 101,571,207,168 bytes free Post-Run: 102,403,452,928 bytes free 358 --- E O F --- 2009-05-03 08:57 Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and PRESSING Ctrl+C Code: [Select]KillAll:: FixCSet:: Folder:: c:\programdata\NortonInstaller c:\users\All Users\NortonInstaller [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze*Performed the activity as per instructed. It is noticed that there is a new "Internet Explorer " icon appear at the Desktop, and the old "Internet Explorer " icon still there . Which one shall I use or delete ? Here is the latest Combofix.txt logfile. Please advice the next cause of action . thanks. --------------------------------------- logfile -------------------------------------------------- ComboFix 09-05-03.1 - Acer 05/05/2009 20:23.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1279 [GMT 8:00] Running from: c:\users\Acer\Desktop\ComboFix.exe Command switches used :: c:\users\Acer\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\NortonInstaller c:\programdata\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT-05-03-2009-18h34m01s.log c:\programdata\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT.1.mft.7z c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z c:\users\All Users\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT-05-03-2009-18h34m01s.log c:\users\All Users\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT.1.mft.7z c:\users\All Users\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z . ((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))) . 2009-05-02 03:37 . 2009-05-02 03:37 -------- d-----w c:\program files\Trend Micro 2009-04-27 16:35 . 2009-04-27 16:35 -------- d-----w c:\program files\RegCure 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\users\Acer\AppData\Roaming\Malwarebytes 2009-04-27 14:21 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-27 14:21 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\programdata\Malwarebytes 2009-04-27 14:21 . 2009-04-27 14:21 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-27 14:21 . 2009-05-03 11:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\programdata\SiteAdvisor 2009-04-25 09:17 . 2009-04-25 09:17 -------- d-----w c:\users\All Users\SiteAdvisor 2009-04-25 09:17 . 2009-04-25 09:22 -------- d-----w c:\program files\SiteAdvisor 2009-04-25 09:14 . 2009-03-25 03:06 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys 2009-04-25 09:14 . 2009-03-25 03:06 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys 2009-04-25 09:14 . 2009-03-25 03:06 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys 2009-04-25 09:14 . 2008-10-23 05:08 130424 ----a-w c:\windows\system32\drivers\Mpfp.sys 2009-04-25 09:14 . 2009-04-25 09:14 -------- d-----w c:\program files\Common Files\McAfee 2009-04-25 09:14 . 2009-04-25 09:14 -------- d-----w c:\program files\McAfee.com 2009-04-25 09:14 . 2009-04-27 14:18 -------- d-----w c:\program files\McAfee 2009-04-25 09:13 . 2009-03-25 03:05 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys 2009-04-25 09:00 . 2009-04-25 09:18 -------- d-----w c:\programdata\McAfee 2009-04-25 09:00 . 2009-04-25 09:18 -------- d-----w c:\users\All Users\McAfee 2009-04-20 12:06 . 2009-04-25 08:39 81984 ----a-w c:\windows\system32\bdod.bin 2009-04-20 12:02 . 2009-04-20 12:02 -------- d-----w c:\program files\BitDefender 2009-04-20 11:54 . 2009-04-20 15:39 -------- d-----w c:\program files\Common Files\BitDefender 2009-04-19 00:58 . 2009-04-19 00:58 -------- d-----w C:\Sounds 2009-04-19 00:53 . 2008-09-03 22:27 24832 ----a-w c:\windows\system32\drivers\lgusbmodem.sys 2009-04-19 00:53 . 2008-09-03 22:28 19968 ----a-w c:\windows\system32\drivers\lgusbdiag.sys 2009-04-19 00:53 . 2008-09-03 22:27 13056 ----a-w c:\windows\system32\drivers\lgusbbus.sys 2009-04-19 00:53 . 2009-04-19 00:53 -------- d-----w c:\program files\LG Electronics 2009-04-19 00:51 . 2007-11-08 08:26 1164728 ----a-w c:\windows\system32\NMSDVDXU.dll 2009-04-19 00:51 . 2009-04-19 09:59 -------- d-----w c:\users\Acer\AppData\Roaming\LG Electronics 2009-04-19 00:51 . 2009-04-19 10:00 -------- d-----w c:\program files\LG PC Suite II . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-05 12:26 . 2009-02-05 07:54 882 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job 2009-05-05 12:26 . 2009-04-28 11:29 352 ----a-w c:\windows\Tasks\RegTool Startup.job 2009-05-05 12:26 . 2009-04-27 16:35 436 ----a-w c:\windows\Tasks\RegCure Program Check.job 2009-05-05 12:26 . 2008-12-20 14:28 868 ----a-w c:\windows\Tasks\Google Software Updater.job 2009-05-05 12:26 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-04 14:59 . 2009-03-24 11:17 420 ---ha-w c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job 2009-05-03 10:35 . 2007-07-17 06:57 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-28 10:52 . 2009-04-27 16:35 370 ----a-w c:\windows\Tasks\RegCure.job 2009-04-26 04:06 . 2009-04-25 09:14 338 ----a-w c:\windows\Tasks\McDefragTask.job 2009-04-26 04:06 . 2009-04-25 09:14 330 ----a-w c:\windows\Tasks\McQcTask.job 2009-04-19 00:56 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-04-19 00:56 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-04-19 00:56 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-04-19 00:53 . 2007-07-17 06:18 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-19 00:50 . 2008-01-21 08:04 7376 ----a-w c:\users\Acer\AppData\Local\d3d9caps.dat 2009-04-17 12:42 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-01 13:02 . 2008-12-20 14:28 -------- d-----w c:\program files\Google 2009-03-25 03:06 . 2009-03-25 03:06 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys 2009-03-17 03:38 . 2009-04-17 11:15 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-17 11:15 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 11:15 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-08 11:34 . 2009-03-24 11:06 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-03-24 11:06 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-03-24 11:06 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-03-24 11:06 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-03-24 11:06 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-03-24 11:06 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-03-24 11:06 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-03-24 11:06 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-03-24 11:06 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-03-24 11:06 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-03-24 11:06 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 11:32 . 2009-03-24 11:06 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-03-24 11:06 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-03-24 11:06 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-03-24 11:06 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-03-24 11:06 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 11:31 . 2009-03-24 11:06 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 11:22 . 2009-03-24 11:06 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 06:33 . 2009-03-08 06:33 -------- d-----w c:\program files\Rationale 2 2009-03-03 04:46 . 2009-04-17 11:15 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-17 11:15 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-17 11:15 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-17 11:15 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-17 11:15 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-17 11:15 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-17 11:15 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-17 11:15 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-17 11:15 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-17 11:15 17408 ----a-w c:\windows\system32\iashost.exe 2009-02-13 08:49 . 2009-04-17 11:15 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-17 11:15 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-11 10:12 2033152 ----a-w c:\windows\system32\win32k.sys 2008-08-31 14:39 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( [email protected]_15.15.22 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-17 06:24 . 2009-05-04 14:40 69044 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2007-07-17 06:24 . 2009-05-05 12:07 69044 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-05-05 12:07 74370 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-01-19 09:10 . 2009-05-04 14:40 18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-339563597-1808007692-2602482230-1000_UserData.bin + 2008-01-19 09:10 . 2009-05-05 12:07 18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-339563597-1808007692-2602482230-1000_UserData.bin + 2007-10-19 08:34 . 2009-05-05 12:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2007-10-19 08:34 . 2009-05-04 15:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-10-19 08:34 . 2009-05-05 12:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-10-19 08:34 . 2009-05-04 15:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-05-04 14:44 . 2009-05-04 14:44 5828 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B855EB17AFD3537FD667244F8CB86F6C92AE4254\B855EB17AFD3537FD667244F8CB86F6C92AE4254\Data.dat + 2009-05-05 12:08 . 2009-05-05 12:08 5828 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B855EB17AFD3537FD667244F8CB86F6C92AE4254\B855EB17AFD3537FD667244F8CB86F6C92AE4254\Data.dat + 2009-05-05 12:07 . 2009-05-05 12:07 5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat - 2009-05-04 14:41 . 2009-05-04 14:41 5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat + 2009-05-05 12:07 . 2009-05-05 12:07 7994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat + 2009-05-05 12:06 . 2009-05-05 12:06 6202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\Data.dat - 2009-05-04 14:44 . 