Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Typical Hijackthis Log


  • This topic is locked This topic is locked
26 replies to this topic

#1 mokseng

mokseng

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 15 September 2008 - 11:00 PM

Since early 2008, i've been noticing some changes on my Acer TravelMate 3040. When i boot up Windows Vista, there will be weird system popups. One of them is asking me "Do you want to run..", while another is "Acer Orbicam has stopped working..", so i will always have to click "No" and cancel those popups before i could use my system properly. It is a chore on every startup. Hence, i have downloaded and installed HijackThis, in the hope of getting some of your help to help me clear the registry, as i'm assuming the problems are due to the registry. I did a scan, so Mods, please guide me on which to remove, thanks a million and hopefull it will solve my system popups. As of the time i edited this post, i have did a full scan on Avast! and had 2 viruses found and deleted. Here is my HijackThis log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:47 PM, on 9/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - C:\Windows\system32\qOifCSIB.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\Gravi_Sense.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBtSlKE.dll,#1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [捁牥吠畯?敒業摮牥] ??¢?’1????£????”?3‰e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-sg.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GraviSense Service (GraviSenseWMIService) - Unknown owner - C:\Acer\GraviSense\GraviSenseSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10082 bytes

Edited by aaron2fast, 16 September 2008 - 07:31 AM.


BC AdBot (Login to Remove)

 


#2 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 16 September 2008 - 01:15 AM

any help would be greatly appreciated, please.. thanks. ):

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:24 PM

Posted 20 September 2008 - 04:18 AM

Hi aaron2fast,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me if you have run any other tool.

  • Tell me about the current condition of your computer.


#4 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 12:18 AM

info.txt logfile of random's system information tool 1.02 2008-09-21 13:15:50

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
μTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x804 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x804 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GraviSense-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEBCBBF8-25D5-48D1-9D2E-D162C6B1BBF7}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer OrbiCam Application-->MsiExec.exe /X{0F79C1B2-36B2-4B62-8221-42721CF54638}
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Brain Workshop 3.1-->"C:\Program Files\Brain Workshop\unins000.exe"
Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
Continuum 0.40-->"C:\Program Files\Continuum\unins000.exe"
Counter-Strike 1.6-->"C:\Program Files\Counter-Strike 1.6\unins000.exe"
Disc2Phone-->MsiExec.exe /X{C01408FC-117C-44B7-8B0C-17794E526A01}
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iXchange MP3 Editor 3.3.5-->"C:\Program Files\iXchange\MP3Editor\unins000.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.3.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\swflash.inf,DefaultUninstall,5
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
??5-->"C:\Program Files\Thunder Network\Thunder\unins000.exe"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {66DA9ADD-B1C4-4891-84D6-706E216B411B} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
Ubuntu-->D:\ubuntu\Uninstall-Ubuntu.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)-->C:\Windows\system32\msiexec.exe /promptrestart /uninstall {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080920-0]
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 080920-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\

-----------------EOF-----------------


Logfile of random's system information tool 1.02 (written by random/random)
Run by acer at 2008-09-21 13:15:35
Microsoft? Windows Vista? Business
System drive C: has 24 GB (37%) free of 66 GB
Total RAM: 2038 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:48 PM, on 9/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\acer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\acer.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - C:\Windows\system32\qOifCSIB.dll (file missing)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\Gravi_Sense.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\geBtSlKE.dll,#1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [捁牥吠畯?敒業摮牥] ??¢?1????£?????3e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-sg.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GraviSense Service (GraviSenseWMIService) - Unknown owner - C:\Acer\GraviSense\GraviSenseSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10245 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2007-10-27 366032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-21 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}]
C:\Windows\system32\qOifCSIB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2007-10-27 165328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-11 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-14 52832]
"Acer Tour"=C:\Windows\system32\
"GraviSense"=C:\Acer\GraviSense\Gravi_Sense.exe [2007-12-22 11907072]
"SetPanel"=C:\Windows\system32\
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-12-07 483328]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2006-12-05 1261568]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512]
"AcerOrbicamRibbon"=C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-28 754712]
"eRecoveryService"=C:\Windows\system32\
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP []
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"IgfxTray"=C:\Windows\system32\igfxtray.exe []
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-28 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-28 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-21 185896]
"MSServer"=C:\Windows\system32\geBtSlKE.dll []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"捁牥吠畯r"=C:\Windows\system32\
"捁牥吠畯?敒業摮牥"=??散屲捁牥潔牵剜浥湩敤?硥e []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-28 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???μ?"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????"
"C:\FlashGet Network\Flashget\FlashGet.exe"="C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2"
"C:\FlashGet Network\Flashget\LiveUpdate.exe"="C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe"="C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9dcbae-f25f-11db-abf4-000000000000}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6813f293-a39e-11dc-b3e6-000000000000}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ie.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84f07732-f9ef-11db-9175-000000000000}]
shell\Auto\command - infrom.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a300a6-f230-11db-b4c6-000000000000}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-09-21 13:15:35 ----D---- C:\rsit
2008-09-16 21:37:03 ----D---- C:\Program Files\Lavasoft
2008-09-16 21:36:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 13:48:20 ----D---- C:\Program Files\Sygate
2008-09-16 13:47:22 ----A---- C:\Windows\system32\aswBoot.exe
2008-09-16 13:47:18 ----D---- C:\Program Files\Alwil Software
2008-09-16 13:45:14 ----AD---- C:\ProgramData\TEMP
2008-09-16 13:45:07 ----A---- C:\Windows\system32\STKIT432.DLL
2008-09-16 13:45:07 ----A---- C:\Windows\system32\msxml.dll
2008-09-16 13:32:47 ----SHD---- C:\Config.Msi
2008-09-16 11:13:00 ----D---- C:\Program Files\Trend Micro
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaws.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaw.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\java.exe
2008-09-14 09:39:42 ----A---- C:\Windows\bdagent.INI
2008-09-14 08:04:35 ----D---- C:\Program Files\BitDefender
2008-09-14 08:03:28 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-10 15:53:26 ----D---- C:\Program Files\Brain Workshop
2008-09-10 14:37:18 ----D---- C:\Users\acer\AppData\Roaming\Wireshark
2008-09-10 14:34:40 ----D---- C:\Program Files\WinPcap
2008-09-10 09:39:20 ----A---- C:\Windows\ntbtlog.txt
2008-09-10 06:38:06 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\gameux.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 06:38:03 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 11:17:02 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-09-09 11:16:34 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-09 10:55:57 ----D---- C:\Users\acer\AppData\Roaming\DAEMON Tools
2008-09-08 23:22:57 ----D---- C:\Program Files\Common Files\NSV
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxafs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\vxblock.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxwave.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxmas.dll
2008-09-08 23:21:02 ----N---- C:\Windows\system32\px.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wups.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2008-09-21 13:15:38 ----D---- C:\Windows\Temp
2008-09-21 13:15:26 ----D---- C:\Windows\Prefetch
2008-09-21 13:15:22 ----D---- C:\Users\acer\AppData\Roaming\uTorrent
2008-09-20 13:37:27 ----D---- C:\Windows\System32
2008-09-20 13:37:26 ----D---- C:\Windows\inf
2008-09-20 13:37:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-19 11:34:49 ----D---- C:\Program Files\DivX
2008-09-19 11:34:40 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-09-19 05:26:49 ----D---- C:\ProgramData\thunder_dctemp
2008-09-16 21:47:43 ----D---- C:\ProgramData\Lavasoft
2008-09-16 21:41:20 ----SHD---- C:\Windows\Installer
2008-09-16 21:41:20 ----D---- C:\Windows
2008-09-16 21:37:03 ----RD---- C:\Program Files
2008-09-16 21:37:03 ----D---- C:\Windows\system32\drivers
2008-09-16 21:36:27 ----D---- C:\Program Files\Common Files
2008-09-16 13:45:14 ----HD---- C:\ProgramData
2008-09-16 10:33:53 ----D---- C:\Program Files\Java
2008-09-14 09:41:46 ----D---- C:\Program Files\Rising
2008-09-14 09:09:50 ----RSD---- C:\RavBin
2008-09-14 08:05:26 ----D---- C:\Windows\winsxs
2008-09-12 18:53:01 ----A---- C:\Windows\RSBDBACKUP.DLL
2008-09-12 15:36:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-12 14:41:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-11 11:59:39 ----D---- C:\Program Files\Adobe
2008-09-10 12:42:23 ----D---- C:\Windows\AppPatch
2008-09-10 12:41:32 ----D---- C:\Windows\Microsoft.NET
2008-09-10 12:35:23 ----D---- C:\ProgramData\Microsoft Help
2008-09-10 12:29:17 ----RSD---- C:\Windows\assembly
2008-09-10 12:24:51 ----D---- C:\Windows\system32\catroot
2008-09-10 08:33:02 ----D---- C:\Windows\system32\catroot2
2008-09-08 23:27:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 23:27:28 ----D---- C:\Program Files\Scientific Notebook
2008-09-02 22:16:40 ----D---- C:\Program Files\Continuum
2008-08-31 16:45:01 ----D---- C:\Program Files\Messenger Plus! Live
2008-08-27 04:28:12 ----A---- C:\Windows\system32\mrt.exe
2008-08-23 15:24:59 ----D---- C:\Windows\system32\en-US
2008-08-22 23:50:16 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-08-30 320000]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2006-11-28 40352]
R3 LVUVC;Acer OrbiCam(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2006-11-28 1085216]
R3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-01-12 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys []
S3 arsdiqqh;arsdiqqh; C:\Windows\system32\drivers\arsdiqqh.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 37296]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 16560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-06-08 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
S3 lv321av;Logitech USB PC Camera (VC0321); C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2006-11-02 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-07 34064]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-16 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-24 243064]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RsVScanner;Rising Vista Scanner; C:\Program Files\Rising\Rav\scannerd.exe [2007-12-16 174704]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe []
S2 GraviSenseWMIService;GraviSense Service; C:\Acer\GraviSense\GraviSenseSvc.exe []
S2 NtmlSvc;NtmlSvc; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-24 3192184]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-07 92792]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

