Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/adware/malware infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 buster123

buster123

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 14 August 2009 - 03:28 PM

Hi, really glad you guys are here to help! Thanks! My problem when browsing with either I.E or firefox after a couple of minutes it slows down and then stops loading pages. Also when I do a search on google etc and click on a search result link instead of going to the page it goes to a completely different page.

Any help would be much appreciated.

Thanks


DDS (Ver_09-07-30.01) - NTFSx86
Run by mark at 21:00:37.37 on 14/08/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.709 [GMT 1:00]

SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Users\mark\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\WerCon.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S7109.tmp" /EF "HKCU"
uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SF12D.tmp" /EF "HKCU"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [workflow] e:\installs\workflow.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SDTray] c:\program files\spyware doctor\SDTrayApp.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\d3dx9_2632.dll enethook.dll,c:\windows\system32\d3dx9_2632.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iefzzezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-2 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-2 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-2 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-3 297752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2008-12-1 28672]
R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-2-27 708176]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2007-10-5 107264]

=============== Created Last 30 ================

2009-08-14 19:58 <DIR> --d----- c:\program files\common files\Vbox
2009-08-14 19:58 <DIR> --d----- c:\program files\Bradbury
2009-08-12 22:04 <DIR> a-d----- c:\programdata\TEMP
2009-08-12 22:04 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-12 21:59 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 20:38 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 20:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 20:37 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 20:37 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 20:37 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 20:37 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 20:37 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 20:37 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 20:37 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 20:37 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 20:37 71,680 a------- c:\windows\system32\atl.dll
2009-08-02 20:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-02 20:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-02 20:00 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-08-02 20:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-02 20:00 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-02 20:00 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-02 19:59 <DIR> --d----- c:\program files\AVG
2009-08-02 19:59 <DIR> --d----- c:\programdata\avg8
2009-08-02 19:59 <DIR> --d----- c:\progra~2\avg8
2009-08-02 19:55 1,372 a------- c:\windows\system32\4FUAOfG.vbs
2009-08-02 19:55 1,372 a------- c:\windows\system32\nJiOnf9rHFHRGSN.vbs
2009-07-26 23:02 119,296 a------- c:\windows\system32\d3d10_1core32.dll
2009-07-26 23:02 1,372 a------- c:\windows\system32\9QpQmEFi3Hd5YqQ.vbs
2009-07-26 20:47 1,372 a------- c:\windows\system32\QV7tC.vbs
2009-07-26 20:45 1,372 a------- c:\windows\system32\RVrHE4F.vbs
2009-07-26 20:44 119,296 a------- c:\windows\system32\d3dx9_2632.dll
2009-07-26 20:43 1,372 a------- c:\windows\system32\XwO39SyoMdLkhqi.vbs
2009-07-26 18:49 1,372 a------- c:\windows\system32\BitKOxNIokAcZ.vbs
2009-07-25 16:18 <DIR> --d----- c:\users\mark\appdata\roaming\DAEMON Tools Lite
2009-07-24 21:43 <DIR> --d----- C:\MyWorks
2009-07-15 21:47 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 21:47 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 21:47 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 21:47 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-14 19:12 12,978 a------- c:\users\mark\appdata\roaming\nvModes.dat
2009-07-25 16:18 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-19 15:55 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-12 18:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-12 18:34 51,200 a------- c:\windows\inf\infpub.dat
2009-06-12 18:34 86,016 a------- c:\windows\inf\infstor.dat
2009-05-27 11:43 167,852 a------- c:\windows\hpqins00.dat
2009-03-16 19:52 726,008 a------- c:\users\mark\gotomypc_437.exe
2008-06-17 18:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-27 21:50 174 a--sh--- c:\program files\desktop.ini
2007-11-03 16:38 0 a------- c:\users\mark\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-09-23 15:40 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-23 15:40 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-23 15:40 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-12 18:42 8 ---shr-- c:\windows\system32\EA46E2E0C6.sys
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 15:45 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:05:18.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 16 August 2009 - 06:06 AM

Sorry forgot to mention I.E keeps opening with some fake virus check page the URL is:
[url=http://bestscanpc.org/win/?code=934]http://bestscanpc.org/win/?code=934[/url]
Thank you

Hello buster123,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by Orange Blossom, 21 August 2009 - 10:33 PM.
Deactivate link. ~ OB


#3 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 27 August 2009 - 01:35 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#4 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 27 August 2009 - 03:08 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by mark at 20:55:41.87 on 27/08/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.771 [GMT 1:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Users\mark\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\WerCon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\mark\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S7109.tmp" /EF "HKCU"
uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SF12D.tmp" /EF "HKCU"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [workflow] e:\installs\workflow.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll c:\windows\system32\d3dx9_2632.dll enethook.dll,c:\windows\system32\d3dx9_2632.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iefzzezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-2 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-2 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-2 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-3 297752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2008-12-1 28672]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2007-10-5 107264]
S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-2-27 708176]

=============== Created Last 30 ================

2009-08-27 18:06 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 08:24 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-26 08:24 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-16 13:39 <DIR> --d----- c:\users\mark\appdata\roaming\Malwarebytes
2009-08-16 13:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 13:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-16 13:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-16 13:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 13:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-14 20:24 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 20:24 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 20:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 20:24 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 20:24 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 20:24 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 20:24 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 20:24 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 19:58 <DIR> --d----- c:\program files\common files\Vbox
2009-08-14 19:58 <DIR> --d----- c:\program files\Bradbury
2009-08-12 22:04 <DIR> a-d----- c:\programdata\TEMP
2009-08-12 22:04 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-12 21:59 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 20:38 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 20:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 20:37 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 20:37 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 20:37 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 20:37 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 20:37 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 20:37 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 20:37 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 20:37 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 20:37 71,680 a------- c:\windows\system32\atl.dll
2009-08-02 20:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-02 20:00 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-02 20:00 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-08-02 20:00 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-02 20:00 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-02 20:00 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-02 19:59 <DIR> --d----- c:\program files\AVG
2009-08-02 19:59 <DIR> --d----- c:\programdata\avg8
2009-08-02 19:59 <DIR> --d----- c:\progra~2\avg8
2009-08-02 19:55 1,372 a------- c:\windows\system32\4FUAOfG.vbs
2009-08-02 19:55 1,372 a------- c:\windows\system32\nJiOnf9rHFHRGSN.vbs

==================== Find3M ====================

2009-08-26 23:19 12,978 a------- c:\users\mark\appdata\roaming\nvModes.dat
2009-08-23 23:34 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-07-26 23:02 119,296 a------- c:\windows\system32\d3d10_1core32.dll
2009-07-26 20:44 119,296 a------- c:\windows\system32\d3dx9_2632.dll
2009-07-25 16:18 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-12 18:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-12 18:34 51,200 a------- c:\windows\inf\infpub.dat
2009-06-12 18:34 86,016 a------- c:\windows\inf\infstor.dat
2009-06-05 13:34 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-05 13:33 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-05 13:33 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-06-05 13:33 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-03-16 19:52 726,008 a------- c:\users\mark\gotomypc_437.exe
2008-06-17 18:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-27 21:50 174 a--sh--- c:\program files\desktop.ini
2007-11-03 16:38 0 a------- c:\users\mark\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-12 18:42 8 ---shr-- c:\windows\system32\EA46E2E0C6.sys
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 15:45 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:59:54.24 ===============

Attached Files



#5 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 27 August 2009 - 05:14 PM