2009-05-04 14:44 6202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\Data.dat - 2009-05-04 14:38 . 2009-05-04 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-05-05 12:26 . 2009-05-05 12:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2007-10-19 08:34 . 2009-05-05 12:27 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-10-19 08:34 . 2009-05-04 15:15 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "Acer Tour Reminder"="" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440] "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-14 178280] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312] c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-22 42168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave2"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CC798B78-DE13-4976-9DBA-0015A8CE56F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{81030BAF-357C-40FB-8793-B99ADE4212A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0E0174-247F-4069-9F52-9AD19DC71D83}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live "{560429FD-BAD7-4E9A-857F-AA8C893A477F}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician "{ED9E9E19-C630-464A-87A6-C20269418FC1}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine "{492EC220-FB41-4472-8B20-E400B5B81034}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia "{63C2B5ED-23AB-4CB2-AC71-1114E8E91419}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect "{9C8A4F83-9400-4816-BA61-125CC31F09BB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service "{D174244A-0FBB-4C36-8948-020059CF029E}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD "{7DDAC852-04CD-4EFE-8DE0-1361BE28FB87}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician "{A737C415-9154-4556-87F7-B5F30470A416}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie "{5D969526-27C1-40B7-9F52-8278DA307BA0}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{3C4ED021-08D7-40ED-B0AD-E27D445943AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7675F91E-FBB7-4E0C-9628-6432ED104CA4}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{50E32A91-4CD3-4573-90F9-B49D58FF0C3A}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{D6C8BEFB-D7A5-43B3-AEC2-F1A90A04DF7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{89879D53-A003-402C-835D-7BFE787E063A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{9C6250F4-9A47-482F-89D3-7CD7534C3986}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{E8376ABB-C3B1-4964-95E9-E750169D22B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2B15D7A0-01B8-4442-B9F8-24F7164354DE}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{38BE90AF-D3C8-4C9E-94E6-E0A458035CB9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{6B4DD4C0-2194-43F9-A598-60A6148EFAA6}"= Profile=Private\|Profile=Public\|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 0 (0x0) R2 gupdate1c9876777235ff;Google Update Service (gupdate1c9876777235ff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104] R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-18 81832] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 23:51 13560] S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f3f3c6-b6f5-11dd-9a93-0019214a2749}] \shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bccb4bb-ccfc-11dd-8560-0019214a2749}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678b971c-d966-11dc-b513-00120e82456d}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe k4l0n62.sys.vbs [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-05-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 09:38] 2009-05-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 07:54] 2009-04-26 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53] 2009-04-26 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53] 2009-05-05 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] 2009-04-28 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 17:58] 2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job - c:\windows\system32\msfeedssync.exe [2009-03-24 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\rgir4l13.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-05 20:27 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe" [HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Shockwave Flash Object" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] ="0" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] ="ShockwaveFlash.ShockwaveFlash.10" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] ="1.0" [HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="ShockwaveFlash.ShockwaveFlash" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Macromedia Flash Factory Object" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] ="FlashFactory.FlashFactory.1" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] ="1.0" [HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="FlashFactory.FlashFactory" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] Denied: (A 2) (Everyone) ="IFlashBroker2" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" [HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] Denied: (A 2) (Everyone) [HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] ="Shockwave Flash" [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] Denied: (A 2) (Everyone) ="" [HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] ="FlashBroker" [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] Denied: (A) (Users) Denied: (A) (Everyone) Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(2016) c:\program files\McAfee\SiteAdvisor\saHook.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\windows\System32\rundll32.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\System32\conime.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\ehome\ehmsas.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************ . Completion time: 2009-05-05 20:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-05 12:32 ComboFix2.txt 2009-05-04 15:17 Pre-Run: 102,314,172,416 bytes free Post-Run: 102,181,163,008 bytes free 419 --- E O F --- 2009-05-03 08:57 I have no idea where the new IE icon came from... Download GMER and save it your desktop. * Extract it to your desktop and double-click GMER.exe * Click the rootkit tab and then scan. * Don't check the Show All box while scanning in progress! * When scanning is finished click Copy. * This copies the log to clipboard * Post the log in your reply.Before doing GMER scan, computer seems get back to normal -> no more IE log in problem and faster log in . Nevertheless, still perform GMER-> rootkit-> scan as instructed . During scanning, counter problem and following statement appear : ---------------------------------------------------------------------------------- gmer.exe has stopped working A problem caused the program to stop working correctly. Window will close the program and notify you if solution is available ------------------------------------------------------------------------------------- After this, computer seems performing some work and never shut down . Waited for more than half an hour and finally I do a click the "shut down " commant at the right bottom of above statement and get out of the loop . What has gone wrong with GMER? Since no IE log in problem. Is there any more thing to be done ? Thanks . Download Rooter.exe to your desktop * Double click Rooter.exe to start the tool. * A DOS window will appear and show the scan progress. * Once complete a notepad file containing the report will open. * Copy & paste the results in your next reply. * Close notepad and Rooter will close. A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).after double click Rooter.exe, following message came out on screen ( not in DOS window) : -------------------------------------------------------------------- Exception Processing message 0xc0000013 parameters 0x75D792A0 ox00000004 0x75D792A0 0x75D79A0 3x choices are given : stop, try again or continue ------------------------------------------------------------- Select " continue " , Dos window shows --------------------------------------------------- C:\windows\prefetch\webmediaplayer -------------------------------------------------- this statement stay in Dos window and no further progress, after 5 minutes, following message appear on screen ( not in DOS window ) : Find String (QGREP) utility has stopped working , click close program .... Please advice how to proceed ? thanks . ( NB. the computer seems working perfectly now, no problem to log in to IE ) .Right click it and choose 'Run as Administrator'Done ! same problem and message as before .* Download The Avenger by Swandog46 * Unzip/extract it to a folder on your desktop. * Right click on avenger.exe and choose 'Run as Administrator' * Click OK * Make sure that the box next to Scan for rootkits has a mark in it and that the box next to Automatically disable any rootkits found does not have a mark in it. * Click the Execute button. * You will be asked No script has been entered. Do you want to execute a rootkit scan only?. * Click Yes. * You will now be asked First step completed ... The Avenger has been successfully set up to run on next boot. Reboot now? * Click Yes * Your PC will now be rebooted. * After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%avenger.txt (typically C:avenger.txt). * Please post the Avenger log in your next reply.PLease see Avenger log file . Kindly advice next action. thanks Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ***************** Script file opened successfully. Script file read successfully. Backups DIRECTORY opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ***************** Finished! Terminate.