#5 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 12:51 AM

Here's a screenshot of my desktop when i startup my computer. Not a full one, coz before this happens i have a command prompt screen coming out and running some bleep, before this. Haha. But these are the main popups. :)

Posted Image

I use AdAware, Spybot Search & Destroy, and Avast! antivirus. I just downloaded AdAware and Avast! recently. There seem be be like at least 50 infections every time i scan with AdAware, and a couple with Spybot, such as "DoubleClick", etc. For the first time i did a full scan with Avast!, it detected 2 viruses, both trojans if i'm correct. After i deleted them, it is okay.

That's about all.

Last but not least, i really appreciate the help, fabar. Thanks a lot. :thumbsup:

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:24 PM

Posted 21 September 2008 - 06:17 AM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Emule). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Removal Instructions
  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":


    J2SE Runtime Environment 5.0 Update 11
    Java 6 Update 2
    Java 6 Update 3
    Java 6 Update 5
    Java SE Runtime Environment 6 Update 1


  • You have still some leftover services from an incomplete uninstalled Norton Antivirus on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

    Additional instructions can be found here if needed.

  • Now we need to make sure to turn off UAC ( UAC = User Account Control )
    • Click Start, and then click Control Panel.
    • In Control Panel, click User Accounts.
    • In the User Accounts window, click User Accounts.
    • In the User Accounts tasks window, click Turn User Account Control on or off.
    • If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
    • Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any messages about UAC being disabled.
    • Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
    NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

  • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (in your case .js).
    • Click the Fix button.
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log after running it and removing what it finds, or removing files after reboot.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run RSIT, set the list of Files/Folders created to 3 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).

  • Please tell me if your are using a flash drive/ thumb drive/ memory stick or that type of USB storage device. Tell me also if this is the only computer at home. Because we might have to take a look at them too or disinfect them if needed.
Please post in your next reply:
  • The log of MBAM.
  • The RSIT log.
  • Give me feedback about the last question.


#7 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 09:55 AM

This is my MBAM log after the 2nd time of scanning after the prompted reboot. There still seems to be an error i can't clean, but here it is.

Malwarebytes' Anti-Malware 1.28
Database version: 1184
Windows 6.0.6000

9/21/2008 10:41:44 PM
mbam-log-2008-09-21 (22-41-44).txt

Scan type: Quick Scan
Objects scanned: 46358
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 09:58 AM

I have an external hard disk drive which i use to store my movies, and stuff. This is my personal laptop which i use for school purposes as well. I have a desktop computer which i haven't touched in ages, and my father and brother both have a personal laptop of their own.

Here is the RSIT log.

Logfile of random's system information tool 1.02 (written by random/random)
Run by acer at 2008-09-21 22:49:45
Microsoft? Windows Vista? Business
System drive C: has 25 GB (38%) free of 66 GB
Total RAM: 2038 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:55 PM, on 9/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Windows\System32\hkcmd.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\acer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\acer.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\Gravi_Sense.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [捁牥吠畯?敒業摮牥] ??¢?1????£?????3e
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????¥???5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-sg.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GraviSense Service (GraviSenseWMIService) - Unknown owner - C:\Acer\GraviSense\GraviSenseSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9678 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2007-10-27 366032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-21 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-11 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-14 52832]
"Acer Tour"=C:\Windows\system32\
"GraviSense"=C:\Acer\GraviSense\Gravi_Sense.exe [2007-12-22 11907072]
"SetPanel"=C:\Windows\system32\
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-12-07 483328]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2006-12-05 1261568]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512]
"AcerOrbicamRibbon"=C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-28 754712]
"eRecoveryService"=C:\Windows\system32\
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP []
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"IgfxTray"=C:\Windows\system32\igfxtray.exe []
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-28 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-28 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-21 185896]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"捁牥吠畯r"=C:\Windows\system32\
"捁牥吠畯?敒業摮牥"=??散屲捁牥潔牵剜浥湩敤?硥e []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-28 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???μ?"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????"
"C:\FlashGet Network\Flashget\FlashGet.exe"="C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2"
"C:\FlashGet Network\Flashget\LiveUpdate.exe"="C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe"="C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9dcbae-f25f-11db-abf4-000000000000}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6813f293-a39e-11dc-b3e6-000000000000}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ie.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84f07732-f9ef-11db-9175-000000000000}]
shell\Auto\command - infrom.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a300a6-f230-11db-b4c6-000000000000}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 3 months======

2008-09-21 22:07:52 ----D---- C:\Users\acer\AppData\Roaming\Malwarebytes
2008-09-21 22:07:48 ----D---- C:\ProgramData\Malwarebytes
2008-09-21 22:07:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 21:52:12 ----D---- C:\ProgramData\NortonInstaller
2008-09-21 16:39:52 ----D---- C:\ProgramData\Avanquest Bluetooth SDK
2008-09-21 13:15:35 ----D---- C:\rsit
2008-09-16 21:37:03 ----D---- C:\Program Files\Lavasoft
2008-09-16 21:36:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 13:48:20 ----D---- C:\Program Files\Sygate
2008-09-16 13:47:22 ----A---- C:\Windows\system32\aswBoot.exe
2008-09-16 13:47:18 ----D---- C:\Program Files\Alwil Software
2008-09-16 13:45:14 ----AD---- C:\ProgramData\TEMP
2008-09-16 13:45:07 ----A---- C:\Windows\system32\STKIT432.DLL
2008-09-16 13:45:07 ----A---- C:\Windows\system32\msxml.dll
2008-09-16 11:13:00 ----D---- C:\Program Files\Trend Micro
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaws.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaw.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\java.exe
2008-09-14 09:39:42 ----A---- C:\Windows\bdagent.INI
2008-09-14 08:04:35 ----D---- C:\Program Files\BitDefender
2008-09-14 08:03:28 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-10 15:53:26 ----D---- C:\Program Files\Brain Workshop
2008-09-10 14:37:18 ----D---- C:\Users\acer\AppData\Roaming\Wireshark
2008-09-10 14:34:40 ----D---- C:\Program Files\WinPcap
2008-09-10 09:39:20 ----A---- C:\Windows\ntbtlog.txt
2008-09-10 06:38:06 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\gameux.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 06:38:03 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 11:17:02 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-09-09 11:16:34 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-09 10:55:57 ----D---- C:\Users\acer\AppData\Roaming\DAEMON Tools
2008-09-08 23:22:57 ----D---- C:\Program Files\Common Files\NSV
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxafs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\vxblock.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxwave.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxmas.dll
2008-09-08 23:21:02 ----N---- C:\Windows\system32\px.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wups.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 17:59:18 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\winipsec.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\polstore.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 13:09:28 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 13:09:25 ----A---- C:\Windows\system32\es.dll
2008-08-13 13:09:21 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 13:09:19 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 13:09:19 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 13:09:18 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 13:09:18 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ieui.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\iernonce.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-13 13:09:17 ----A---- C:\Windows\system32\advpack.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-13 13:09:16 ----A---- C:\Windows\system32\iesetup.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\icardie.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-13 13:08:47 ----A---- C:\Windows\system32\INETRES.dll
2008-08-13 13:08:47 ----A---- C:\Windows\system32\inetcomm.dll
2008-07-25 16:34:30 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
2008-07-18 17:39:11 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-18 17:39:08 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-18 17:38:49 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-18 17:38:48 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-18 17:38:48 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-18 17:38:44 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-18 17:38:42 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-18 17:38:41 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-18 17:38:41 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-18 17:38:41 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-18 17:38:41 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-18 17:38:40 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-18 17:38:39 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-18 17:38:39 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-18 17:38:38 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-18 17:38:38 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-18 17:38:38 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-18 17:38:37 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-18 17:38:37 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-18 17:38:37 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-18 17:38:36 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-18 17:38:36 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-18 17:38:36 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-18 17:38:36 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-18 17:38:35 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-18 17:38:35 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-18 17:38:35 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-18 17:38:35 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-18 17:38:35 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-18 17:38:34 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-18 17:38:15 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-18 17:38:14 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-18 17:38:13 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-18 17:38:12 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-18 17:38:11 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-18 17:38:10 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-18 17:38:09 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-18 17:38:09 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-18 17:38:08 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-18 17:38:08 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-18 17:38:07 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-18 17:38:06 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-18 17:38:05 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-18 17:38:04 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-18 17:38:04 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-18 17:38:03 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-18 17:38:02 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-18 17:38:02 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-18 17:38:01 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-18 17:38:01 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-18 17:38:01 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-18 17:38:01 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-18 17:38:00 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-18 17:38:00 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-18 17:38:00 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-18 17:37:59 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-18 17:37:59 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-18 17:37:59 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-18 17:37:59 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-18 17:37:59 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-18 17:37:58 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-09 05:10:50 ----A---- C:\Windows\system32\shell32.dll
2008-07-05 16:26:53 ----D---- C:\Users\acer\AppData\Roaming\AdobeUM
2008-07-05 16:24:01 ----D---- C:\Program Files\Yahoo!
2008-07-05 16:23:59 ----D---- C:\Program Files\FLV Player
2008-07-05 16:22:53 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-07-05 16:16:41 ----D---- C:\Program Files\Avanquest update
2008-07-05 16:16:40 ----D---- C:\ProgramData\BVRP Software
2008-07-05 16:11:57 ----D---- C:\ProgramData\Sony Ericsson
2008-07-05 16:11:46 ----D---- C:\Users\acer\AppData\Roaming\InstallShield
2008-07-05 16:09:26 ----D---- C:\Program Files\Common Files\Sony Shared
2008-07-05 16:09:22 ----D---- C:\Program Files\Sony Ericsson
2008-07-05 16:07:59 ----D---- C:\Program Files\QuickTime
2008-07-05 16:07:39 ----D---- C:\ProgramData\Apple
2008-07-05 16:07:39 ----D---- C:\Program Files\Apple Software Update
2008-07-05 16:06:22 ----D---- C:\Users\acer\AppData\Roaming\Sony Setup