Hello Buster123,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#6 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 28 August 2009 - 05:13 PM

Hello Buster123,

1.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode


2.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select Run as administrator to run it.
  • Under Extra Registry section, select Use SafeList.
  • Copy the lines in the codebox below.
Drivers32
  • Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Please reply with GMER log and the OTL logs.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#7 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 30 August 2009 - 11:29 AM

Hi, thanks for your help. In the last couple of days avg has popped up with a warning about exploit rogue spyware if that helps. :thumbup2:

GMER 1.0.15.15077 [yvnzj8ts.exe] - http://www.gmer.net
Rootkit scan 2009-08-30 11:31:41
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x62 ? 83E95BF8
INT 0x63 ? 85F93F00
INT 0x72 ? 83E96BF8
INT 0x73 ? 85F93F00
INT 0x82 ? 83E96BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spyp.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8BB2F46F 5 Bytes JMP 85F934E0
.text astbaj9t.SYS 8B0CD000 22 Bytes [26, C2, E0, 81, 10, C1, E0, ...]
.text astbaj9t.SYS 8B0CD017 159 Bytes [00, 32, A7, 71, 80, 3D, A5, ...]
.text astbaj9t.SYS 8B0CD0B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text astbaj9t.SYS 8B0CD0CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text astbaj9t.SYS 8B0CD11F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1740] kernel32.dll!CreateProcessW 76FE1C01 5 Bytes JMP 1000E3CD C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] kernel32.dll!CreateProcessA 76FE1C36 5 Bytes JMP 1000E375 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 75C1A8F5 5 Bytes JMP 1000E4B4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 75C648A6 5 Bytes JMP 1000E43F C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ADVAPI32.dll!CreateProcessWithLogonW 75C686A9 5 Bytes JMP 1000E529 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ADVAPI32.dll!CreateProcessWithTokenW 75C686DF 5 Bytes JMP 1000E59E C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!SetWindowsHookExW 75AB7B69 5 Bytes JMP 6A4A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!CallNextHookEx 75AB8C33 5 Bytes JMP 6A49CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!DialogBoxIndirectParamW 75ABBD25 5 Bytes JMP 6A5A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!CreateWindowExW 75AC3D67 5 Bytes JMP 6A4AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!DialogBoxParamW 75AD1FD5 5 Bytes JMP 6A3D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!UnhookWindowsHookEx 75AE08BE 5 Bytes JMP 6A4143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!DialogBoxParamA 75AF80B2 5 Bytes JMP 6A5A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!DialogBoxIndirectParamA 75AF83DD 5 Bytes JMP 6A5A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!MessageBoxIndirectA 75B0D471 5 Bytes JMP 6A5A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!MessageBoxIndirectW 75B0D56B 5 Bytes JMP 6A5A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!MessageBoxExA 75B0D5D1 5 Bytes JMP 6A5A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] USER32.dll!MessageBoxExW 75B0D5F5 5 Bytes JMP 6A5A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ole32.dll!OleLoadFromStream 76BF9726 5 Bytes JMP 6A5A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ole32.dll!CoCreateInstance 76C2E188 5 Bytes JMP 6A4AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ws2_32.dll!closesocket 75BD330C 5 Bytes JMP 10011BF3 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ws2_32.dll!WSASocketW 75BD34EB 7 Bytes JMP 10011B1A C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ws2_32.dll!connect 75BD40D9 5 Bytes JMP 10011B7D C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ws2_32.dll!bind 75BD652F 5 Bytes JMP 10011AA4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1740] ws2_32.dll!WSAConnect 75BDD7B0 5 Bytes JMP 10011BB2 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] kernel32.dll!CreateProcessW 76FE1C01 5 Bytes JMP 1000E3CD C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] kernel32.dll!CreateProcessA 76FE1C36 5 Bytes JMP 1000E375 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] ADVAPI32.dll!CreateProcessAsUserW 75C1A8F5 5 Bytes JMP 1000E4B4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] ADVAPI32.dll!CreateProcessAsUserA 75C648A6 5 Bytes JMP 1000E43F C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] ADVAPI32.dll!CreateProcessWithLogonW 75C686A9 5 Bytes JMP 1000E529 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] ADVAPI32.dll!CreateProcessWithTokenW 75C686DF 5 Bytes JMP 1000E59E C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] WS2_32.dll!closesocket 75BD330C 5 Bytes JMP 10011BF3 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] WS2_32.dll!WSASocketW 75BD34EB 7 Bytes JMP 10011B1A C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] WS2_32.dll!connect 75BD40D9 5 Bytes JMP 10011B7D C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] WS2_32.dll!bind 75BD652F 5 Bytes JMP 10011AA4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2852] WS2_32.dll!WSAConnect 75BDD7B0 5 Bytes JMP 10011BB2 C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] kernel32.dll!CreateProcessW 76FE1C01 5 Bytes JMP 1000E3CD C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] kernel32.dll!CreateProcessA 76FE1C36 5 Bytes JMP 1000E375 C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] ADVAPI32.dll!CreateProcessAsUserW 75C1A8F5 5 Bytes JMP 1000E4B4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] ADVAPI32.dll!CreateProcessAsUserA 75C648A6 5 Bytes JMP 1000E43F C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] ADVAPI32.dll!CreateProcessWithLogonW 75C686A9 5 Bytes JMP 1000E529 C:\Windows\System32\d3dx9_2632.dll
.text C:\Windows\Explorer.EXE[3736] ADVAPI32.dll!CreateProcessWithTokenW 75C686DF 5 Bytes JMP 1000E59E C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] kernel32.dll!CreateProcessW 76FE1C01 5 Bytes JMP 1000E3CD C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] kernel32.dll!CreateProcessA 76FE1C36 5 Bytes JMP 1000E375 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ADVAPI32.dll!CreateProcessAsUserW 75C1A8F5 5 Bytes JMP 1000E4B4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ADVAPI32.dll!CreateProcessAsUserA 75C648A6 5 Bytes JMP 1000E43F C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ADVAPI32.dll!CreateProcessWithLogonW 75C686A9 5 Bytes JMP 1000E529 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ADVAPI32.dll!CreateProcessWithTokenW 75C686DF 5 Bytes JMP 1000E59E C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!DialogBoxIndirectParamW 75ABBD25 5 Bytes JMP 6A5A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!CreateWindowExW 75AC3D67 5 Bytes JMP 6A4AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!DialogBoxParamW 75AD1FD5 5 Bytes JMP 6A3D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!DialogBoxParamA 75AF80B2 5 Bytes JMP 6A5A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!DialogBoxIndirectParamA 75AF83DD 5 Bytes JMP 6A5A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!MessageBoxIndirectA 75B0D471 5 Bytes JMP 6A5A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!MessageBoxIndirectW 75B0D56B 5 Bytes JMP 6A5A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!MessageBoxExA 75B0D5D1 5 Bytes JMP 6A5A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] USER32.dll!MessageBoxExW 75B0D5F5 5 Bytes JMP 6A5A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ws2_32.dll!closesocket 75BD330C 5 Bytes JMP 10011BF3 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ws2_32.dll!WSASocketW 75BD34EB 7 Bytes JMP 10011B1A C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ws2_32.dll!connect 75BD40D9 5 Bytes JMP 10011B7D C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ws2_32.dll!bind 75BD652F 5 Bytes JMP 10011AA4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4620] ws2_32.dll!WSAConnect 75BDD7B0 5 Bytes JMP 10011BB2 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] kernel32.dll!CreateProcessW 76FE1C01 5 Bytes JMP 1000E3CD C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] kernel32.dll!CreateProcessA 76FE1C36 5 Bytes JMP 1000E375 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ADVAPI32.dll!CreateProcessAsUserW 75C1A8F5 5 Bytes JMP 1000E4B4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ADVAPI32.dll!CreateProcessAsUserA 75C648A6 5 Bytes JMP 1000E43F C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ADVAPI32.dll!CreateProcessWithLogonW 75C686A9 5 Bytes JMP 1000E529 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ADVAPI32.dll!CreateProcessWithTokenW 75C686DF 5 Bytes JMP 1000E59E C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!SetWindowsHookExW 75AB7B69 5 Bytes JMP 6A4A9521 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!CallNextHookEx 75AB8C33 5 Bytes JMP 6A49CB69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!DialogBoxIndirectParamW 75ABBD25 5 Bytes JMP 6A5A3C10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!CreateWindowExW 75AC3D67 5 Bytes JMP 6A4AD3AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!DialogBoxParamW 75AD1FD5 5 Bytes JMP 6A3D51FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!UnhookWindowsHookEx 75AE08BE 5 Bytes JMP 6A4143F6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!DialogBoxParamA 75AF80B2 5 Bytes JMP 6A5A3BAD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!DialogBoxIndirectParamA 75AF83DD 5 Bytes JMP 6A5A3C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!MessageBoxIndirectA 75B0D471 5 Bytes JMP 6A5A3B42 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!MessageBoxIndirectW 75B0D56B 5 Bytes JMP 6A5A3AD7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!MessageBoxExA 75B0D5D1 5 Bytes JMP 6A5A3A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] USER32.dll!MessageBoxExW 75B0D5F5 5 Bytes JMP 6A5A3A13 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ole32.dll!OleLoadFromStream 76BF9726 5 Bytes JMP 6A5A3F78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ole32.dll!CoCreateInstance 76C2E188 5 Bytes JMP 6A4AD408 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ws2_32.dll!closesocket 75BD330C 5 Bytes JMP 10011BF3 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ws2_32.dll!WSASocketW 75BD34EB 7 Bytes JMP 10011B1A C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ws2_32.dll!connect 75BD40D9 5 Bytes JMP 10011B7D C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ws2_32.dll!bind 75BD652F 5 Bytes JMP 10011AA4 C:\Windows\System32\d3dx9_2632.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5064] ws2_32.dll!WSAConnect 75BDD7B0 5 Bytes JMP 10011BB2 C:\Windows\System32\d3dx9_2632.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806106D6] \SystemRoot\System32\Drivers\spyp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80610042] \SystemRoot\System32\Drivers\spyp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80610800] \SystemRoot\System32\Drivers\spyp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806100C0] \SystemRoot\System32\Drivers\spyp.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8061013E] \SystemRoot\System32\Drivers\spyp.sys
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortCompleteRequest] B1642446
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortMoveMemory] 7E398B0D
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] B1902846
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8B0D
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\astbaj9t.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8061FE9C] \SystemRoot\System32\Drivers\spyp.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74437BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744798C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7443D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74437599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7442E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7446B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7443D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7443012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74430095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744271F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744BD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744575E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7442DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7442668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744266BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74431E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84C5B1F8

AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)

Device \FileSystem\fastfat \FatCdrom 8673F1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84C561F8
Device \Driver\usbohci \Device\USBPDO-0 85FE31F8
Device \Driver\usbehci \Device\USBPDO-1 860641F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E8D0C693-7311-4979-ABBF-FCAF1A9BDAD4} 866391F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 84C561F8
Device \Driver\volmgr \Device\HarddiskVolume2 84C561F8
Device \Driver\cdrom \Device\CdRom0 860471F8
Device \Driver\cdrom \Device\CdRom1 860471F8
Device \Driver\volmgr \Device\HarddiskVolume3 84C561F8
Device \Driver\atapi \Device\Ide\IdePort0 84C581F8
Device \Driver\atapi \Device\Ide\IdePort1 84C581F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84C581F8
Device \Driver\cdrom \Device\CdRom2 860471F8
Device \Driver\netbt \Device\NetBt_Wins_Export 866391F8
Device \Driver\Smb \Device\NetbiosSmb 865E31F8
Device \Driver\nvstor \Device\RaidPort0 84C591F8
Device \Driver\PCI_PNP5706 \Device\0000004f spyp.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\iScsiPrt \Device\RaidPort1 86063500

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\nvstor \Device\0000005f 84C591F8
Device \Driver\usbohci \Device\USBFDO-0 85FE31F8
Device \Driver\usbehci \Device\USBFDO-1 860641F8
Device \Driver\netbt \Device\NetBT_Tcpip_{572C7C07-6E73-4A30-B6C0-DD439D500F62} 866391F8
Device \Driver\sptd \Device\3800757713 spyp.sys
Device \Driver\astbaj9t \Device\Scsi\astbaj9t1Port4Path0Target0Lun0 8604C1F8
Device \Driver\astbaj9t \Device\Scsi\astbaj9t1 8604C1F8
Device \Driver\astbaj9t \Device\Scsi\astbaj9t1Port4Path0Target1Lun0 8604C1F8
Device \FileSystem\fastfat \Fat 8673F1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 8730F500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xFF 0xE2 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4B 0x00 0xE3 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0xEC 0x49 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAC 0x6B 0x82 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x10 0xFF 0xE2 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x4B 0x00 0xE3 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC5 0xEC 0x49 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAC 0x6B 0x82 0x7F ...