Solve : Indonesaian text at top of web browser & intermitten connection to website?

Answer»

have above problem and done the TrendMicro HijackThis scan here is the scanned log file.
Can anyone help to anlayse what has gone wrong ? thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:42 AM, on 2/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wahai anak2 Triakti... Belajarlah yang rajin. Jangan ngebokep mulu...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\Windows\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c9876777235ff) (gupdate1c9876777235ff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11013 bytes
Go to Add or Remove Programs and uninstall:

Cyberdefender
Live Update - Symantec Corporation

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click SETUP.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC.
Delete Nortonremoval tool from your Desktop.

.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wahai anak2 Triakti... Belajarlah yang rajin. Jangan ngebokep mulu...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.Thanks for your advice :after follow your instruction, the "Indonesian text" disappeared.

But I still facing problem in using "Internet Explorer " to get into any Website.
Most of the time, I receive statement "Internet Explorer cannot display the Webpage ". Have to logout and log in Explorer many times. By chance, have to repaet several times before success.
I though it was due to " Indonesian text visrus " . Now the text is gone, Internet Explorer log in problem still there . Please advice solution . Thanks in advance for your help .

nb. As requested , here is the logfile after "Anti-Malware" scanned.

Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 6.0.6001 Service Pack 1

3/5/2009 7:44:32 PM
mbam-log-2009-05-03 (19-44-32).txt

Scan type: Quick Scan
Objects scanned: 68595
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 220

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -&GT; Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Acer\AppData\Roaming\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Acer\AppData\Roaming\RegTool\Logs\2009-04-28 19-29-120.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\QuarantineW\2009-04-28 19-32-010\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\Acer\AppData\Roaming\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix
Follow your instruction and here is the ComboFix log, please help to analyse . Thanks .

--------------------------------------------------------------------------------------------------------------------