======List of files/folders modified in the last 3 months======

2008-09-21 22:49:51 ----D---- C:\Windows\Prefetch
2008-09-21 22:49:49 ----D---- C:\Windows\Temp
2008-09-21 22:24:39 ----D---- C:\Windows\system32\drivers
2008-09-21 22:24:39 ----D---- C:\Windows
2008-09-21 22:07:48 ----RD---- C:\Program Files
2008-09-21 22:07:48 ----HD---- C:\ProgramData
2008-09-21 21:54:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-21 21:52:20 ----SHD---- C:\Windows\Installer
2008-09-21 21:50:26 ----D---- C:\Users\acer\AppData\Roaming\uTorrent
2008-09-21 21:46:14 ----D---- C:\Program Files\Java
2008-09-21 21:46:02 ----D---- C:\Windows\System32
2008-09-21 17:04:35 ----D---- C:\Windows\inf
2008-09-21 17:04:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-19 11:34:49 ----D---- C:\Program Files\DivX
2008-09-19 05:26:49 ----D---- C:\ProgramData\thunder_dctemp
2008-09-16 21:47:43 ----D---- C:\ProgramData\Lavasoft
2008-09-16 21:36:27 ----D---- C:\Program Files\Common Files
2008-09-14 09:41:46 ----D---- C:\Program Files\Rising
2008-09-14 09:09:50 ----RSD---- C:\RavBin
2008-09-14 08:05:26 ----D---- C:\Windows\winsxs
2008-09-12 18:53:01 ----A---- C:\Windows\RSBDBACKUP.DLL
2008-09-12 15:36:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-12 14:41:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-11 11:59:39 ----D---- C:\Program Files\Adobe
2008-09-10 12:42:23 ----D---- C:\Windows\AppPatch
2008-09-10 12:41:32 ----D---- C:\Windows\Microsoft.NET
2008-09-10 12:35:23 ----D---- C:\ProgramData\Microsoft Help
2008-09-10 12:29:17 ----RSD---- C:\Windows\assembly
2008-09-10 12:24:51 ----D---- C:\Windows\system32\catroot
2008-09-10 08:33:02 ----D---- C:\Windows\system32\catroot2
2008-09-08 23:27:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 23:27:28 ----D---- C:\Program Files\Scientific Notebook
2008-09-02 22:16:40 ----D---- C:\Program Files\Continuum
2008-08-31 16:45:01 ----D---- C:\Program Files\Messenger Plus! Live
2008-08-27 04:28:12 ----A---- C:\Windows\system32\mrt.exe
2008-08-23 15:24:59 ----D---- C:\Windows\system32\en-US
2008-08-22 23:50:16 ----D---- C:\Windows\PolicyDefinitions
2008-08-13 20:59:37 ----D---- C:\Windows\system32\migration
2008-08-13 20:59:37 ----D---- C:\Program Files\Internet Explorer
2008-08-13 17:57:45 ----D---- C:\Program Files\Windows Mail
2008-07-31 22:21:03 ----D---- C:\Windows\system32\Tasks
2008-07-29 10:32:28 ----D---- C:\Program Files\Counter-Strike 1.6
2008-07-22 08:02:09 ----D---- C:\Windows\Minidump
2008-07-15 10:12:44 ----D---- C:\Program Files\Windows Live Safety Center
2008-07-09 12:09:03 ----ASH---- C:\Program Files\desktop.ini
2008-07-06 09:52:01 ----D---- C:\Users\acer\AppData\Roaming\Macromedia
2008-07-06 09:52:00 ----D---- C:\Windows\system32\Macromed
2008-07-05 16:30:58 ----D---- C:\Program Files\Common Files\Adobe
2008-07-05 16:26:53 ----D---- C:\Users\acer\AppData\Roaming\Adobe
2008-07-05 16:26:22 ----RSD---- C:\Windows\Fonts
2008-07-05 16:26:21 ----D---- C:\ProgramData\Adobe
2008-07-05 16:24:03 ----D---- C:\Users\acer\AppData\Roaming\yahoo!
2008-07-05 16:05:59 ----D---- C:\Program Files\Sony Setup
2008-07-05 16:05:35 ----D---- C:\Program Files\Sony
2008-06-22 22:49:17 ----D---- C:\ProgramData\thunder_vod_cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-08-30 320000]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2006-11-28 40352]
R3 LVUVC;Acer OrbiCam(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2006-11-28 1085216]
R3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-01-12 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys []
S3 agvgj32e;agvgj32e; C:\Windows\system32\drivers\agvgj32e.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 37296]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 16560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-06-08 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
S3 lv321av;Logitech USB PC Camera (VC0321); C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2006-11-02 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-07 34064]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-16 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RsVScanner;Rising Vista Scanner; C:\Program Files\Rising\Rav\scannerd.exe [2007-12-16 174704]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe []
S2 GraviSenseWMIService;GraviSense Service; C:\Acer\GraviSense\GraviSenseSvc.exe []
S2 NtmlSvc;NtmlSvc; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-07 92792]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:24 PM

Posted 21 September 2008 - 10:18 AM

The error notifications are the key to the solution. So if you faced any error please make a note or a screenshot and post it to your reply.
  • If MBAM needed to reboot it means it should have removed something on reboot. So please run MBAM, under logs tab select the first log and press Open. copy/paste the content of it to your reply.

  • Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link 1
    Link 2
    Link 3


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


  • Please download http://OTListIt by OldTimer.
    • Save it to your desktop.
    • Double click on the OTListIt icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please post in your next reply:
  • The first log of MBAM.
  • The Combofix log.
  • OTListIt logs.


#10 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 11:47 AM

Attached is first log of MBAM:

Malwarebytes' Anti-Malware 1.28
Database version: 1184
Windows 6.0.6000

9/21/2008 10:20:45 PM
mbam-log-2008-09-21 (22-20-45).txt

Scan type: Quick Scan
Objects scanned: 46575
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{a8165a92-7c58-4013-8d7c-5d9b365ae3d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6f5d939-6cbf-41e9-8e04-d5541f11c454} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f3ea905-de65-4d00-bc1f-ff3a77f8ca30} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{05326d75-1e70-4199-adbc-c8f8c4072da0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f1769d5d-d05b-444a-adfd-a2c39a14bb9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7f3ea905-de65-4d00-bc1f-ff3a77f8ca30} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{889d2feb-5411-4565-8998-1dd2c5261283} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> Delete on reboot.