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 30/08/2009 15:35:53 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.35% Memory free
3.74 Gb Paging File | 1.96 Gb Available in Paging File | 52.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 19.83 Gb Free Space | 28.48% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 65.63 Gb Free Space | 94.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-PC
Current User Name: mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/03 23:42:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/02/07 08:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2006/12/22 22:43:18 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/03/23 02:21:52 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2009/08/03 23:42:22 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/08/03 23:42:41 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/03 23:42:30 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/12/01 18:58:06 | 00,028,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe
PRC - [2006/12/15 01:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/24 20:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
PRC - [2006/07/20 11:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2007/02/01 02:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/01/03 00:46:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2008/10/10 09:33:40 | 00,274,432 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2007/01/02 17:33:24 | 00,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/01/19 08:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/09 19:57:52 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/23 20:00:36 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/07 08:04:16 | 00,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/12/21 01:02:14 | 00,659,456 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/03/08 18:54:32 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/08/11 23:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/12/10 22:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/04/08 00:27:30 | 01,511,424 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/01/19 08:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007/12/29 13:05:17 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/08/02 16:55:00 | 00,348,160 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2007/03/01 07:01:00 | 00,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2006/09/27 05:00:00 | 00,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/10/25 08:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/03/23 02:21:52 | 00,749,568 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
PRC - [2007/01/11 00:20:34 | 00,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
PRC - [2007/01/24 18:27:42 | 00,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
PRC - [2007/02/09 14:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
PRC - [2008/05/29 22:43:36 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2007/09/22 09:37:46 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\mark\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/05/29 22:43:38 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
PRC - [2008/01/19 08:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 08:33:35 | 01,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerCon.exe
PRC - [2008/05/02 23:38:08 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/07/26 15:26:20 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/30 11:38:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/03 23:42:26 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2007/02/07 08:04:26 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service [Auto | Running])
SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/12/22 22:43:18 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])
SRV - [2007/03/23 02:21:52 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service [Auto | Running])
SRV - [2007/02/01 02:18:42 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2007/01/03 00:46:52 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService [Auto | Running])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/11/19 19:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 09:33:40 | 00,274,432 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service [Auto | Running])
SRV - [2008/12/01 18:58:06 | 00,028,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc [Auto | Running])
SRV - [2006/12/15 01:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/24 20:57:54 | 00,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2006/07/20 11:36:58 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2008/02/27 22:21:33 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [On_Demand | Stopped])
SRV - [2008/02/27 22:21:46 | 01,302,272 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [On_Demand | Stopped])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/01/02 17:33:24 | 00,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService [Auto | Running])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/08/05 00:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/19 06:53:31 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 08:30:52 | 00,467,456 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athr.sys -- (athr [On_Demand | Stopped])
DRV - [2008/07/29 04:45:00 | 00,904,192 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athrusb.sys -- (athrusb [On_Demand | Stopped])
DRV - [2008/01/19 06:53:31 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/08/03 23:42:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/03 23:42:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/03 23:42:23 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/08/03 23:42:32 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/12/19 20:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2006/12/19 20:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2005/11/29 23:20:00 | 00,792,368 | ---- | M] (Bison Electronics. Inc. ) -- C:\Windows\System32\Drivers\BisonC07.sys -- (Cam5607 [On_Demand | Running])
DRV - [2003/12/19 03:00:00 | 00,006,656 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cinemsup.sys -- (Cinemsup [System | Running])
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/03 05:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2007/10/05 13:29:00 | 00,107,264 | ---- | M] (e3C, Inc.) -- C:\Windows\System32\DRIVERS\EC168BDA.sys -- (EC168BDA [On_Demand | Stopped])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/03/13 13:51:52 | 00,057,536 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS [On_Demand | Stopped])
DRV - [2008/03/13 13:50:02 | 00,072,000 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 08:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2006/11/08 23:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/11/08 23:53:58 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2006/10/19 03:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/02/27 22:21:30 | 00,039,248 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfileflt.sys -- (IKFileFlt [On_Demand | Stopped])
DRV - [2008/02/27 22:21:30 | 00,052,304 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec [On_Demand | Stopped])
DRV - [2008/02/27 22:21:49 | 00,059,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IkSysFlt [On_Demand | Stopped])
DRV - [2008/02/27 22:21:52 | 00,083,536 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [On_Demand | Stopped])
DRV - [2007/01/03 00:43:34 | 00,076,584 | ---- | M] () -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2006/11/09 04:09:24 | 01,647,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 21:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/01/19 06:53:28 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/03/23 19:46:33 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 08:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/02/06 02:01:00 | 04,456,320 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/09/15 17:44:18 | 00,011,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running])
DRV - [2007/01/05 21:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2006/12/11 10:34:22 | 00,097,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2007/02/07 08:04:48 | 00,020,264 | ---- | M] (HiTRUST) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2007/02/07 08:04:54 | 00,016,680 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ [Boot | Running])
DRV - [2007/02/07 08:04:50 | 00,060,712 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk [Boot | Running])
DRV - [2008/03/21 21:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 08:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Stopped])
DRV - [2007/06/25 10:43:22 | 00,082,984 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117bus.sys -- (s117bus [On_Demand | Stopped])
DRV - [2007/06/25 10:43:26 | 00,014,888 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117mdfl.sys -- (s117mdfl [On_Demand | Stopped])
DRV - [2007/06/25 10:43:36 | 00,108,456 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117mdm.sys -- (s117mdm [On_Demand | Stopped])
DRV - [2007/06/25 10:43:36 | 00,100,264 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117mgmt.sys -- (s117mgmt [On_Demand | Stopped])
DRV - [2007/06/25 10:43:36 | 00,022,952 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117nd5.sys -- (s117nd5 [On_Demand | Stopped])
DRV - [2007/06/25 10:43:38 | 00,098,344 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117obex.sys -- (s117obex [On_Demand | Stopped])
DRV - [2007/06/25 10:43:36 | 00,098,856 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\DRIVERS\s117unic.sys -- (s117unic [On_Demand | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2007/02/12 18:55:56 | 00,075,776 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/07/25 16:18:38 | 00,721,904 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/10/23 20:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/07/06 22:44:00 | 00,168,448 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/08 23:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/08/05 00:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 19:53:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/04 03:09:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/18 20:45:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/18 20:45:56 | 00,000,000 | ---D | M]