ComboFix 09-05-03.1 - Acer 04/05/2009 23:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1290 [GMT 8:00]
Running from: c:\users\Acer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 10:34 . 2009-05-03 10:34   --------   d-----w   c:\programdata\NortonInstaller
2009-05-03 10:34 . 2009-05-03 10:34   --------   d-----w   c:\users\All Users\NortonInstaller
2009-05-02 03:37 . 2009-05-02 03:37   --------   d-----w   c:\program files\Trend Micro
2009-04-27 16:35 . 2009-04-27 16:35   --------   d-----w   c:\program files\RegCure
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\users\Acer\AppData\Roaming\Malwarebytes
2009-04-27 14:21 . 2009-04-06 07:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-27 14:21 . 2009-04-06 07:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\programdata\Malwarebytes
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\users\All Users\Malwarebytes
2009-04-27 14:21 . 2009-05-03 11:38   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-25 09:17 . 2009-04-25 09:17   --------   d-----w   c:\programdata\SiteAdvisor
2009-04-25 09:17 . 2009-04-25 09:17   --------   d-----w   c:\users\All Users\SiteAdvisor
2009-04-25 09:17 . 2009-04-25 09:22   --------   d-----w   c:\program files\SiteAdvisor
2009-04-25 09:14 . 2009-03-25 03:06   40552   ----a-w   c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 09:14 . 2009-03-25 03:06   35272   ----a-w   c:\windows\system32\drivers\mfebopk.sys
2009-04-25 09:14 . 2009-03-25 03:06   79880   ----a-w   c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 09:14 . 2008-10-23 05:08   130424   ----a-w   c:\windows\system32\drivers\Mpfp.sys
2009-04-25 09:14 . 2009-04-25 09:14   --------   d-----w   c:\program files\Common Files\McAfee
2009-04-25 09:14 . 2009-04-25 09:14   --------   d-----w   c:\program files\McAfee.com
2009-04-25 09:14 . 2009-04-27 14:18   --------   d-----w   c:\program files\McAfee
2009-04-25 09:13 . 2009-03-25 03:05   34216   ----a-w   c:\windows\system32\drivers\mferkdk.sys
2009-04-25 09:00 . 2009-04-25 09:18   --------   d-----w   c:\programdata\McAfee
2009-04-25 09:00 . 2009-04-25 09:18   --------   d-----w   c:\users\All Users\McAfee
2009-04-20 12:06 . 2009-04-25 08:39   81984   ----a-w   c:\windows\system32\bdod.bin
2009-04-20 12:02 . 2009-04-20 12:02   --------   d-----w   c:\program files\BitDefender
2009-04-20 11:54 . 2009-04-20 15:39   --------   d-----w   c:\program files\Common Files\BitDefender
2009-04-19 00:58 . 2009-04-19 00:58   --------   d-----w   C:\Sounds
2009-04-19 00:53 . 2008-09-03 22:27   24832   ----a-w   c:\windows\system32\drivers\lgusbmodem.sys
2009-04-19 00:53 . 2008-09-03 22:28   19968   ----a-w   c:\windows\system32\drivers\lgusbdiag.sys
2009-04-19 00:53 . 2008-09-03 22:27   13056   ----a-w   c:\windows\system32\drivers\lgusbbus.sys
2009-04-19 00:53 . 2009-04-19 00:53   --------   d-----w   c:\program files\LG Electronics
2009-04-19 00:51 . 2007-11-08 08:26   1164728   ----a-w   c:\windows\system32\NMSDVDXU.dll
2009-04-19 00:51 . 2009-04-19 09:59   --------   d-----w   c:\users\Acer\AppData\Roaming\LG Electronics
2009-04-19 00:51 . 2009-04-19 10:00   --------   d-----w   c:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 14:59 . 2009-03-24 11:17   420   ---ha-w   c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job
2009-05-04 14:43 . 2008-12-20 14:28   868   ----a-w   c:\windows\Tasks\Google Software Updater.job
2009-05-04 14:38 . 2009-02-05 07:54   882   ----a-w   c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-04 14:38 . 2009-04-28 11:29   352   ----a-w   c:\windows\Tasks\RegTool Startup.job
2009-05-04 14:38 . 2009-04-27 16:35   436   ----a-w   c:\windows\Tasks\RegCure Program Check.job
2009-05-04 14:38 . 2006-11-02 13:01   6   ---ha-w   c:\windows\Tasks\SA.DAT
2009-05-03 10:35 . 2007-07-17 06:57   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-28 10:52 . 2009-04-27 16:35   370   ----a-w   c:\windows\Tasks\RegCure.job
2009-04-26 04:06 . 2009-04-25 09:14   338   ----a-w   c:\windows\Tasks\McDefragTask.job
2009-04-26 04:06 . 2009-04-25 09:14   330   ----a-w   c:\windows\Tasks\McQcTask.job
2009-04-19 00:56 . 2006-11-02 10:25   86016   ----a-w   c:\windows\inf\infstor.dat
2009-04-19 00:56 . 2006-11-02 10:25   51200   ----a-w   c:\windows\inf\infpub.dat
2009-04-19 00:56 . 2006-11-02 10:25   143360   ----a-w   c:\windows\inf\infstrng.dat
2009-04-19 00:53 . 2007-07-17 06:18   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-19 00:50 . 2008-01-21 08:04   7376   ----a-w   c:\users\Acer\AppData\Local\d3d9caps.dat
2009-04-17 12:42 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-04-01 13:02 . 2008-12-20 14:28   --------   d-----w   c:\program files\Google
2009-03-25 03:06 . 2009-03-25 03:06   214024   ----a-w   c:\windows\system32\drivers\mfehidk.sys
2009-03-17 03:38 . 2009-04-17 11:15   40960   ----a-w   c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-17 11:15   13824   ----a-w   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 11:15   24064   ----a-w   c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-03-24 11:06   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-24 11:06   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-24 11:06   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-24 11:06   109056   ----a-w   c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-24 11:06   109568   ----a-w   c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-24 11:06   132608   ----a-w   c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-24 11:06   107520   ----a-w   c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-24 11:06   107008   ----a-w   c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-24 11:06   103936   ----a-w   c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-24 11:06   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-24 11:06   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-24 11:06   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-24 11:06   66560   ----a-w   c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-24 11:06   169472   ----a-w   c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-24 11:06   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-24 11:06   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-24 11:06   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-24 11:06   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-08 06:33 . 2009-03-08 06:33   --------   d-----w   c:\program files\Rationale 2