Attached is ComboFix log:

ComboFix 08-09-20.05 - acer 2008-09-22 0:23:10.1 - NTFSx86

Running from: C:\Users\acer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\acer\AppData\Roaming\BITS
C:\Users\acer\AppData\Roaming\BITS\BITS.ini
C:\Users\acer\AppData\Roaming\BITS\DHTTable.dat
C:\Windows\RSBDBACKUP.DLL
C:\Windows\search_res.txt
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NtmlSvc


((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\Users\acer\AppData\Roaming\Malwarebytes
2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 22:07 . 2008-09-10 00:08 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-21 22:07 . 2008-09-10 00:08 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-09-21 21:52 . 2008-09-21 21:52 <DIR> d-------- C:\Users\All Users\NortonInstaller
2008-09-21 21:52 . 2008-09-21 21:52 <DIR> d-------- C:\ProgramData\NortonInstaller
2008-09-21 16:39 . 2008-09-21 21:13 <DIR> d-------- C:\Users\All Users\Avanquest Bluetooth SDK
2008-09-21 16:39 . 2008-09-21 21:13 <DIR> d-------- C:\ProgramData\Avanquest Bluetooth SDK
2008-09-21 13:15 . 2008-09-21 13:15 <DIR> d-------- C:\rsit
2008-09-16 21:37 . 2008-09-16 21:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-16 21:36 . 2008-09-16 21:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 13:48 . 2008-09-16 13:48 <DIR> d-------- C:\Program Files\Sygate
2008-09-16 13:47 . 2008-09-16 13:47 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-16 13:47 . 2008-07-19 22:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-16 13:45 . 2008-09-16 13:54 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-16 13:45 . 2008-09-16 13:54 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-16 13:45 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-09-16 11:13 . 2008-09-16 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-14 09:39 . 2008-09-16 13:33 121 --a------ C:\Windows\bdagent.INI
2008-09-14 08:04 . 2008-09-14 08:04 <DIR> d-------- C:\Program Files\BitDefender
2008-09-14 08:03 . 2008-09-14 08:04 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-13 17:54 . 2008-09-13 17:54 <DIR> d-------- C:\Users\acer\.zenmap
2008-09-10 15:53 . 2008-09-10 15:53 <DIR> d-------- C:\Program Files\Brain Workshop
2008-09-10 14:37 . 2008-09-10 14:37 <DIR> d-------- C:\Users\acer\AppData\Roaming\Wireshark
2008-09-10 14:34 . 2008-09-10 14:34 <DIR> d-------- C:\Program Files\WinPcap
2008-09-10 06:38 . 2008-07-31 07:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 06:38 . 2008-07-31 11:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-10 06:38 . 2008-06-26 11:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 06:38 . 2008-07-31 11:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 11:21 . 2008-06-30 23:30 188,547 --a------ C:\wubildr
2008-09-09 11:21 . 2008-06-30 23:30 8,192 --a------ C:\wubildr.mbr
2008-09-09 11:17 . 2008-09-09 15:44 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-09-09 11:16 . 2008-09-09 11:17 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-09 10:55 . 2008-09-09 10:55 <DIR> d-------- C:\Users\acer\AppData\Roaming\DAEMON Tools
2008-09-08 23:22 . 2008-09-08 23:22 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-09-08 23:21 . 2008-07-24 00:50 129,784 --------- C:\Windows\System32\pxafs.dll
2008-08-22 23:49 . 2008-07-19 13:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 23:49 . 2008-07-19 11:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 23:49 . 2008-07-19 13:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 23:49 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 23:49 . 2008-07-19 11:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 23:49 . 2008-07-19 13:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 23:49 . 2008-07-19 13:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 23:49 . 2008-07-19 13:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 23:49 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 13:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-21 13:50 --------- d-----w C:\Users\acer\AppData\Roaming\uTorrent
2008-09-21 13:46 --------- d-----w C:\Program Files\Java
2008-09-19 03:34 --------- d-----w C:\Program Files\DivX
2008-09-19 03:34 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-18 21:26 --------- d-----w C:\ProgramData\thunder_dctemp
2008-09-16 13:47 --------- d-----w C:\ProgramData\Lavasoft
2008-09-14 01:41 --------- d-----w C:\Program Files\Rising
2008-09-12 07:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-12 06:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-10 04:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 02:55 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-09-08 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 15:27 --------- d-----w C:\Program Files\Scientific Notebook
2008-09-02 14:16 --------- d-----w C:\Program Files\Continuum
2008-08-31 08:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 16:48 19,568 ----a-w C:\Windows\system32\drivers\rfwbase.sys
2008-08-13 09:57 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-29 02:32 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-07-09 04:09 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-23 17:09 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-23 17:09 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-23 17:09 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-07-22 08:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007072220070723\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1???r"="" [?]
"1??????I3?"="" [?]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]
"GraviSense"="C:\Acer\GraviSense\Gravi_Sense.exe" [2007-12-22 11907072]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 483328]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2006-12-05 1261568]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-21 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-07 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D96BF27-56BD-4876-BE4E-5FFD2D3E3E78}"= UDP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{0B398DFC-E141-4599-BBE4-B0D46335CC41}"= TCP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{E7E508B3-1660-48F7-B701-8C53B79D8A69}"= UDP:C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe:OLRSubmission
"{12D45452-E9E6-41C4-8BDD-3344FA4A6E8A}"= TCP:C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe:OLRSubmission
"{9805ACA0-4E47-4E4C-9078-2FB956AE12BF}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{0D169467-3E77-44E9-AB59-D68D85A6F94C}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{1D3391CC-8234-4164-BEAB-B26B64F53B8D}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{A6D2559C-F71C-4AC6-913C-D7BE684D4D8A}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{0DFF45FA-2C15-4F13-92EA-26E84D021F83}"= UDP:2967:Symantec Port
"{7BCEAC8F-692C-42BE-B2F9-2E3713433FFF}"= UDP:2967:Symantec Port
"{766156BE-E6BF-4789-A8B6-B549534B7ADB}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A57F1CAF-767B-436F-8CEF-A1A54F5180CD}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{238700AA-6A78-454C-8154-4F99095F5C12}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{379C02F9-066A-4508-BC6B-B015F0FB9E07}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CBB06F1B-A33F-4991-BDE6-8FCC40E6A2C3}"= UDP:C:\Program Files\uTorrent\utorrent.exe:μTorrent
"{340B7D39-C32B-4D28-8482-09C618A41B37}"= TCP:C:\Program Files\uTorrent\utorrent.exe:μTorrent
"TCP Query User{CA46129C-A06E-4E39-BA85-D5435AE5B922}C:\\program files\\wizet\\maplestory\\maplestory.exe"= UDP:C:\program files\wizet\maplestory\maplestory.exe:MapleStory
"UDP Query User{CF6667F1-8588-44B1-8D69-F4F350D3D282}C:\\program files\\wizet\\maplestory\\maplestory.exe"= TCP:C:\program files\wizet\maplestory\maplestory.exe:MapleStory
"TCP Query User{CEA169F0-530F-4881-878A-5FC223498CC7}D:\\warcraft 3\\war3.exe"= UDP:D:\warcraft 3\war3.exe:war3
"UDP Query User{EB2B9D91-FA6D-43FA-AF95-B928EAF73E9D}D:\\warcraft 3\\war3.exe"= TCP:D:\warcraft 3\war3.exe:war3
"TCP Query User{2F3A03C4-4594-44ED-888D-A595DF295624}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{57CFEC49-86F0-4895-83DC-7867A2DEF95B}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{3EB11094-A35C-41C1-ABA1-F228312863DC}D:\\warcraft 3\\war3.exe"= UDP:D:\warcraft 3\war3.exe:Warcraft III
"UDP Query User{009AFAE7-2569-40E2-8472-47F8D44ABA19}D:\\warcraft 3\\war3.exe"= TCP:D:\warcraft 3\war3.exe:Warcraft III
"TCP Query User{6AC24625-FCF1-4530-BB44-ACBDF4DDD4C7}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{669C05BD-EEED-4429-B592-4DECFCB7DA21}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent
"TCP Query User{74B41694-C300-4987-95BB-D26EA2BC562C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BA4C1E23-F5E8-4CDA-B8C1-3B53141FA725}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3BE71AFE-701A-4A7C-A1C8-5C7740A3F6BF}D:\\cs 1.6\\hl.exe"= UDP:D:\cs 1.6\hl.exe:Half-Life Launcher