[2008/09/04 19:15:52 | 00,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\mozilla\Extensions
[2008/09/04 19:15:52 | 00,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/29 18:48:22 | 00,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\mozilla\Firefox\Profiles\iefzzezn.default\extensions
[2009/08/16 11:55:01 | 00,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\mozilla\Firefox\Profiles\iefzzezn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/08 18:55:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/26 15:26:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/14 16:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/03/08 18:55:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2008/09/04 19:15:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/07/26 15:26:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/26 15:26:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/04 01:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/03/08 18:54:32 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/26 15:26:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/13 22:34:29 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/06/13 22:34:29 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/13 22:34:29 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/06/13 22:34:29 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/13 22:34:29 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/06/13 22:34:29 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/13 22:34:29 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/13 22:34:30 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [workflow] E:\installs\workflow.exe File not found
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (C:\Windows\System32\d3dx9_2632.dll) - C:\Windows\System32\d3dx9_2632.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: MSVideo8 - C:\Windows\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\drivers\*.tmp files]
[2009/08/30 11:38:16 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2009/08/29 23:29:00 | 00,288,768 | ---- | C] () -- C:\Users\mark\Desktop\yvnzj8ts.exe
[2009/08/29 20:09:52 | 00,013,032 | ---- | C] () -- C:\Users\mark\Desktop\Youth team player profiles jazz update.docx
[2009/08/27 21:21:28 | 00,390,656 | ---- | C] (iS3, Inc.) -- C:\Users\mark\Desktop\STOPzilla_Setup.exe
[2009/08/27 20:29:26 | 00,359,932 | ---- | C] () -- C:\Users\mark\Desktop\dds(2).scr
[2009/08/27 18:06:18 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/08/26 08:24:16 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/08/26 08:24:13 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/08/23 19:11:50 | 00,000,000 | ---D | C] -- C:\Users\mark\Desktop\pigotts
[2009/08/23 17:35:10 | 00,013,642 | ---- | C] () -- C:\Users\mark\Desktop\Terms.docx
[2009/08/23 17:18:29 | 00,013,893 | ---- | C] () -- C:\Users\mark\Desktop\Hi all.docx
[2009/08/22 23:38:17 | 00,000,000 | ---D | C] -- C:\Users\mark\Desktop\jopics
[2009/08/21 13:37:19 | 00,000,000 | ---D | C] -- C:\Users\mark\Desktop\Jo
[2009/08/20 01:11:03 | 00,002,633 | ---- | C] () -- C:\Users\mark\Desktop\Microsoft Office Outlook 2007.lnk
[2009/08/20 00:39:22 | 00,012,956 | ---- | C] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).CAL
[2009/08/20 00:37:00 | 00,038,425 | ---- | C] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).ADR
[2009/08/20 00:33:25 | 00,009,309 | ---- | C] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/08/18 20:45:06 | 01,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\mark\Desktop\install_flash_player(2).exe
[2009/08/16 14:55:29 | 00,000,000 | ---D | C] -- C:\Users\mark\Desktop\programs
[2009/08/16 13:39:57 | 00,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Malwarebytes
[2009/08/16 13:39:53 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/16 13:39:50 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/16 13:39:49 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/16 13:39:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/16 13:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/15 20:54:55 | 00,012,577 | ---- | C] () -- C:\Users\mark\Desktop\scunny.docx
[2009/08/15 20:05:13 | 00,071,720 | ---- | C] () -- C:\Users\mark\Desktop\rugby.jpg
[2009/08/15 19:43:23 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/15 19:43:23 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/15 19:43:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/15 19:43:22 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/15 19:43:22 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/15 19:43:22 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/15 19:43:22 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/15 19:43:22 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/15 19:43:21 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/15 19:43:21 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/15 19:43:21 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/15 19:43:21 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/15 19:43:21 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/15 19:43:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/15 19:43:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/15 19:43:20 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/15 19:43:20 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/15 19:43:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/15 19:43:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/15 19:43:19 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/15 19:43:18 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/15 19:41:49 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/15 19:41:48 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/15 19:41:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/15 19:41:48 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/15 19:41:48 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/15 19:41:48 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/15 19:41:47 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/15 19:41:47 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/15 19:41:47 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/15 19:41:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/15 19:41:47 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/15 19:41:46 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/15 19:41:46 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/15 19:41:46 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/15 19:41:46 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/15 19:41:46 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/15 19:41:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/15 19:41:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/15 19:41:46 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/15 19:41:45 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/15 19:41:45 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/15 19:41:45 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/15 19:41:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/15 19:41:44 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/15 19:41:44 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/15 19:41:44 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/15 19:41:43 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/15 19:41:42 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/15 19:41:42 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/15 19:41:42 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/15 19:41:42 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/15 19:41:42 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/15 19:41:42 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/15 19:41:42 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/14 20:59:20 | 00,359,932 | ---- | C] () -- C:\Users\mark\Desktop\dds.scr
[2009/08/14 20:24:13 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/14 20:24:13 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/14 20:24:13 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/14 20:24:12 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/14 20:24:12 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/14 20:24:12 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/14 20:24:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/14 20:24:11 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/14 19:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Vbox
[2009/08/14 19:58:36 | 00,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2009/08/14 19:58:33 | 00,000,000 | ---D | C] -- C:\Program Files\Bradbury
[2009/08/14 19:58:26 | 01,507,328 | ---- | C] (Allaire Corp.) -- C:\Windows\System32\cfmlvalidator.dll
[2009/08/14 19:58:26 | 00,487,424 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\cfvalidator.dll
[2009/08/14 19:58:26 | 00,143,360 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CFFileProxy.dll
[2009/08/14 19:58:25 | 00,446,464 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\cfssvradmin.dll
[2009/08/14 19:58:25 | 00,270,336 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CfShellFtpRds.dll
[2009/08/14 19:58:25 | 00,110,592 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CfRds.dll
[2009/08/14 19:58:25 | 00,094,208 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CFSourceControl.ocx
[2009/08/14 19:58:25 | 00,069,632 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CFSDebug.dll
[2009/08/14 19:58:25 | 00,069,632 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CFRegExp.dll
[2009/08/14 19:58:25 | 00,069,632 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\CFFtp.dll
[2009/08/14 19:58:14 | 00,777,728 | ---- | C] () -- C:\Windows\System32\SSLSVC.DLL
[2009/08/14 19:58:14 | 00,036,557 | ---- | C] () -- C:\Windows\System32\sslsvc.chm
[2009/08/14 19:58:14 | 00,025,088 | ---- | C] () -- C:\Windows\System32\circ3.ocx
[2009/08/14 19:58:13 | 00,506,368 | ---- | C] (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) -- C:\Windows\System32\ftppro32.dll
[2009/08/14 19:58:13 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009/08/14 19:58:13 | 00,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2009/08/14 19:58:13 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/08/14 19:58:09 | 00,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2009/08/14 19:58:09 | 00,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2009/08/14 19:51:38 | 00,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2009/08/12 22:04:57 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/12 22:04:50 | 00,000,816 | ---- | C] () -- C:\Users\mark\Desktop\SpywareBlaster.lnk
[2009/08/12 22:04:44 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/08/12 21:59:52 | 00,001,878 | ---- | C] () -- C:\Users\mark\Desktop\HijackThis.lnk