2009-03-03 04:46 . 2009-04-17 11:15   3599328   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 11:15   3547632   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 11:15   183296   ----a-w   c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 11:15   551424   ----a-w   c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 11:15   26112   ----a-w   c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 11:15   98304   ----a-w   c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 11:15   54784   ----a-w   c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 11:15   44032   ----a-w   c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 11:15   666624   ----a-w   c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 11:15   17408   ----a-w   c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-17 11:15   72704   ----a-w   c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-17 11:15   1255936   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 10:12   2033152   ----a-w   c:\windows\system32\win32k.sys
2008-08-31 14:39 . 2006-11-02 12:50   174   --sha-w   c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-14 178280]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-22 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC798B78-DE13-4976-9DBA-0015A8CE56F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81030BAF-357C-40FB-8793-B99ADE4212A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0E0174-247F-4069-9F52-9AD19DC71D83}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{560429FD-BAD7-4E9A-857F-AA8C893A477F}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{ED9E9E19-C630-464A-87A6-C20269418FC1}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{492EC220-FB41-4472-8B20-E400B5B81034}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{63C2B5ED-23AB-4CB2-AC71-1114E8E91419}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{9C8A4F83-9400-4816-BA61-125CC31F09BB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{D174244A-0FBB-4C36-8948-020059CF029E}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{7DDAC852-04CD-4EFE-8DE0-1361BE28FB87}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A737C415-9154-4556-87F7-B5F30470A416}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie
"{5D969526-27C1-40B7-9F52-8278DA307BA0}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3C4ED021-08D7-40ED-B0AD-E27D445943AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7675F91E-FBB7-4E0C-9628-6432ED104CA4}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{50E32A91-4CD3-4573-90F9-B49D58FF0C3A}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{D6C8BEFB-D7A5-43B3-AEC2-F1A90A04DF7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{89879D53-A003-402C-835D-7BFE787E063A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9C6250F4-9A47-482F-89D3-7CD7534C3986}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E8376ABB-C3B1-4964-95E9-E750169D22B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B15D7A0-01B8-4442-B9F8-24F7164354DE}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{38BE90AF-D3C8-4C9E-94E6-E0A458035CB9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{6B4DD4C0-2194-43F9-A598-60A6148EFAA6}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

R2 gupdate1c9876777235ff;Google Update Service (gupdate1c9876777235ff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-18 81832]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 23:51 13560]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f3f3c6-b6f5-11dd-9a93-0019214a2749}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bccb4bb-ccfc-11dd-8560-0019214a2749}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678b971c-d966-11dc-b513-00120e82456d}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe k4l0n62.sys.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 09:38]

2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 07:54]

2009-04-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53]

2009-04-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53]

2009-05-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-04-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-24 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\rgir4l13.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 23:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
Denied: (A 2) (Everyone)
="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-04 23:17
ComboFix-quarantined-files.txt 2009-05-04 15:17

Pre-Run: 101,571,207,168 bytes free
Post-Run: 102,403,452,928 bytes free

358   --- E O F ---   2009-05-03 08:57
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and PRESSING Ctrl+C

Code: [Select]KillAll::

FixCSet::

Folder::
c:\programdata\NortonInstaller
c:\users\All Users\NortonInstaller

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezePerformed the activity as per instructed.