"UDP Query User{70890154-BBB2-406F-B270-599B3910B841}D:\\cs 1.6\\hl.exe"= TCP:D:\cs 1.6\hl.exe:Half-Life Launcher
"{45EF9D64-28CB-455F-893E-10B27F64536B}"= UDP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
"{CD56A294-B730-4DB6-8AB2-2638257A3C83}"= TCP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
"{88B4AC4E-B68B-438B-9D34-23F213722D53}"= UDP:D:\CS 1.6\hl.exe:hl
"{4BD1BA7D-B531-45DC-B2E6-3B5E8DDB012A}"= TCP:D:\CS 1.6\hl.exe:hl
"TCP Query User{4EE80FA3-8325-41B1-8C81-8B31D0460156}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{3C3E4295-7D16-4FF5-96D4-5335C04743C7}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{90FA323A-7E39-4FA1-BCA1-18A1484AB303}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{AA67D61A-9A80-49C4-BB68-2CF31977AB98}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{BC775EE2-A566-4B12-9F8D-6485DF66A4D1}C:\\users\\acer\\desktop\\lancraft_1.01b.exe"= UDP:C:\users\acer\desktop\lancraft_1.01b.exe:lancraft_1.01b.exe
"UDP Query User{6592C9E2-8646-4AE1-A05A-00111766E941}C:\\users\\acer\\desktop\\lancraft_1.01b.exe"= TCP:C:\users\acer\desktop\lancraft_1.01b.exe:lancraft_1.01b.exe
"TCP Query User{64022011-A3BC-4362-8591-3D8FBCD15641}C:\\users\\acer\\desktop\\lancraft.exe"= UDP:C:\users\acer\desktop\lancraft.exe:lancraft.exe
"UDP Query User{4FE5DEA2-5C87-4A93-AF9D-797B7887497E}C:\\users\\acer\\desktop\\lancraft.exe"= TCP:C:\users\acer\desktop\lancraft.exe:lancraft.exe
"TCP Query User{A8387283-98A5-425D-B16B-7EF247276136}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= UDP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"UDP Query User{35F219CB-3D71-4E23-AA00-10F172DAAEB5}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= TCP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"TCP Query User{BCF3241F-1B44-4E85-8A16-5EB3CDB13CB8}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= UDP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"UDP Query User{CEBCA94C-5D81-4F76-9C86-782767BCFF44}C:\\program files\\littlefighter2\\lf2_v1.9c\\lf2.exe"= TCP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2
"TCP Query User{19969E0E-2B3E-4251-B823-A1177615ACAD}C:\\users\\acer\\desktop\\lancraft.exe"= UDP:C:\users\acer\desktop\lancraft.exe:lancraft.exe
"UDP Query User{F3342232-D727-4923-AD59-B4965B247FAB}C:\\users\\acer\\desktop\\lancraft.exe"= TCP:C:\users\acer\desktop\lancraft.exe:lancraft.exe
"TCP Query User{E85D85C9-CD16-43AC-8325-BA6CF19A3F32}C:\\program files\\zincplay\\zion\\mirc.exe"= UDP:C:\program files\zincplay\zion\mirc.exe:mIRC
"UDP Query User{48120509-7417-49E9-8DEC-AE072C695BF7}C:\\program files\\zincplay\\zion\\mirc.exe"= TCP:C:\program files\zincplay\zion\mirc.exe:mIRC
"TCP Query User{69956F91-2B62-4C0B-BD24-551C9B8F86C0}C:\\program files\\ppstream\\ppstream.exe"= UDP:C:\program files\ppstream\ppstream.exe:PPS网络电视
"UDP Query User{8115394A-4B64-4289-BFAE-346CAEF5EA11}C:\\program files\\ppstream\\ppstream.exe"= TCP:C:\program files\ppstream\ppstream.exe:PPS网络电视
"TCP Query User{CB2A076B-9AB7-441A-A950-4E1102AEDA4C}C:\\flashget network\\flashget\\flashget.exe"= UDP:C:\flashget network\flashget\flashget.exe:flashget
"UDP Query User{38B49C45-43DD-4BF0-93E3-774AAE10CBAA}C:\\flashget network\\flashget\\flashget.exe"= TCP:C:\flashget network\flashget\flashget.exe:flashget
"{F4375A00-912E-426A-B0A4-8A7D1E21068B}"= Disabled:UDP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"{AB318110-72D0-4773-AB26-5BC0B243032A}"= Disabled:TCP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"TCP Query User{3EBF4DA1-B3F2-48A2-AEB5-2D12D1D1269F}C:\\program files\\thunder network\\thunder\\program\\thunder5.exe"= UDP:C:\program files\thunder network\thunder\program\thunder5.exe:Thunder
"UDP Query User{240DD145-7BAF-495B-9236-5FDE2F318B72}C:\\program files\\thunder network\\thunder\\program\\thunder5.exe"= TCP:C:\program files\thunder network\thunder\program\thunder5.exe:Thunder
"{B0B7B821-8A6E-41C3-A9CE-50C183FF2DE0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{7393124B-D056-4C4B-8B1B-530BD00F0FC0}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{6DB2C4F1-58A7-4AF8-AA18-AD3632C87825}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{EB372888-56F0-4AE4-994C-2F027D84275F}C:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{2C9BB41E-E3CB-4D99-B3E7-DE6F36FE5BE0}C:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{B1EAC744-17CD-4D63-BDE0-B9C1E14CC866}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"UDP Query User{B2FDBB0A-BC1A-400C-89C6-71244C6E7CB4}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher
"TCP Query User{B6716D8A-1014-4C2F-93C4-17931F4A1427}C:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"UDP Query User{1FDE4D6D-A910-47FA-8E04-FC71659AA425}C:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:C:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher
"TCP Query User{FFE883D2-9800-4BE0-9101-5B0CD66429CF}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena
"UDP Query User{B1BF163E-C969-4A77-B25C-A8C8791CBCED}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena
"TCP Query User{140247D7-17B1-44C6-B349-63DBA6914BA7}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena
"UDP Query User{21DC700A-2660-4516-AA75-BEDDF1E6E38D}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena
"TCP Query User{B0D2CE96-DF9E-4810-B65B-3AA1CAF10418}C:\\program files\\counter-strike source\\hl2.exe"= UDP:C:\program files\counter-strike source\hl2.exe:hl2
"UDP Query User{2372FE0F-5533-4095-9DFC-4F013F9E9DCA}C:\\program files\\counter-strike source\\hl2.exe"= TCP:C:\program files\counter-strike source\hl2.exe:hl2
"{67E5E81E-50C0-40E0-A2E5-D6975717539E}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{FCFB27CC-2A2C-436E-85B0-18D65E684FFE}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{D1E8BD24-87D6-4288-A980-49B6060BC8E5}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{12133A99-4CF9-481A-88B5-3FFBD8457A21}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"{2522579A-5500-4D96-B816-FDE8B1668D4D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:μTorrent (TCP-In)
"{AE878BA8-6D72-4B20-B082-42F2A3A7CA58}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:μTorrent (UDP-In)
"{0FCF4089-E7E6-4223-A116-0079A90DC3B6}"= UDP:C:\Users\acer\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe:Norton Removal Tool
"{9307E305-E568-468E-9ADB-B212356F1DC5}"= TCP:C:\Users\acer\AppData\Local\Temp\WZSE1.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???μ?
"C:\\Program Files\\PPStream\\PPSAP.exe"= C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????
"C:\\FlashGet Network\\Flashget\\FlashGet.exe"= C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"C:\\FlashGet Network\\Flashget\\LiveUpdate.exe"= C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"= C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R0 gsensor;Acer gsensor Driver;C:\Windows\system32\drivers\gsensor.sys [2006-12-05 23848]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 RsVScanner;Rising Vista Scanner;C:\Program Files\Rising\Rav\scannerd.exe [2007-12-16 174704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S2 GraviSenseWMIService;GraviSense Service;C:\Acer\GraviSense\GraviSenseSvc.exe [ ]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 37296]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 78128]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 80688]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 16560]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-07 34064]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9dcbae-f25f-11db-abf4-000000000000}]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6813f293-a39e-11dc-b3e6-000000000000}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ie.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a300a6-f230-11db-b4c6-000000000000}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe
HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.np.edu.sg/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://en.us.acer.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 -: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: 1???????
O8 -: 1????????2?′?
O8 -: 1??????? - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 -: 1????????2?′? - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 -: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 -: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 -: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 -: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 -: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 -: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe -

O16 -: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://npsdmail3.np.edu.sg/dwa7W.cab
C:\Windows\Downloaded Program Files\dwa7W.inf
C:\Windows\System32\msvcrt.dll
C:\Windows\Downloaded Program Files\dwa7W.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:29:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\acer\AppData\Local\Temp\WERD4BB.tmp.version.txt

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\System32\igfxsrvc.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Windows\System32\igfxext.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-09-22 0:35:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 16:35:00

Pre-Run: 26,307,125,248 bytes free
Post-Run: 26,100,232,192 bytes free

334 --- E O F --- 2008-09-19 08:26:47

#11 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 11:49 AM

This is OTListIt.Txt:

OTListIt logfile created on: 9/22/2008 12:38:24 AM - Run 1
OTListIt by OldTimer - Version 1.0.4.1 Folder = C:\Users\acer\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.94% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.20% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63.98 Gb Total Space | 24.35 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 31.32 Gb Free Space | 78.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON
Current User Name: acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Process Files Modified Within 30 Days ==========

[2008/09/16 21:37:37 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/11/24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
[2006/11/13 00:13:10 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
[2008/09/22 00:37:50 | 00,414,208 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTListIt.exe

========== (O23) Win32 Service Files Modified Within 30 Days ==========

[2008/09/16 21:37:37 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
File not found -- %SystemRoot%\system32\svchost.exe -- (CertPropSvc [Unknown | Stopped])
File not found -- %SystemRoot%\system32\svchost.exe -- (DcomLaunch [Unknown | Running])
File not found -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Stopped])
[2006/11/13 00:13:10 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Running])
File not found -- C:\Acer\GraviSense\GraviSenseSvc.exe -- (GraviSenseWMIService [Auto | Stopped])
File not found -- %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006/11/24 12:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
File not found -- %SystemRoot%\System32\svchost.exe -- (Schedule [Unknown | Running])
File not found -- %SystemRoot%\system32\svchost.exe -- (SCPolicySvc [Unknown | Stopped])
File not found -- %SystemRoot%\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
File not found -- %SystemRoot%\System32\svchost.exe -- (WdiServiceHost [Unknown | Stopped])
File not found -- %SystemRoot%\System32\svchost.exe -- (WdiSystemHost [Unknown | Running])

========== Driver Service Files Modified Within 30 Days ==========

File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Running])
File not found -- -- (CLFS [Unknown | Running])
[2006/11/13 16:10:32 | 00,069,632 | ---- | M] () -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
File not found -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
File not found -- C:\Program Files\WIZET\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Stopped])
File not found -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
File not found -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
[2008/09/09 10:55:57 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
File not found -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
File not found -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Stopped])
File not found -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
File not found -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.np.edu.sg/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.np.edu.sg/
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
HKU\S-1-5-21-1696919169-21099845-3624242855-1000\S-1-5-21-1696919169-21099845-3624242855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\..\Toolbar: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide ()
O4 - HKLM..\Run: [GraviSense] C:\Acer\GraviSense\Gravi_Sense.exe ()
O4 - HKCU..\Run: [ͮ?I] File not found
O4 - HKCU..\Run: [ͮr] File not found
O4 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000..\Run: [ͮ?I] File not found
O4 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000..\Run: [ͮr] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0



O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 1??????? - Reg Error: Value does not exist or could not be read.
O8 - Extra context menu item: 1????????2?′? - Reg Error: Value does not exist or could not be read.
O8 - Extra context menu item: ʹѸ - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ʹѸȫ - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Sites: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1696919169-21099845-3624242855-1000\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-sg.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://npsdmail3.np.edu.sg/dwa7W.cab (Domino Web Access 7 Control)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/19 05:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9dcbae-f25f-11db-abf4-000000000000}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9dcbae-f25f-11db-abf4-000000000000}\Shell\AutoRun\command]
"" = E:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a300a6-f230-11db-b4c6-000000000000}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0a300a6-f230-11db-b4c6-000000000000}\Shell\AutoRun\command]
"" = F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2008/09/22 00:37:50 | 00,414,208 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTListIt.exe
[2008/09/22 00:22:22 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\swxcacls.exe
[2008/09/22 00:22:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\swreg.exe
[2008/09/22 00:22:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2008/09/22 00:22:22 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2008/09/22 00:22:22 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2008/09/22 00:22:22 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2008/09/22 00:22:22 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2008/09/22 00:22:22 | 00,049,152 | ---- | C] () -- C:\Windows\VFind.exe
[2008/09/22 00:22:22 | 00,028,672 | ---- | C] (NirSoft) -- C:\Windows\Nircmd.exe
[2008/09/22 00:05:05 | 02,854,922 | R--- | C] () -- C:\Users\acer\Desktop\ComboFix.exe
[2008/09/21 22:07:51 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/21 22:07:50 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/09/21 22:07:50 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/09/21 22:02:03 | 00,245,902 | ---- | C] () -- C:\Users\acer\Desktop\daft.exe
[2008/09/21 13:15:09 | 00,305,323 | ---- | C] () -- C:\Users\acer\Desktop\RSIT.exe
[2008/09/20 17:47:36 | 00,016,974 | ---- | C] () -- C:\Users\acer\Desktop\UFC.Ultimate.Fight.Night.09.17.08.HDTV.XviD-aAF_[mininova].torrent
[2008/09/16 21:37:06 | 00,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/09/16 21:37:06 | 00,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/09/16 13:47:41 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2008/09/16 13:47:40 | 00,042,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2008/09/16 13:47:40 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2008/09/16 13:47:37 | 00,094,392 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2008/09/16 13:47:36 | 00,078,416 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2008/09/16 13:47:36 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2008/09/16 13:47:22 | 01,163,960 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2008/09/16 13:47:22 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2008/09/16 13:47:22 | 00,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2008/09/16 13:45:07 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2008/09/16 13:45:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2008/09/16 11:13:01 | 00,001,878 | ---- | C] () -- C:\Users\acer\Desktop\HijackThis.lnk
[2008/09/14 09:39:42 | 00,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/09/12 14:38:00 | 00,001,059 | ---- | C] () -- C:\Users\acer\Desktop\Spybot - Search & Destroy.lnk
[2008/09/10 15:53:32 | 00,000,811 | ---- | C] () -- C:\Users\acer\Desktop\Brain Workshop.lnk
[2008/09/10 09:42:39 | 02,253,090 | -H-- | C] () -- C:\Users\acer\AppData\Local\IconCache.db
[2008/09/10 09:41:01 | 21,371,20768 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/10 06:38:06 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/09/10 06:38:06 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2008/09/10 06:38:06 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/09/10 06:38:03 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/09/09 11:21:41 | 00,188,547 | ---- | C] () -- C:\wubildr
[2008/09/09 11:21:41 | 00,008,192 | ---- | C] () -- C:\wubildr.mbr
[2008/09/02 22:16:40 | 00,000,766 | ---- | C] () -- C:\Users\acer\Desktop\Continuum.lnk


========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2008/09/22 00:37:50 | 00,414,208 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTListIt.exe
[2008/09/22 00:36:01 | 00,000,509 | ---- | M] () -- C:\Users\acer\Documents\My Sharing Folders.lnk
[2008/09/22 00:29:23 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2008/09/22 00:29:09 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2008/09/22 00:29:03 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/09/22 00:29:01 | 00,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/09/22 00:29:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/09/22 00:28:47 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2008/09/22 00:28:41 | 21,371,20768 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/22 00:27:42 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/09/22 00:05:11 | 02,854,922 | R--- | M] () -- C:\Users\acer\Desktop\ComboFix.exe
[2008/09/21 22:23:32 | 02,253,090 | -H-- | M] () -- C:\Users\acer\AppData\Local\IconCache.db
[2008/09/21 22:07:51 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/21 22:02:04 | 00,245,902 | ---- | M] () -- C:\Users\acer\Desktop\daft.exe
[2008/09/21 17:04:35 | 00,777,680 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/09/21 17:04:35 | 00,654,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/09/21 17:04:35 | 00,118,422 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/09/21 13:15:13 | 00,305,323 | ---- | M] () -- C:\Users\acer\Desktop\RSIT.exe
[2008/09/20 17:47:37 | 00,016,974 | ---- | M] () -- C:\Users\acer\Desktop\UFC.Ultimate.Fight.Night.09.17.08.HDTV.XviD-aAF_[mininova].torrent
[2008/09/19 02:03:05 | 00,112,128 | ---- | M] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/19 02:02:55 | 00,003,144 | ---- | M] () -- C:\Windows\System32\cid_store.dat
[2008/09/16 21:37:06 | 00,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2008/09/16 21:37:06 | 00,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2008/09/16 13:47:41 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2008/09/16 13:47:38 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2008/09/16 13:33:10 | 00,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2008/09/16 11:13:01 | 00,001,878 | ---- | M] () -- C:\Users\acer\Desktop\HijackThis.lnk
[2008/09/12 14:42:09 | 00,264,718 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20080918-202527.backup
[2008/09/12 14:38:00 | 00,001,059 | ---- | M] () -- C:\Users\acer\Desktop\Spybot - Search & Destroy.lnk
[2008/09/10 15:53:32 | 00,000,811 | ---- | M] () -- C:\Users\acer\Desktop\Brain Workshop.lnk
[2008/09/10 00:08:38 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:08:32 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/09/09 10:55:57 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/07 21:24:54 | 00,264,316 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20080912-144206.backup
[2008/09/07 17:46:13 | 00,000,756 | ---- | M] () -- C:\Users\acer\Desktop\Torrent.lnk
[2008/09/02 22:16:40 | 00,000,766 | ---- | M] () -- C:\Users\acer\Desktop\Continuum.lnk
[2008/08/30 00:48:22 | 00,019,568 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\drivers\rfwbase.sys
[2008/08/29 17:36:12 | 00,263,502 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20080907-212451.backup
[2008/08/27 04:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

< End of report >


This is Extras.Txt:

OTListIt Extras logfile created on: 9/22/2008 12:38:24 AM - Run acer
OTListIt by OldTimer - Version 1.0.4.1 Folder = C:\Users\acer\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.94% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.20% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63.98 Gb Total Space | 24.35 Gb Free Space | 38.06% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 31.32 Gb Free Space | 78.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AARON
Current User Name: acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????
File not found -- C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2
File not found -- C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate
File not found -- C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEBCBBF8-25D5-48D1-9D2E-D162C6B1BBF7}" = Acer GraviSense
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast!" = avast! Antivirus
"Brain Workshop_is1" = Brain Workshop 3.1
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Continuum_is1" = Continuum 0.40
"Counter-Strike 1.6_is1" = Counter-Strike 1.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.0 Full
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"MP3Editor_is1" = iXchange MP3 Editor 3.3.5
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Macromedia Flash Player 8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thunder_is1" = Ѹ5
"Update Service" = Update Service
"uTorrent" = Torrent
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wubi" = Ubuntu
"XviD" = XviD MPEG-4 Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = Torrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1696919169-21099845-3624242855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = Torrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/18/2008 8:18:17 AM | Computer Name = aaron | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Lavasoft\MiniMessage\2 failed, 00000005.

[ Application Events ]
Error - 9/21/2008 9:44:37 AM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 9:45:00 AM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 9:45:14 AM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 9:45:50 AM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 9:46:00 AM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 9:56:49 AM | Computer Name = aaron | Source = Application Error | ID = 1000
Description = Faulting application OrbiCam.exe, version 10.4.0.1317, time stamp
0x45625a23, faulting module OrbiCam.exe, version 10.4.0.1317, time stamp 0x45625a23,
exception code 0xc00000fd, fault offset 0x0000f602, process id 0x424, application
start time 0x01c91bf1e195deec.

Error - 9/21/2008 10:25:14 AM | Computer Name = aaron | Source = Application Error | ID = 1000
Description = Faulting application OrbiCam.exe, version 10.4.0.1317, time stamp
0x45625a23, faulting module OrbiCam.exe, version 10.4.0.1317, time stamp 0x45625a23,
exception code 0xc00000fd, fault offset 0x0000f602, process id 0x560, application
start time 0x01c91bf5d9bca2f0.

Error - 9/21/2008 12:22:50 PM | Computer Name = aaron | Source = System Restore | ID = 8193
Description =

Error - 9/21/2008 12:27:34 PM | Computer Name = aaron | Source = Application Error | ID = 1000
Description = Faulting application winlogon.exe, version 6.0.6000.16386, time stamp
0x4549aff7, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000008, fault offset 0x000768b0, process id 0x298, application
start time 0x01c91bf5cd28f6a0.

Error - 9/21/2008 12:29:18 PM | Computer Name = aaron | Source = Application Error | ID = 1000
Description = Faulting application OrbiCam.exe, version 10.4.0.1317, time stamp
0x45625a23, faulting module OrbiCam.exe, version 10.4.0.1317, time stamp 0x45625a23,
exception code 0xc00000fd, fault offset 0x0000f602, process id 0x8fc, application
start time 0x01c91c073198e29b.

[ OSession Events ]
Error - 7/29/2007 2:29:16 AM | Computer Name = s10048844 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1067
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/21/2008 11:20:17 AM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 11:32:20 AM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 11:44:20 AM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 11:56:23 AM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 12:08:24 PM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 12:20:25 PM | Computer Name = aaron | Source = bowser | ID = 8003
Description =

Error - 9/21/2008 12:29:35 PM | Computer Name = aaron | Source = Service Control Manager | ID = 7023
Description =

Error - 9/21/2008 12:29:35 PM | Computer Name = aaron | Source = Service Control Manager | ID = 7000
Description =

Error - 9/21/2008 12:29:35 PM | Computer Name = aaron | Source = Service Control Manager | ID = 7000
Description =

Error - 9/21/2008 12:32:26 PM | Computer Name = aaron | Source = bowser | ID = 8003
Description =


< End of report >

#12 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 11:53 AM

The error i got the first MBAM scan, was this showing up,

"An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team.

Error code: 731 (0,6)"

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:24 PM

Posted 21 September 2008 - 02:14 PM

Thanks for reporting the error.

Please have your external drive ready to be disinfected. Even if it is not infected it does no harm to use flash_Disinfector on it.
  • You have installed a file sharing program from Thunder Nerwork. We want to uninstall it now and see if it affects the system. When we are done it is up to you to install it again. Please go to Add/Remove programs and uninstall the program in bold. Since the scanners don't read Unicode we see a weird name on the log but you would be able to see the letters. It is the one located beteen MSXML 4.0 and NTI Backup Now! 4.7, it's name probably starts with N.

    From the program list:
    ....
    MSXML 4.0 SP2 (KB941833)
    Ѹ5 <------------ Uninstall this program.
    NTI Backup NOW! 4.7
    .......

    Also remove this folder:
    C:\Program Files\Thunder Network\Thunder <------- this folder

  • You have a couple of errors related to Acer OrbiCam Application. It runs Webcam software found on Acer laptops. In case you get one of those errors again try to uninstall the application. Reboot and then install it again.

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6813f293-a39e-11dc-b3e6-000000000000}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84f07732-f9ef-11db-9175-000000000000}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Download FileFind.zip and unzip to your desktop.
    • Double-click FindFile.exe
    • In the box labeled "Enter the directory to search" enter the Drive: C:\
    • In the box labeled "Enter the File to Search" enter:
      ie.vbs
    • Click "Find" to begin the search.
    • When the search is done, it will list the total number of files found.
    • Double-click on "Export"
    • This will create and save a text file named export.txt in the root of your C:\ directory.
    • Locate export.txt and copy/paste its contents in your next post.
    • Please repeat the procedure this time enter: infrom.exe
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log). Tell me also how is your computer running.
Please post in your next reply:
  • The findings of FileFind.
  • The RSIT log.
  • Tell me how is your computer running.


#14 mokseng

mokseng
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 21 September 2008 - 11:25 PM

There is 1 .dll file i couldn't delete successfully from the Thunder folder. It is TDAtOnce_OLD_0.dll found in the subfolder, Comdlls. It says i "need permission to perform this action".

Secondly, I cannot run Flash Disinfector. I double-clicked on it, clicked Run, and nothing came up. Tried to reboot and did it again, but nothing happens.

FileFind couldn't find any files with those 2 searches. Hence, export.txt is empty.

Now, when I startup the system, there is no more prompt for the Acer Orbicam, as I have already uninstalled Acer Orbicam. However, the other problem still exists, that is, the popup that prompts me to run "igfxpers.exe". Hope i can remove that final one. :thumbsup:

Lastly, here's my RSIT log for 2-months:

Logfile of random's system information tool 1.02 (written by random/random)
Run by acer at 2008-09-22 12:20:09
Microsoft? Windows Vista? Business
System drive C: has 25 GB (39%) free of 66 GB
Total RAM: 2038 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:21 PM, on 9/22/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Users\acer\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\acer.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\Gravi_Sense.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-sg.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://npsdmail3.np.edu.sg/dwa7W.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Unknown owner - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (file missing)
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GraviSense Service (GraviSenseWMIService) - Unknown owner - C:\Acer\GraviSense\GraviSenseSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\scannerd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8116 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-21 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-27 815104]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-14 52832]
"GraviSense"=C:\Acer\GraviSense\Gravi_Sense.exe [2007-12-22 11907072]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-12-07 483328]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2006-12-05 1261568]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-28 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-28 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-21 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"1???r"=C:\Windows\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-28 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS???μ?"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ??????"
"C:\FlashGet Network\Flashget\FlashGet.exe"="C:\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:Flashget2"
"C:\FlashGet Network\Flashget\LiveUpdate.exe"="C:\FlashGet Network\Flashget\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\FlashGet Network\Flashget\LiveUpdateEx.exe"="C:\FlashGet Network\Flashget\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d9dcbae-f25f-11db-abf4-000000000000}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a300a6-f230-11db-b4c6-000000000000}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2008-09-22 12:17:14 ----A---- C:\Export.txt
2008-09-22 11:49:12 ----SHD---- C:\Config.Msi
2008-09-22 00:35:18 ----A---- C:\ComboFix.txt
2008-09-22 00:22:50 ----D---- C:\Windows\erdnt
2008-09-22 00:22:29 ----D---- C:\QooBox
2008-09-22 00:22:22 ----A---- C:\Windows\zip.exe
2008-09-22 00:22:22 ----A---- C:\Windows\VFind.exe
2008-09-22 00:22:22 ----A---- C:\Windows\swxcacls.exe
2008-09-22 00:22:22 ----A---- C:\Windows\SWSC.exe
2008-09-22 00:22:22 ----A---- C:\Windows\swreg.exe
2008-09-22 00:22:22 ----A---- C:\Windows\sed.exe
2008-09-22 00:22:22 ----A---- C:\Windows\Nircmd.exe
2008-09-22 00:22:22 ----A---- C:\Windows\grep.exe
2008-09-22 00:22:22 ----A---- C:\Windows\fdsv.exe
2008-09-22 00:22:15 ----D---- C:\ComboFix
2008-09-21 22:07:52 ----D---- C:\Users\acer\AppData\Roaming\Malwarebytes
2008-09-21 22:07:48 ----D---- C:\ProgramData\Malwarebytes
2008-09-21 22:07:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 21:52:12 ----D---- C:\ProgramData\NortonInstaller
2008-09-21 16:39:52 ----D---- C:\ProgramData\Avanquest Bluetooth SDK
2008-09-21 13:15:35 ----D---- C:\rsit
2008-09-16 21:37:03 ----D---- C:\Program Files\Lavasoft
2008-09-16 21:36:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-16 13:48:20 ----D---- C:\Program Files\Sygate
2008-09-16 13:47:22 ----A---- C:\Windows\system32\aswBoot.exe
2008-09-16 13:47:18 ----D---- C:\Program Files\Alwil Software
2008-09-16 13:45:14 ----AD---- C:\ProgramData\TEMP
2008-09-16 13:45:07 ----A---- C:\Windows\system32\STKIT432.DLL
2008-09-16 13:45:07 ----A---- C:\Windows\system32\msxml.dll
2008-09-16 11:13:00 ----D---- C:\Program Files\Trend Micro
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaws.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\javaw.exe
2008-09-16 10:33:54 ----A---- C:\Windows\system32\java.exe
2008-09-14 09:39:42 ----A---- C:\Windows\bdagent.INI
2008-09-14 08:04:35 ----D---- C:\Program Files\BitDefender
2008-09-14 08:03:28 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-10 15:53:26 ----D---- C:\Program Files\Brain Workshop
2008-09-10 14:37:18 ----D---- C:\Users\acer\AppData\Roaming\Wireshark
2008-09-10 14:34:40 ----D---- C:\Program Files\WinPcap
2008-09-10 09:39:20 ----A---- C:\Windows\ntbtlog.txt
2008-09-10 06:38:06 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\gameux.dll
2008-09-10 06:38:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 06:38:03 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 11:17:02 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-09-09 11:16:34 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-09 10:55:57 ----D---- C:\Users\acer\AppData\Roaming\DAEMON Tools
2008-09-08 23:22:57 ----D---- C:\Program Files\Common Files\NSV
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxinsa64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxhpinst.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxcpya64.exe
2008-09-08 23:21:06 ----N---- C:\Windows\system32\pxafs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\vxblock.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxsfs.dll
2008-09-08 23:21:05 ----N---- C:\Windows\system32\pxdrv.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxwave.dll
2008-09-08 23:21:03 ----N---- C:\Windows\system32\pxmas.dll
2008-09-08 23:21:02 ----N---- C:\Windows\system32\px.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 23:49:39 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 23:49:38 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wups.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 23:49:21 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 23:49:15 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 17:59:18 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\winipsec.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\polstore.dll
2008-08-13 13:09:28 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 13:09:28 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 13:09:25 ----A---- C:\Windows\system32\es.dll
2008-08-13 13:09:21 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 13:09:19 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 13:09:19 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 13:09:18 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 13:09:18 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ieui.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\iernonce.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-13 13:09:17 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-13 13:09:17 ----A---- C:\Windows\system32\advpack.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-13 13:09:16 ----A---- C:\Windows\system32\iesetup.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\icardie.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-13 13:09:16 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-13 13:08:47 ----A---- C:\Windows\system32\INETRES.dll
2008-08-13 13:08:47 ----A---- C:\Windows\system32\inetcomm.dll
2008-07-25 16:34:30 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe

======List of files/folders modified in the last 2 months======

2008-09-22 12:20:12 ----D---- C:\Windows\Temp
2008-09-22 11:50:17 ----D---- C:\Windows\Prefetch
2008-09-22 11:49:16 ----SHD---- C:\Windows\Installer
2008-09-22 00:35:21 ----D---- C:\Windows\System32
2008-09-22 00:35:20 ----D---- C:\Windows\system32\drivers
2008-09-22 00:35:19 ----D---- C:\Windows
2008-09-22 00:29:23 ----A---- C:\Windows\system.ini
2008-09-22 00:27:06 ----SHD---- C:\Boot
2008-09-22 00:27:06 ----D---- C:\Windows\system32\config
2008-09-22 00:25:22 ----D---- C:\Windows\AppPatch
2008-09-22 00:25:22 ----D---- C:\Program Files\Common Files
2008-09-22 00:22:15 ----D---- C:\Windows\system32\en-US
2008-09-21 22:07:48 ----RD---- C:\Program Files
2008-09-21 22:07:48 ----HD---- C:\ProgramData
2008-09-21 21:54:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-21 21:50:26 ----D---- C:\Users\acer\AppData\Roaming\uTorrent
2008-09-21 21:46:14 ----D---- C:\Program Files\Java
2008-09-21 17:04:35 ----D---- C:\Windows\inf
2008-09-21 17:04:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-19 11:34:49 ----D---- C:\Program Files\DivX
2008-09-19 11:34:40 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-09-19 05:26:49 ----D---- C:\ProgramData\thunder_dctemp
2008-09-16 21:47:43 ----D---- C:\ProgramData\Lavasoft
2008-09-14 09:41:46 ----D---- C:\Program Files\Rising
2008-09-14 09:09:50 ----RSD---- C:\RavBin
2008-09-14 08:05:26 ----D---- C:\Windows\winsxs
2008-09-12 15:36:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-09-12 14:41:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-11 11:59:39 ----D---- C:\Program Files\Adobe
2008-09-10 12:41:32 ----D---- C:\Windows\Microsoft.NET
2008-09-10 12:35:23 ----D---- C:\ProgramData\Microsoft Help
2008-09-10 12:29:17 ----RSD---- C:\Windows\assembly
2008-09-10 12:24:51 ----D---- C:\Windows\system32\catroot
2008-09-10 08:33:02 ----D---- C:\Windows\system32\catroot2
2008-09-08 23:27:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 23:27:28 ----D---- C:\Program Files\Scientific Notebook
2008-09-02 22:16:40 ----D---- C:\Program Files\Continuum
2008-08-31 16:45:01 ----D---- C:\Program Files\Messenger Plus! Live
2008-08-27 04:28:12 ----A---- C:\Windows\system32\mrt.exe
2008-08-22 23:50:16 ----D---- C:\Windows\PolicyDefinitions
2008-08-13 20:59:37 ----D---- C:\Windows\system32\migration
2008-08-13 20:59:37 ----D---- C:\Program Files\Internet Explorer
2008-08-13 17:57:45 ----D---- C:\Program Files\Windows Mail
2008-07-31 22:21:03 ----D---- C:\Windows\system32\Tasks
2008-07-29 10:32:28 ----D---- C:\Program Files\Counter-Strike 1.6

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-08-30 320000]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2006-11-28 40352]
R3 LVUVC;Acer OrbiCam(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2006-11-28 1085216]
R3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2006-11-02 30720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-01-12 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-27 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]
S2 npkcrypt;npkcrypt; \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys []
S3 a12as87v;a12as87v; C:\Windows\system32\drivers\a12as87v.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2006-10-13 37296]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-12-05 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-12-05 80688]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-12-05 16560]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-06-08 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-28 1476096]
S3 lv321av;Logitech USB PC Camera (VC0321); C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2006-11-02 24064]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-07 34064]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-16 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-20 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RsVScanner;Rising Vista Scanner; C:\Program Files\Rising\Rav\scannerd.exe [2007-12-16 174704]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe []
S2 GraviSenseWMIService;GraviSense Service; C:\Acer\GraviSense\GraviSenseSvc.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-07 92792]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]

-----------------EOF-----------------

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:24 PM

Posted 22 September 2008 - 09:00 AM

No problem about the flash-disinfector. Perhaps you should have disabled Your Antivirus and then run the application as administrator. It is not needed any more.

Note: To run BMAM and Hijackthis rightclick the shortcut/application and select "Run as Administrator".
  • MBAM has a built-in FileAssassin feature for removing stubborn malware files.
    • Go to the "More Tools" tab and click on the "Run Tool" button.
    • Browse to the location of the file(s) to remove using the drop down box next to "Look in:" at the top.
      • C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_OLD_0.dll <- this file
    • When you find the file(s), click "Open".
    • You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.
    • If removal did not require a reboot, you will receive a message indicating the file was deleted successfully, however, I recommend you reboot anyway.
    Note: Please be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to serious problems with your operating system.

  • Remove the folder now: C:\Program Files\Thunder Network\Thunder

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O8 - Extra context menu item: ㄏノǔ筽更 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: ㄏノǔ筽更场渺钡 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Go to Start > Run and type in Notepad
    Copy/paste the following text inside the code box into a new notepad document. Make sure that under Format menu Word Wrap is unchecked.

    regedit /e look.txt "[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"
     notepad look.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some txt in it. Copy and paste the contents in your next reply.
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users