[2009/08/12 21:59:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/12 21:59:17 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\mark\Desktop\HJTInstall.exe
[2009/08/12 19:29:58 | 00,029,026 | ---- | C] () -- C:\Users\mark\Desktop\PROSTARBOOKPRICES.xlsx
[2009/08/11 20:38:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/11 20:38:01 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/11 20:37:53 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/11 20:37:51 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/11 20:37:50 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/11 20:37:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/11 20:37:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/11 20:37:37 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/11 20:37:37 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/11 20:37:37 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/11 20:37:30 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/11 20:37:26 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/11 19:17:41 | 00,426,696 | ---- | C] (Microsoft Corporation) -- C:\Users\mark\Desktop\HTMLSlideShowSetup.exe
[2009/08/07 23:44:49 | 00,071,170 | ---- | C] () -- C:\Users\mark\Desktop\3308_1134029626318_1094625454_30386428_7180201_n.jpg
[2009/08/02 20:06:59 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/02 20:00:15 | 40,281,795 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/02 20:00:15 | 00,073,369 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/02 20:00:15 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/08/02 20:00:14 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/02 20:00:13 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/08/02 20:00:12 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/08/02 20:00:10 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/02 20:00:08 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/02 20:00:08 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/08/02 20:00:08 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/02 20:00:08 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/08/02 19:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/02 19:59:19 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/08/02 19:55:36 | 00,001,372 | ---- | C] () -- C:\Windows\System32\4FUAOfG.vbs
[2009/08/02 19:55:13 | 00,001,372 | ---- | C] () -- C:\Windows\System32\nJiOnf9rHFHRGSN.vbs
[2009/07/26 23:02:44 | 00,119,296 | ---- | C] () -- C:\Windows\System32\d3d10_1core32.dll
[2009/07/26 20:44:05 | 00,119,296 | ---- | C] () -- C:\Windows\System32\d3dx9_2632.dll
[2009/06/06 18:17:44 | 00,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2009/01/12 18:42:46 | 00,000,008 | RHS- | C] () -- C:\Windows\System32\EA46E2E0C6.sys
[2009/01/12 18:42:44 | 00,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/07/01 22:19:33 | 00,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2008/07/01 22:19:33 | 00,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2008/04/14 17:26:11 | 00,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2008/03/31 22:25:46 | 00,831,488 | ---- | C] () -- C:\Windows\System32\divx_xx0a.dll
[2008/03/21 21:30:08 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/21 21:28:54 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/03/21 21:28:54 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/03/21 21:28:20 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/02 20:44:31 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007/12/09 19:11:50 | 00,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2007/11/25 18:19:27 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/25 18:11:48 | 00,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007/06/08 22:40:03 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/06/08 22:40:03 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/06/08 22:38:53 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/06/08 22:31:48 | 00,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/06/08 22:14:50 | 00,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007/03/23 22:20:21 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/03/23 20:17:20 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/03/23 20:17:20 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/03/23 19:45:09 | 00,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2007/03/22 09:21:52 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2007/03/22 09:21:52 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2007/03/22 09:21:52 | 00,204,800 | ---- | C] () -- C:\Windows\Capsule.dll
[2007/03/22 09:21:52 | 00,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2007/03/22 09:21:50 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/07 07:58:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/02/07 07:57:58 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/02/07 07:57:20 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/02/07 07:56:30 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/02/07 07:56:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/02/07 07:52:08 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 23:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:31 | 00,000,243 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/06/11 12:47:00 | 00,045,056 | ---- | C] () -- C:\Windows\System32\fpprintmon.dll
[2005/01/18 10:32:28 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2003/12/19 03:00:00 | 00,013,387 | ---- | C] () -- C:\Windows\System32\CinemSup.sys
[2001/12/26 23:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\drivers\*.tmp files]
[2009/08/30 15:32:41 | 00,012,978 | ---- | M] () -- C:\Users\mark\AppData\Roaming\nvModes.dat
[2009/08/30 15:32:41 | 00,012,978 | ---- | M] () -- C:\Users\mark\AppData\Roaming\nvModes.001
[2009/08/30 14:34:38 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/30 14:34:38 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/30 11:38:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2009/08/30 11:36:17 | 40,281,795 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/08/29 23:53:27 | 00,005,556 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849649C.manifest
[2009/08/29 23:53:27 | 00,001,779 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849649P.manifest
[2009/08/29 23:29:10 | 00,288,768 | ---- | M] () -- C:\Users\mark\Desktop\yvnzj8ts.exe
[2009/08/29 20:09:53 | 00,013,032 | ---- | M] () -- C:\Users\mark\Desktop\Youth team player profiles jazz update.docx
[2009/08/29 19:37:59 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/29 19:37:59 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/29 19:37:59 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/29 18:34:55 | 00,000,516 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849649O.manifest
[2009/08/29 18:34:46 | 00,000,011 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849649S.manifest
[2009/08/29 18:34:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/29 18:34:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/29 18:34:13 | 18,776,55552 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 14:13:20 | 02,371,391 | -H-- | M] () -- C:\Users\mark\AppData\Local\IconCache.db
[2009/08/28 09:25:45 | 00,073,369 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/08/27 23:12:40 | 00,077,312 | ---- | M] () -- C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 21:21:35 | 00,390,656 | ---- | M] (iS3, Inc.) -- C:\Users\mark\Desktop\STOPzilla_Setup.exe
[2009/08/27 20:29:37 | 00,359,932 | ---- | M] () -- C:\Users\mark\Desktop\dds(2).scr
[2009/08/25 10:31:08 | 00,002,633 | ---- | M] () -- C:\Users\mark\Desktop\Microsoft Office Outlook 2007.lnk
[2009/08/23 23:34:43 | 00,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/08/23 18:38:56 | 00,013,893 | ---- | M] () -- C:\Users\mark\Desktop\Hi all.docx
[2009/08/23 17:35:18 | 00,013,642 | ---- | M] () -- C:\Users\mark\Desktop\Terms.docx
[2009/08/20 00:41:24 | 00,009,309 | ---- | M] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/08/20 00:39:22 | 00,012,956 | ---- | M] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).CAL
[2009/08/20 00:38:44 | 00,038,425 | ---- | M] () -- C:\Users\mark\AppData\Roaming\Comma Separated Values (DOS).ADR
[2009/08/18 20:45:19 | 01,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\mark\Desktop\install_flash_player(2).exe
[2009/08/16 13:39:53 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/16 13:37:59 | 00,012,287 | ---- | M] () -- C:\Users\mark\Desktop\PLAYER PROFILE.docx
[2009/08/16 11:42:02 | 00,406,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/15 23:01:18 | 00,012,577 | ---- | M] () -- C:\Users\mark\Desktop\scunny.docx
[2009/08/15 20:09:52 | 00,113,328 | ---- | M] () -- C:\Users\mark\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/15 20:09:13 | 00,071,720 | ---- | M] () -- C:\Users\mark\Desktop\rugby.jpg
[2009/08/15 19:45:47 | 00,000,243 | ---- | M] () -- C:\Windows\win.ini
[2009/08/14 20:59:34 | 00,359,932 | ---- | M] () -- C:\Users\mark\Desktop\dds.scr
[2009/08/14 19:51:38 | 00,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Flash 8.lnk
[2009/08/12 22:04:50 | 00,000,816 | ---- | M] () -- C:\Users\mark\Desktop\SpywareBlaster.lnk
[2009/08/12 21:59:52 | 00,001,878 | ---- | M] () -- C:\Users\mark\Desktop\HijackThis.lnk
[2009/08/12 21:56:50 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\mark\Desktop\HJTInstall.exe
[2009/08/12 19:30:01 | 00,029,026 | ---- | M] () -- C:\Users\mark\Desktop\PROSTARBOOKPRICES.xlsx
[2009/08/11 19:17:54 | 00,426,696 | ---- | M] (Microsoft Corporation) -- C:\Users\mark\Desktop\HTMLSlideShowSetup.exe
[2009/08/07 23:44:54 | 00,071,170 | ---- | M] () -- C:\Users\mark\Desktop\3308_1134029626318_1094625454_30386428_7180201_n.jpg
[2009/08/03 23:42:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/08/03 23:42:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/08/03 23:42:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/08/03 23:42:32 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/08/03 23:42:23 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/02 20:03:16 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/08/02 20:00:15 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.5.lnk
[2009/08/02 20:00:08 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/08/02 19:55:36 | 00,001,372 | ---- | M] () -- C:\Windows\System32\4FUAOfG.vbs
[2009/08/02 19:55:13 | 00,001,372 | ---- | M] () -- C:\Windows\System32\nJiOnf9rHFHRGSN.vbs
[2009/08/02 19:32:33 | 00,001,901 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849648P.manifest
[2009/08/02 16:06:59 | 00,005,493 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849648C.manifest
[2009/08/02 16:06:59 | 00,000,516 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849648O.manifest
[2009/08/02 16:06:59 | 00,000,011 | -HS- | M] () -- C:\Users\mark\AppData\Roaming\02000000d6210849648S.manifest

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 1013 bytes -> C:\Users\mark\Documents\[richardson-trading-ltd_co_uk] Site Installed.eml:OECustomProperty
< End of report >



OTL Extras logfile created on: 30/08/2009 15:35:53 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mark\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.35% Memory free
3.74 Gb Paging File | 1.96 Gb Available in Paging File | 52.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.64 Gb Total Space | 19.83 Gb Free Space | 28.48% Space Free | Partition Type: NTFS
Drive D: | 69.64 Gb Total Space | 65.63 Gb Free Space | 94.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARK-PC
Current User Name: mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AE3653-3B64-47F2-8910-25D3A4F85C69}" = rport=139 | protocol=6 | dir=out | app=system |
"{1DD1CFB9-0046-4172-8B6C-ECFA7F7775B3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{357E46FA-98BD-4895-959B-1EE3FB5F790D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C17B612-6A7F-4728-A757-B28B9062191F}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E592ED9-D5B6-4113-8BD3-8FD44BE7931E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C38CEE6-7A05-42AC-8748-3DE961DEC5A2}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{4C7A909C-5D5E-4CF2-9352-8CE1A051DB5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4E2C61FE-07A6-4AAC-A414-1A39015CC8F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{52D9B90A-AF14-4A83-A909-F21EA549E03B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F285EF2-97DB-461C-A17D-E341CC80D98A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5FE93AE6-F66F-43F5-BA53-C70C4E99503C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{623E35D1-03FA-4E93-A681-57E4E8D111CE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74AFEA32-A47A-4755-9BE7-81B02552814D}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{82FC94AB-2326-44B1-8B11-45FABE96163F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{965DAFBB-F640-4352-82D7-9F96FDD699A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4C21E69-9D9A-4DA5-9289-65119EAA57DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8DB3A2D-FA02-43EF-AA49-EF1EDB899B3F}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFD2EFE5-0218-40EA-AD06-CD92239B6374}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{D0615347-D9AD-428E-8B45-E486EB6B9D29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC4A68DA-0292-4BD5-BB41-BDED2E51B14A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3BDB13A-9037-45A2-AF74-0DF1920C9E75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E94D6E9C-1696-4E74-B8AD-E32F1D31B18C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{ECFF63BB-CD2E-496B-8118-B2BA64B3EFB2}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0044DD22-DBA7-45F2-A563-87A41B5B7FAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0314258E-A2F3-4058-BB04-F1521EB47C86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{06474576-56AA-4137-9A46-6F369F717909}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{08EC7254-DAA2-4DBC-BCC9-18A8406518C1}" = dir=in | app=c:\program files\avg\avg8\avgdiagex.exe |
"{0EDFFD43-80C1-4C1E-84F8-44CFF0E0B8FA}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{1023B744-3A54-4900-8BF4-ACC4EA09208F}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{12E94D1C-4952-41CA-8143-64F91E3442AC}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{134524F2-A94A-4A85-BDB3-E10FCE446182}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{153F00E6-9F3D-4285-8919-05558C9738C6}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{172114CC-F41B-470B-B31A-976DA24E9001}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{2479F9CB-97D1-46EB-ACA0-EFBA22224E68}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{24E18A8F-708F-45F4-BD20-7741D0B02547}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{29899077-84C3-4EB6-AAD2-7570486050B3}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{29F1569D-23CB-4CDE-90AB-C3F59B8727C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B151167-AF44-41BC-835E-258AE323B609}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2E78BC8B-6E6F-4F5E-ADF2-658FF4799F40}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{3422DD10-F0E1-4E7A-8B4E-04355D579E3D}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{366A1487-7934-4A21-9749-950737BB1A53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FB623E0-1805-42CE-B76E-2AD1BAA9CC9C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4280B81F-6ACD-4E86-BBB0-87347B2478E9}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{46BCEA4C-9FC0-4015-9D50-E1A1392CD075}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{477DE515-63CD-4EDF-A982-CC254C0F7E53}" = dir=in | app=c:\program files\avg\avg8\avgdiag.exe |
"{47DB4639-3851-423E-BF33-836AD9F36EA2}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{5BB0EABB-A7C3-4B4D-8F5E-FA535A95C742}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{65826E5C-476E-4F7F-A365-7DFAC28A014F}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{6FD07B3B-FDC7-404A-B322-865220205927}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{71FAC159-5E7F-47C8-B176-8889743EDEDE}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{72AF0454-B253-40D3-8216-4F6B4B22CF9E}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{83F9A7F0-A44E-4F6B-AD31-9ECD0BA95F1B}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{87D5D634-68C5-4EB7-8AAF-F191383A46A6}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{8A5E56B8-F4B2-4A73-9C31-C368DD331035}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{8DDA8AA7-F3B2-41DE-AF39-AFC8EB8077E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8E73BCE1-672F-4E78-8708-D001CBF78BD0}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{925F7CB2-8388-4F83-8001-EF3398D6D55F}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |
"{98CFC022-723C-46CD-932A-09F0544C6FC4}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{9D544DED-5201-4832-A07E-F460996808B3}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{AB4F6325-3269-4BAF-9D14-203F1D703F18}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{BDE5F045-CCF9-4296-9925-B72A42CE7859}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C6061849-AFBA-405B-BD2F-7A05FF6700F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D18C7EFC-6993-4C57-B7D8-24DEC5B4DC68}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{D27DC0C8-D86D-4D47-B7A0-EC75A57BF1F1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{DC815EED-200B-4393-A390-5A1D9032EA1C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DE0ACE3C-9ED5-428E-B4F0-9932839CCA1F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |
"{E2EC09CB-F88D-43AF-9AB0-EF2735AD75A5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3655A05-752F-4B1E-84BD-71D1231A72D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F86F60B8-D1A3-4DD3-9A17-E5CD33F4EFA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{27C918DF-7928-48E1-8DAE-ED807A9E589A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{46478D28-3D72-4885-A8A1-2DA544D00EE0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{593F574D-A124-4467-B72D-EF3C780E8BDF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7C1AB885-B5AA-4094-95D0-D5203342942D}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B7138518-5D13-4C7E-8F4F-D2F12B89E686}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{074E5DA2-8AA9-4CF7-8CF1-3C444A8C179E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{64B1B0D3-3ED0-4A4A-BB0F-497FE138B971}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{8DEB0675-B8FC-4222-9EA0-3BE627334318}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B31CA7CB-BFB8-467D-A260-C6D1B56DB95A}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{F761AE3D-AE9A-41C1-815B-186302FF838C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}" = Sony Ericsson Media Manager 1.0
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic Sonic MyDVD Studio Deluxe Suite
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.010.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B202B201-5D15-4CA7-A978-047AB4A28960}" = PE-DESIGN Ver.6
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer OrbiCam
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Printer Software
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Algolab Photo Vector 1.98.81" = Algolab Photo Vector 1.98.81
"Artcut2005" = Artcut2005
"AVG8Uninstall" = AVG 8.5
"Azureus Vuze" = Azureus Vuze
"ClassicFTP" = Classic FTP
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LimeWire" = LimeWire 4.17.9
"LManager" = Launch Manager
"MagicTracer 2.0" = MagicTracer 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"NVIDIA Drivers" = NVIDIA Drivers
"Prism" = Prism Video Converter
"Scan2CAD v7 Trial7.5" = Scan2CAD v7 Trial
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Spyware Doctor" = Spyware Doctor 5.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 31 August 2009 - 01:53 PM

Hello Buster123,

1.

Looks like you have MalwareBytes Anti Malware already installed, please update it and run a scan:

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on Malwarebytes' Anti Malware icon to start the application.
  • Click on the "Update" tab
  • Click on the "Check for Updates" button to check for the latest definition updates.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


2.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Posted Image


Please reply with the MBAM log and the Kaspersky log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#9 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 02 September 2009 - 01:52 AM

Malwarebytes' Anti-Malware 1.40
Database version: 2726
Windows 6.0.6001 Service Pack 1

01/09/2009 19:41:25
mbam-log-2009-09-01 (19-41-25).txt

Scan type: Quick Scan
Objects scanned: 91281
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\d3dx9_2632.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\mark\AppData\Local\Temp\299E.tmp (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\d3dx9_2632.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\d3dx9_2632.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\d3dx9_2632.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\mark\AppData\Local\Temp\299E.tmp (Trojan.Dropper) -> Delete on reboot.
C:\Windows\System32\d3d10_1core32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\164D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\B9EC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\C927.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\CAFB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\4461.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\8FC0.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\584C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\5CEE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\mark\AppData\Local\Temp\6141.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 2, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 01, 2009 20:47:56
Records in database: 2738064
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 170850
Threats found: 1
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:06:36


File name / Threat / Threats count
C:\$RECYCLE.BIN\S-1-5-21-1071794172-2309731073-2839245411-1000\$RDQP9XF\licenc for artcut2005(password is redsail)\instal the licence(pasword is redsail)\redsail.exe Infected: not-a-virus:AdWare.Win32.Rabio.lw 1
C:\Users\mark\Documents\richardson trading\logos\redsail.exe Infected: not-a-virus:AdWare.Win32.Rabio.lw 1
C:\Users\mark\Documents\richardson trading\logos\wentai (D)\licenc for artcut2005(password is redsail)\instal the licence(pasword is redsail)\redsail.exe Infected: not-a-virus:AdWare.Win32.Rabio.lw 1

Selected area has been scanned.

#10 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 02 September 2009 - 01:52 PM

Hello Buster123,

How is your PC running?

Do you recognize these files?
C:\Users\mark\Documents\richardson trading\logos\redsail.exe
C:\Users\mark\Documents\richardson trading\logos\wentai (D)\licenc for artcut2005(password is redsail)\instal the licence(pasword is redsail)\redsail.exe



Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please reply with a new DDS log and a description of any remaining problems.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#11 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 03 September 2009 - 03:56 PM

Hi Tokek, the signs are good I'm pretty sure you have cured my machine and for that I am eternally grateful! :thumbup2: :) It really restores my faith in humanity to find skilled, talented people who are wiling to give their time, effort andexperience to help others solve problems which are caused by the malicious acts of others for seemingly no good reason.

Many, many thanks!



DDS (Ver_09-07-30.01) - NTFSx86
Run by mark at 21:40:15.74 on 03/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.860 [GMT 1:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\mark\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S7109.tmp" /EF "HKCU"
uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SF12D.tmp" /EF "HKCU"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [workflow] e:\installs\workflow.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: eNetHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iefzzezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-2 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-2 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-2 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-3 297752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2008-12-1 28672]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2007-10-5 107264]
S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2008-2-27 708176]

=============== Created Last 30 ================

2009-09-03 21:11 <DIR> --d----- C:\Sun
2009-09-02 10:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 10:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 18:06 2,048 a------- c:\windows\system32\tzres.dll
2009-08-16 13:39 <DIR> --d----- c:\users\mark\appdata\roaming\Malwarebytes
2009-08-16 13:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 13:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-16 13:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-16 13:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 13:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-14 20:24 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 20:24 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 20:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 20:24 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 20:24 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 20:24 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 20:24 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 20:24 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 19:58 <DIR> --d----- c:\program files\common files\Vbox
2009-08-14 19:58 <DIR> --d----- c:\program files\Bradbury
2009-08-12 22:04 <DIR> a-d----- c:\programdata\TEMP
2009-08-12 22:04 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-12 21:59 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 20:38 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 20:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 20:37 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 20:37 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 20:37 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 20:37 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 20:37 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 20:37 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 20:37 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 20:37 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 20:37 71,680 a------- c:\windows\system32\atl.dll

==================== Find3M ====================

2009-09-03 21:30 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-03 20:40 12,978 a------- c:\users\mark\appdata\roaming\nvModes.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-23 23:34 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-03 23:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 23:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-03 23:42 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-03 23:42 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 16:18 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-12 18:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-12 18:34 51,200 a------- c:\windows\inf\infpub.dat
2009-06-12 18:34 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 19:52 726,008 a------- c:\users\mark\gotomypc_437.exe
2008-06-17 18:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-27 21:50 174 a--sh--- c:\program files\desktop.ini
2007-11-03 16:38 0 a------- c:\users\mark\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-12 18:42 8 ---shr-- c:\windows\system32\EA46E2E0C6.sys
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 15:45 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:41:54.68 ===============

Attached Files



#12 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 04 September 2009 - 09:56 AM

Hello Buster123,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Azureus, Bittorrent, LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


With that said, do you recognize these files?
C:\Users\mark\Documents\richardson trading\logos\redsail.exe
C:\Users\mark\Documents\richardson trading\logos\wentai (D)\licenc for artcut2005(password is redsail)\instal the licence(pasword is redsail)\redsail.exe

Edited by Tokek, 04 September 2009 - 10:12 AM.

If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#13 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 04 September 2009 - 02:22 PM

Hi, I have uninstalled the file sharing programs mentioned. The files:

C:\Users\mark\Documents\richardson trading\logos\redsail.exe
C:\Users\mark\Documents\richardson trading\logos\wentai (D)\licenc for artcut2005(password is redsail)\instal the licence(pasword is redsail)\redsail.exe

Are part of a package of software to do with my wife's job. They came with a cheap, imported vinyl cutter, heat press package which I had my doubts about. However these files will have been on my computer for about 8-10 months.

Thanks

Mark

#14 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:09:06 PM

Posted 04 September 2009 - 04:42 PM

Hi Buster123,

May I have fresh DDS log?
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#15 buster123

buster123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 05 September 2009 - 01:22 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by mark at 19:18:37.32 on 05/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1790.892 [GMT 1:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\mark\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_S7109.tmp" /EF "HKCU"
uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SF12D.tmp" /EF "HKCU"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [workflow] e:\installs\workflow.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: eNetHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\iefzzezn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-8-2 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-2 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-2 108552]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-3 297752]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2007-10-5 107264]

=============== Created Last 30 ================

2009-09-05 19:01 <DIR> --d----- c:\programdata\WindowsSearch
2009-09-03 21:11 <DIR> --d----- C:\Sun
2009-09-02 10:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 10:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 18:06 2,048 a------- c:\windows\system32\tzres.dll
2009-08-16 13:39 <DIR> --d----- c:\users\mark\appdata\roaming\Malwarebytes
2009-08-16 13:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 13:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-16 13:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-16 13:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 13:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-14 20:24 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-14 20:24 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-14 20:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-14 20:24 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-14 20:24 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 20:24 270,848 a------- c:\windows\system32\schannel.dll
2009-08-14 20:24 72,704 a------- c:\windows\system32\secur32.dll
2009-08-14 20:24 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 19:58 <DIR> --d----- c:\program files\common files\Vbox
2009-08-14 19:58 <DIR> --d----- c:\program files\Bradbury
2009-08-12 22:04 <DIR> a-d----- c:\programdata\TEMP
2009-08-12 22:04 <DIR> --d----- c:\program files\SpywareBlaster
2009-08-12 21:59 <DIR> --d----- c:\program files\Trend Micro
2009-08-11 20:38 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 20:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 20:37 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 20:37 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 20:37 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 20:37 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 20:37 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 20:37 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 20:37 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 20:37 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 20:37 71,680 a------- c:\windows\system32\atl.dll

==================== Find3M ====================

2009-09-05 19:02 12,978 a------- c:\users\mark\appdata\roaming\nvModes.dat
2009-09-03 21:30 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-23 23:34 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-03 23:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-03 23:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-03 23:42 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-03 23:42 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-25 16:18 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 16:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 16:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 16:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 13:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-12 18:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-12 18:34 51,200 a------- c:\windows\inf\infpub.dat
2009-06-12 18:34 86,016 a------- c:\windows\inf\infstor.dat
2009-03-16 19:52 726,008 a------- c:\users\mark\gotomypc_437.exe
2008-06-17 18:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-27 21:50 174 a--sh--- c:\program files\desktop.ini
2007-11-03 16:38 0 a------- c:\users\mark\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-12 18:42 8 ---shr-- c:\windows\system32\EA46E2E0C6.sys
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-11-06 15:45 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-11-06 15:45 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:20:36.89 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users