It is noticed that there is a new "Internet Explorer " icon appear at the Desktop, and the old "Internet Explorer " icon still there . Which one shall I use or delete ?

Here is the latest Combofix.txt logfile. Please advice the next cause of action . thanks.

--------------------------------------- logfile --------------------------------------------------

ComboFix 09-05-03.1 - Acer 05/05/2009 20:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.1279 [GMT 8:00]
Running from: c:\users\Acer\Desktop\ComboFix.exe
Command switches used :: c:\users\Acer\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT-05-03-2009-18h34m01s.log
c:\programdata\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT.1.mft.7z
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\users\All Users\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT-05-03-2009-18h34m01s.log
c:\users\All Users\NortonInstaller\Logs\05-03-2009-18h34m01s\SymNRT.1.mft.7z
c:\users\All Users\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z

.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-02 03:37 . 2009-05-02 03:37   --------   d-----w   c:\program files\Trend Micro
2009-04-27 16:35 . 2009-04-27 16:35   --------   d-----w   c:\program files\RegCure
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\users\Acer\AppData\Roaming\Malwarebytes
2009-04-27 14:21 . 2009-04-06 07:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-27 14:21 . 2009-04-06 07:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\programdata\Malwarebytes
2009-04-27 14:21 . 2009-04-27 14:21   --------   d-----w   c:\users\All Users\Malwarebytes
2009-04-27 14:21 . 2009-05-03 11:38   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-25 09:17 . 2009-04-25 09:17   --------   d-----w   c:\programdata\SiteAdvisor
2009-04-25 09:17 . 2009-04-25 09:17   --------   d-----w   c:\users\All Users\SiteAdvisor
2009-04-25 09:17 . 2009-04-25 09:22   --------   d-----w   c:\program files\SiteAdvisor
2009-04-25 09:14 . 2009-03-25 03:06   40552   ----a-w   c:\windows\system32\drivers\mfesmfk.sys
2009-04-25 09:14 . 2009-03-25 03:06   35272   ----a-w   c:\windows\system32\drivers\mfebopk.sys
2009-04-25 09:14 . 2009-03-25 03:06   79880   ----a-w   c:\windows\system32\drivers\mfeavfk.sys
2009-04-25 09:14 . 2008-10-23 05:08   130424   ----a-w   c:\windows\system32\drivers\Mpfp.sys
2009-04-25 09:14 . 2009-04-25 09:14   --------   d-----w   c:\program files\Common Files\McAfee
2009-04-25 09:14 . 2009-04-25 09:14   --------   d-----w   c:\program files\McAfee.com
2009-04-25 09:14 . 2009-04-27 14:18   --------   d-----w   c:\program files\McAfee
2009-04-25 09:13 . 2009-03-25 03:05   34216   ----a-w   c:\windows\system32\drivers\mferkdk.sys
2009-04-25 09:00 . 2009-04-25 09:18   --------   d-----w   c:\programdata\McAfee
2009-04-25 09:00 . 2009-04-25 09:18   --------   d-----w   c:\users\All Users\McAfee
2009-04-20 12:06 . 2009-04-25 08:39   81984   ----a-w   c:\windows\system32\bdod.bin
2009-04-20 12:02 . 2009-04-20 12:02   --------   d-----w   c:\program files\BitDefender
2009-04-20 11:54 . 2009-04-20 15:39   --------   d-----w   c:\program files\Common Files\BitDefender
2009-04-19 00:58 . 2009-04-19 00:58   --------   d-----w   C:\Sounds
2009-04-19 00:53 . 2008-09-03 22:27   24832   ----a-w   c:\windows\system32\drivers\lgusbmodem.sys
2009-04-19 00:53 . 2008-09-03 22:28   19968   ----a-w   c:\windows\system32\drivers\lgusbdiag.sys
2009-04-19 00:53 . 2008-09-03 22:27   13056   ----a-w   c:\windows\system32\drivers\lgusbbus.sys
2009-04-19 00:53 . 2009-04-19 00:53   --------   d-----w   c:\program files\LG Electronics
2009-04-19 00:51 . 2007-11-08 08:26   1164728   ----a-w   c:\windows\system32\NMSDVDXU.dll
2009-04-19 00:51 . 2009-04-19 09:59   --------   d-----w   c:\users\Acer\AppData\Roaming\LG Electronics
2009-04-19 00:51 . 2009-04-19 10:00   --------   d-----w   c:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 12:26 . 2009-02-05 07:54   882   ----a-w   c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-05 12:26 . 2009-04-28 11:29   352   ----a-w   c:\windows\Tasks\RegTool Startup.job
2009-05-05 12:26 . 2009-04-27 16:35   436   ----a-w   c:\windows\Tasks\RegCure Program Check.job
2009-05-05 12:26 . 2008-12-20 14:28   868   ----a-w   c:\windows\Tasks\Google Software Updater.job
2009-05-05 12:26 . 2006-11-02 13:01   6   ---ha-w   c:\windows\Tasks\SA.DAT
2009-05-04 14:59 . 2009-03-24 11:17   420   ---ha-w   c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job
2009-05-03 10:35 . 2007-07-17 06:57   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-28 10:52 . 2009-04-27 16:35   370   ----a-w   c:\windows\Tasks\RegCure.job
2009-04-26 04:06 . 2009-04-25 09:14   338   ----a-w   c:\windows\Tasks\McDefragTask.job
2009-04-26 04:06 . 2009-04-25 09:14   330   ----a-w   c:\windows\Tasks\McQcTask.job
2009-04-19 00:56 . 2006-11-02 10:25   86016   ----a-w   c:\windows\inf\infstor.dat
2009-04-19 00:56 . 2006-11-02 10:25   51200   ----a-w   c:\windows\inf\infpub.dat
2009-04-19 00:56 . 2006-11-02 10:25   143360   ----a-w   c:\windows\inf\infstrng.dat
2009-04-19 00:53 . 2007-07-17 06:18   --------   d--h--w   c:\program files\InstallShield Installation Information
2009-04-19 00:50 . 2008-01-21 08:04   7376   ----a-w   c:\users\Acer\AppData\Local\d3d9caps.dat
2009-04-17 12:42 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-04-01 13:02 . 2008-12-20 14:28   --------   d-----w   c:\program files\Google
2009-03-25 03:06 . 2009-03-25 03:06   214024   ----a-w   c:\windows\system32\drivers\mfehidk.sys
2009-03-17 03:38 . 2009-04-17 11:15   40960   ----a-w   c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-17 11:15   13824   ----a-w   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 11:15   24064   ----a-w   c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-03-24 11:06   914944   ----a-w   c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-24 11:06   43008   ----a-w   c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-24 11:06   18944   ----a-w   c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-24 11:06   109056   ----a-w   c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-24 11:06   109568   ----a-w   c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-24 11:06   132608   ----a-w   c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-24 11:06   107520   ----a-w   c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-24 11:06   107008   ----a-w   c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-24 11:06   103936   ----a-w   c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-24 11:06   420352   ----a-w   c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-24 11:06   72704   ----a-w   c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-24 11:06   71680   ----a-w   c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-24 11:06   66560   ----a-w   c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-24 11:06   169472   ----a-w   c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-24 11:06   34816   ----a-w   c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-24 11:06   48128   ----a-w   c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-24 11:06   45568   ----a-w   c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-24 11:06   156160   ----a-w   c:\windows\system32\msls31.dll
2009-03-08 06:33 . 2009-03-08 06:33   --------   d-----w   c:\program files\Rationale 2
2009-03-03 04:46 . 2009-04-17 11:15   3599328   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 11:15   3547632   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 11:15   183296   ----a-w   c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 11:15   551424   ----a-w   c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 11:15   26112   ----a-w   c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 11:15   98304   ----a-w   c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 11:15   54784   ----a-w   c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 11:15   44032   ----a-w   c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 11:15   666624   ----a-w   c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 11:15   17408   ----a-w   c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-17 11:15   72704   ----a-w   c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-17 11:15   1255936   ----a-w   c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 10:12   2033152   ----a-w   c:\windows\system32\win32k.sys
2008-08-31 14:39 . 2006-11-02 12:50   174   --sha-w   c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( [email protected]_15.15.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-17 06:24 . 2009-05-04 14:40   69044 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-07-17 06:24 . 2009-05-05 12:07   69044 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-05 12:07   74370 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-19 09:10 . 2009-05-04 14:40   18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-339563597-1808007692-2602482230-1000_UserData.bin
+ 2008-01-19 09:10 . 2009-05-05 12:07   18066 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-339563597-1808007692-2602482230-1000_UserData.bin
+ 2007-10-19 08:34 . 2009-05-05 12:27   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-10-19 08:34 . 2009-05-04 15:15   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-10-19 08:34 . 2009-05-05 12:27   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-10-19 08:34 . 2009-05-04 15:15   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-04 14:44 . 2009-05-04 14:44   5828 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B855EB17AFD3537FD667244F8CB86F6C92AE4254\B855EB17AFD3537FD667244F8CB86F6C92AE4254\Data.dat
+ 2009-05-05 12:08 . 2009-05-05 12:08   5828 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B855EB17AFD3537FD667244F8CB86F6C92AE4254\B855EB17AFD3537FD667244F8CB86F6C92AE4254\Data.dat
+ 2009-05-05 12:07 . 2009-05-05 12:07   5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
- 2009-05-04 14:41 . 2009-05-04 14:41   5220 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\AFA0228517D559C72225EDC64521ED7E04459E89\AFA0228517D559C72225EDC64521ED7E04459E89\Data.dat
+ 2009-05-05 12:07 . 2009-05-05 12:07   7994 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\74A956292B9D7ED29866593C7E501FA45B187192\74A956292B9D7ED29866593C7E501FA45B187192\Data.dat
+ 2009-05-05 12:06 . 2009-05-05 12:06   6202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\Data.dat
- 2009-05-04 14:44 . 2009-05-04 14:44   6202 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\1D392462A204CC01DF4399DA2E6E264AAC23F1AA\Data.dat
- 2009-05-04 14:38 . 2009-05-04 14:38   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-05 12:26 . 2009-05-05 12:26   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-10-19 08:34 . 2009-05-05 12:27   131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-19 08:34 . 2009-05-04 15:15   131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Acer Tour Reminder"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALaunch"="c:\acer\ALaunch\AlaunchClient.exe" [2007-01-26 540672]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-06-15 326440]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-22 204908]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-14 178280]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-4-22 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC798B78-DE13-4976-9DBA-0015A8CE56F8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{81030BAF-357C-40FB-8793-B99ADE4212A8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0E0174-247F-4069-9F52-9AD19DC71D83}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{560429FD-BAD7-4E9A-857F-AA8C893A477F}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{ED9E9E19-C630-464A-87A6-C20269418FC1}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{492EC220-FB41-4472-8B20-E400B5B81034}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{63C2B5ED-23AB-4CB2-AC71-1114E8E91419}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{9C8A4F83-9400-4816-BA61-125CC31F09BB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{D174244A-0FBB-4C36-8948-020059CF029E}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{7DDAC852-04CD-4EFE-8DE0-1361BE28FB87}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A737C415-9154-4556-87F7-B5F30470A416}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer Play Movie
"{5D969526-27C1-40B7-9F52-8278DA307BA0}"= c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{3C4ED021-08D7-40ED-B0AD-E27D445943AF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7675F91E-FBB7-4E0C-9628-6432ED104CA4}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{50E32A91-4CD3-4573-90F9-B49D58FF0C3A}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{D6C8BEFB-D7A5-43B3-AEC2-F1A90A04DF7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{89879D53-A003-402C-835D-7BFE787E063A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9C6250F4-9A47-482F-89D3-7CD7534C3986}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E8376ABB-C3B1-4964-95E9-E750169D22B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B15D7A0-01B8-4442-B9F8-24F7164354DE}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{38BE90AF-D3C8-4C9E-94E6-E0A458035CB9}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{6B4DD4C0-2194-43F9-A598-60A6148EFAA6}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

R2 gupdate1c9876777235ff;Google Update Service (gupdate1c9876777235ff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-18 81832]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2006-11-02 23:51 13560]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-22 269448]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f3f3c6-b6f5-11dd-9a93-0019214a2749}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bccb4bb-ccfc-11dd-8560-0019214a2749}]
\shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{678b971c-d966-11dc-b513-00120e82456d}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe k4l0n62.sys.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 09:38]

2009-05-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 07:54]

2009-04-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53]

2009-04-26 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-25 02:53]

2009-05-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-04-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-04 c:\windows\Tasks\User_Feed_Synchronization-{FCED9B55-8DFE-46EE-B608-B7626366AB7D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-24 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\rgir4l13.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 20:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
Denied: (A 2) (Everyone)
="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2016)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-05-05 20:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 12:32
ComboFix2.txt 2009-05-04 15:17

Pre-Run: 102,314,172,416 bytes free
Post-Run: 102,181,163,008 bytes free

419   --- E O F ---   2009-05-03 08:57
I have no idea where the new IE icon came from...

Download GMER and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Click the rootkit tab and then scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.Before doing GMER scan, computer seems get back to normal -> no more IE log in problem and faster log in .
Nevertheless, still perform GMER-> rootkit-> scan as instructed .
During scanning, counter problem and following statement appear :
----------------------------------------------------------------------------------
gmer.exe has stopped working
A problem caused the program to stop working correctly.
Window will close the program and notify you if solution is available
-------------------------------------------------------------------------------------
After this, computer seems performing some work and never shut down . Waited for more than half an hour and finally I do a click the "shut down " commant at the right bottom of above statement and get out of the loop .

What has gone wrong with GMER?
Since no IE log in problem. Is there any more thing to be done ?
Thanks . Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).after double click Rooter.exe, following message came out on screen ( not in DOS window) :
--------------------------------------------------------------------
Exception Processing message 0xc0000013 parameters 0x75D792A0 ox00000004 0x75D792A0 0x75D79A0
3x choices are given : stop, try again or continue
-------------------------------------------------------------

Select " continue " , Dos window shows
---------------------------------------------------
C:\windows\prefetch\webmediaplayer
--------------------------------------------------

this statement stay in Dos window and no further progress, after 5 minutes, following message appear on screen ( not in DOS window ) :
Find String (QGREP) utility has stopped working , click close program ....

Please advice how to proceed ? thanks .
( NB. the computer seems working perfectly now, no problem to log in to IE ) .Right click it and choose 'Run as Administrator'Done !
same problem and message as before .* Download The Avenger by Swandog46
* Unzip/extract it to a folder on your desktop.
* Right click on avenger.exe and choose 'Run as Administrator'
* Click OK
* Make sure that the box next to Scan for rootkits has a mark in it and that the box next to Automatically disable any rootkits found does not have a mark in it.
* Click the Execute button.
* You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
* Click Yes.
* You will now be asked First step completed ... The Avenger has been successfully set up to run on next boot. Reboot now?
* Click Yes
* Your PC will now be rebooted.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at
%systemdrive%avenger.txt (typically C:avenger.txt).
* Please post the Avenger log in your next reply.PLease see Avenger log file .
Kindly advice next action. thanks

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups DIRECTORY opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Solve : Indonesaian text at top of web browser & intermitten connection to website?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment