Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links getting redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 positive_jam

positive_jam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 December 2009 - 04:30 PM

Hi everyone and thanks in advance for any help you can give.

I thought I was fairly proficient with computers but this problem is really stumping me.

A few days ago when I was surfing the net I suddenly had a fake antivirus program appear in my systray. Gave me quite a shock! as i'm normally really careful and no idea where it came from. At the time I was running windows firewall and the free version of avira antivirus, none of them gave me any warnings. I managed to kill the process responsible and got rid of it with a combination of a free trial of ESET smart security, Malware byres and Super anti spyware. I can't remember exactly what found what but they all came up with some suspicious stuff which I quarantined/deleted.

Now ESET smart security, Malware bytes, Super anti spyware, Avira and Sophos anti rootkit are all showing my computer as clean and in general use it appears fine. However since the fake antivirus appeared my google search result links are getting redirected to a wide variety of dodgy looking sites, and although showing as clean I am still having this problem. Occasionally it seems to go away but then shortly afterwards it comes back.

It occurs with all browsers I have tested (chrome, IE and firefox) except firefox's own safe mode which appears to be fine. I have tried reinstalling browsers with no improvement.

Also my laptop has suddenly become very reluctant to hibernate, but I have no idea if this is in any way related.

1. Please give me some advice with how I can get rid of this when nothing is finding it!

2. I would be very reluctant to use this computer at all whilst it is still compromised, however im at the end of a very busy term with a load of deadlines and so I have been forced to use it for things like email, however I have avoided doing anything finanical or banking since I got infected. What do you think the chances are that there is something more malicous than simply redirecting links happening here, might there be a keylogger or something flying under the radar?

Thanks very much for any help you can give me.

EDIT: meant to say the fake antivirus was called antivirus pro

DDS report:



DDS (Ver_09-12-01.01) - FAT32x86
Run by David at 21:13:41.21 on 05/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.235 [GMT 0:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\David\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Documents and Settings\David\My Documents\Downloads\RootRepeal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://www.ledgaming.com/Gems_WildTiles/html/shockwave.shtml"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248606181203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\0mk05kk6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-26 11608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55656]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S2 gupdate1ca0de84eaaddf8;Google Update Service (gupdate1ca0de84eaaddf8);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\c153.tmp --> c:\windows\system32\C153.tmp [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\realtemp_3.00\WinRing0.sys [2009-7-21 14416]

=============== Created Last 30 ================

2009-12-01 22:19:25 0 d-----w- c:\program files\Sophos
2009-12-01 15:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 15:05:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 13:57:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-01 13:25:01 0 d-sha-r- C:\cmdcons
2009-12-01 13:22:21 98816 ----a-w- c:\windows\sed.exe
2009-12-01 13:22:21 77312 ----a-w- c:\windows\MBR.exe
2009-12-01 13:22:21 260608 ----a-w- c:\windows\PEV.exe
2009-12-01 13:22:21 161792 ----a-w- c:\windows\SWREG.exe
2009-12-01 10:38:33 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-01 10:35:57 0 d-----w- c:\docume~1\david\applic~1\ESET
2009-12-01 10:26:27 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-01 10:16:22 0 d-----w- C:\FOUND.002
2009-11-30 23:29:58 0 d-----w- c:\program files\ESET
2009-11-30 23:20:37 0 d-----w- c:\program files\Trend Micro
2009-11-30 22:40:01 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 22:40:01 0 d-----w- c:\docume~1\david\applic~1\SUPERAntiSpyware.com
2009-11-30 22:38:53 0 d-----w- c:\docume~1\david\applic~1\Malwarebytes
2009-11-30 22:38:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 22:38:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-25 23:11:17 0 d-----w- c:\docume~1\david\applic~1\runic games
2009-11-19 10:02:50 0 d-----w- C:\FOUND.001
2009-11-16 09:06:48 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 09:06:44 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 09:03:36 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 08:56:12 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-11 19:33:30 0 d-----w- c:\program files\Microsoft
2009-11-11 19:12:17 0 d-----w- c:\program files\common files\xing shared
2009-11-11 19:11:53 0 d-----w- c:\program files\common files\Real

==================== Find3M ====================

2009-12-01 14:40:54 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-01 14:40:54 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-11 04:17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:40 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll

============= FINISH: 21:14:59.92 ===============

Second DDS and root repeal attached.

Attached Files


Edited by positive_jam, 05 December 2009 - 04:34 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 19 December 2009 - 02:03 PM

Hello, positive_jam.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 19 December 2009 - 05:10 PM

Hi aommaster.

Thanks very much for getting back to me. The redirects don't seem as common but they still occur from time to time.

Below are the RSIT logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-12-19 22:04:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (31%) free of 36 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:58, on 19/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\David\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spotify\spotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\CHROME.EXE
C:\Documents and Settings\David\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\David\My Documents\Downloads\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://www.ledgaming.com/Gems_WildTiles/html/shockwave.shtml"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1248606181203
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca0de84eaaddf8) (gupdate1ca0de84eaaddf8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11732 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-25 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-13 151552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064]
"Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-01-09 589824]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2006-01-24 397312]
"ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Wireless Manager"=C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [2008-05-26 585728]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-11 198160]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-26 39408]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-06-02 24264488]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-21 468408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe"="C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe"="C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e02b7a-796a-11de-b10d-0013020f8a39}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-19 21:59:59 ----D---- C:\rsit
2009-12-12 08:08:22 ----SHD---- C:\FOUND.004
2009-12-08 21:16:02 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-08 21:15:51 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-08 21:14:06 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-08 21:13:09 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-08 21:12:57 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 19:42:12 ----SHD---- C:\FOUND.003
2009-12-05 23:26:56 ----HD---- C:\WINDOWS\PIF
2009-12-05 18:49:40 ----A---- C:\RootRepeal report 12-05-09 (18-49-40).txt
2009-12-01 22:19:25 ----D---- C:\Program Files\Sophos
2009-12-01 13:57:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-01 13:56:45 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-01 13:56:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-01 13:56:45 ----A---- C:\WINDOWS\system32\java.exe
2009-12-01 13:25:07 ----A---- C:\Boot.bak
2009-12-01 13:25:01 ----RASHD---- C:\cmdcons
2009-12-01 13:22:21 ----A---- C:\WINDOWS\zip.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\SWSC.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\SWREG.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\sed.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\PEV.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\MBR.exe
2009-12-01 13:22:21 ----A---- C:\WINDOWS\grep.exe
2009-12-01 13:21:58 ----D---- C:\WINDOWS\ERDNT
2009-12-01 13:19:49 ----D---- C:\Qoobox
2009-12-01 10:38:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-01 10:35:57 ----D---- C:\Documents and Settings\David\Application Data\ESET
2009-12-01 10:16:22 ----D---- C:\FOUND.002
2009-11-30 23:29:58 ----D---- C:\Program Files\ESET
2009-11-30 23:29:58 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-11-30 23:20:37 ----D---- C:\Program Files\Trend Micro
2009-11-30 22:40:01 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-30 22:40:01 ----D---- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2009-11-30 22:38:53 ----D---- C:\Documents and Settings\David\Application Data\Malwarebytes
2009-11-30 22:38:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-30 22:38:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-28 01:08:36 ----HD---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-28 01:08:26 ----HD---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 23:11:17 ----D---- C:\Documents and Settings\David\Application Data\runic games

======List of files/folders modified in the last 1 months======

2009-12-19 21:58:30 ----A---- C:\WINDOWS\win.ini
2009-12-12 21:59:30 ----A---- C:\WINDOWS\system32\eRLog.ini
2009-12-12 21:58:50 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-12-09 01:42:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 01:39:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-08 21:15:58 ----A---- C:\WINDOWS\imsins.BAK
2009-12-01 20:06:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-01 14:57:36 ----A---- C:\WINDOWS\system.ini
2009-12-01 13:25:10 ----RASH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-07-25 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-21 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys []
S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\C153.tmp []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\D:\RealTemp_3.00\WinRing0.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-13 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-13 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-13 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1ca0de84eaaddf8;Google Update Service (gupdate1ca0de84eaaddf8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-26 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 190448]
S2 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-12-19 22:05:01

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management 1.00.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer eSettings Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
Death Rally for Windows-->"C:\Program Files\Death Rally\uninstall.exe"
Fallout Tactics-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\14 Degrees East\Fallout Tactics\Uninst.isu"
Fallout-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}\Setup.exe" -l0x9 -removeonly
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
GNU Backgammon (MAIN branch, 20090907 code)-->"C:\Program Files\gnubg\unins000.exe"
GOG.com Downloader-->MsiExec.exe /X{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}
Google Apps-->MsiExec.exe /I{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
Google Toolbar for Firefox-->C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Manager-->"C:\Program Files\Virgin Broadband Wireless\unins000.exe"

=====HijackThis Backups=====

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing) [2009-12-04]
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe (file missing) [2009-12-04]
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2009-12-04]
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) [2009-12-04]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) [2009-12-04]
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) [2009-12-04]

======Security center information======

AV: AntiVir Desktop (disabled)
AV: ESET Smart Security 4.0
FW: ESET Personal firewall

======System event log======

Computer Name: DAVIDLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013020F8A39. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4195
Source Name: Dhcp
Time Written: 20091110214534.000000+000
Event Type: warning
User:

Computer Name: DAVIDLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013020F8A39. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4178
Source Name: Dhcp
Time Written: 20091110214349.000000+000
Event Type: warning
User:

Computer Name: DAVIDLAPTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4173
Source Name: Tcpip
Time Written: 20091110193746.000000+000
Event Type: warning
User:

Computer Name: DAVIDLAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013020F8A39. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4167
Source Name: Dhcp
Time Written: 20091110162357.000000+000
Event Type: warning
User:

Computer Name: DAVIDLAPTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4155
Source Name: Tcpip
Time Written: 20091110124645.000000+000
Event Type: warning
User:

=====Application event log=====

Computer Name: DAVIDLAPTOP
Event Code: 1517
Message: Windows saved user DAVIDLAPTOP\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 992
Source Name: Userenv
Time Written: 20091107010058.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVIDLAPTOP
Event Code: 1517
Message: Windows saved user DAVIDLAPTOP\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 910
Source Name: Userenv
Time Written: 20091105021421.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVIDLAPTOP
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 900
Source Name: ASP.NET 2.0.50727.0
Time Written: 20091105012147.000000+000
Event Type: warning
User:

Computer Name: DAVIDLAPTOP
Event Code: 1517
Message: Windows saved user DAVIDLAPTOP\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 799
Source Name: Userenv
Time Written: 20091029004923.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVIDLAPTOP
Event Code: 1000
Message: Faulting application acrord32.exe, version 7.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0xc0000001.

Record Number: 723
Source Name: Application Error
Time Written: 20091014200847.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 19 December 2009 - 05:41 PM

I also meant to post things aren't quite right because my trial of ESET security has been blocking a few things recently.

Below is its log of detected threats since my first post if this is of any help:

16/12/2009 11:53:27 HTTP filter file http://gjbeeklgpnf.com/nte/AVORP1TREST10.p...809K37ffd1e9317 JS/Exploit.Pdfka.ASD trojan connection terminated - quarantined DAVIDLAPTOP\David Threat was detected upon access to web by the application: C:\Program Files\Google\Chrome\Application\CHROME.EXE.
15/12/2009 13:14:58 HTTP filter file http://cehagghcpnf.com/nte/AVORP1TREST10.p...809K797b7c47317 JS/Exploit.Pdfka.ASD trojan connection terminated - quarantined DAVIDLAPTOP\David Threat was detected upon access to web by the application: C:\Program Files\Google\Chrome\Application\CHROME.EXE.
12/12/2009 11:19:01 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 11:19:01 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 11:19:01 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 11:19:01 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 11:19:01 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus unable to clean NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:44:40 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:44:26 Startup scanner file C:\WINDOWS\system32\DRIVERS\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type
12/12/2009 10:43:19 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:43:00 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:57 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:56 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:56 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:55 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:55 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:54 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:42:52 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus error while deleting - operation unavailable for this object type NT AUTHORITY\SYSTEM Event occurred on a modified file.
12/12/2009 10:40:32 Real-time file system protection file C:\WINDOWS\system32\drivers\atapi.sys Win32/Olmarik.RF virus NT AUTHORITY\SYSTEM Event occurred on a modified file.

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 19 December 2009 - 06:45 PM

Hello, positive_jam.
We need to uninstall Antivirus Program(s)

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AntiVir Desktop or ESET Smart Security 4.0.
My recommendation is that you uninstall ESET Smart Security 4.0




It appears that you have run combofix on your computer. Please post the contents of C:\combofix.txt

If you can't find it, please navigate to C:\qoobox\ and post the log of combofixX.txt where X is number. (Pick the smallest number present)

NEXT:

We need to run SystemLook
  • Please download SystemLook from jpshortstuff and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :filefind
    atapi.sy*
  • Hit the Look button. Let it finish the scan
  • A log will then be saved to your Desktop.. Post the content of the log here in your next reply

NEXT:

We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
In your next reply, please include the following:
  • SystemLook Log
  • gmer.txt
  • Combofix logs

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 19 December 2009 - 07:34 PM

Uninstalled ESET
Run SystemLook ok, log below
Copied combofix log below
Attempted twice to run GMER, both times it scanned for a while then bluescreened my computer so no log.

Thanks


SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:30 on 20/12/2009 by David (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sy*"
C:\c74eb31f4af6396addf5d9c4e39fcb64\i386\atapi.sy_ --a--- 50028 bytes [00:10 14/04/2008] [00:10 14/04/2008] C32657CE5311711A42CD6ECBC728FB0B
C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [22:59 03/08/2004] [22:59 03/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\i386\ATAPI.SY_ --a--- 49558 bytes [05:00 04/08/2004] [05:00 04/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys ------ 95360 bytes [00:06 26/07/2009] [05:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [13:47 01/12/2009] [14:40 01/12/2009] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [00:13 26/07/2009] [00:10 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 96512 bytes [23:31 25/07/2009] [10:46 12/12/2009] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [23:31 25/07/2009] [10:46 12/12/2009] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --a--- 95360 bytes [05:00 04/08/2004] [05:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-


ComboFix 09-11-30.05 - David 01/12/2009 13:30.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.632 [GMT 0:00]
Running from: c:\documents and settings\David\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 11:21 . 2009-12-01 11:21 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\ESET
2009-12-01 10:38 . 2009-12-01 10:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-01 10:35 . 2009-12-01 10:35 -------- d-----w- c:\documents and settings\David\Application Data\ESET
2009-12-01 10:26 . 2009-12-01 10:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-01 10:16 . 2009-12-01 10:16 -------- d-----w- C:\FOUND.002
2009-11-30 23:29 . 2009-11-30 23:30 -------- d-----w- c:\program files\ESET
2009-11-30 23:29 . 2009-11-30 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-11-30 23:20 . 2009-11-30 23:20 -------- d-----w- c:\program files\Trend Micro
2009-11-30 22:40 . 2009-11-30 22:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 22:40 . 2009-11-30 22:40 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-28 11:44 . 2009-11-28 11:44 188512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-26 02:05 . 2009-11-26 02:05 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Deployment
2009-11-25 23:11 . 2009-11-25 23:11 -------- d-----w- c:\documents and settings\David\Application Data\runic games
2009-11-19 22:27 . 2009-11-19 22:27 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-11-19 10:02 . 2009-11-19 10:02 -------- d-----w- C:\FOUND.001
2009-11-16 09:06 . 2009-11-16 09:06 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 09:06 . 2009-11-16 09:06 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 09:03 . 2009-11-16 09:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 08:56 . 2009-11-16 08:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-11 19:33 . 2009-11-11 19:33 -------- d-----w- c:\program files\Microsoft
2009-11-11 19:12 . 2009-11-11 19:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-11 19:11 . 2009-11-11 19:11 -------- d-----w- c:\program files\Real
2009-11-11 19:11 . 2009-11-11 19:11 -------- d-----w- c:\program files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 13:26 . 2009-07-25 23:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-26 16:53 . 2005-01-21 12:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-17 12:00 . 2009-07-25 23:14 90352 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 22:11 . 2009-10-21 22:11 -------- d-----w- c:\program files\Death Rally
2009-10-14 23:46 . 2009-10-14 23:46 -------- d-----w- c:\program files\MSECache
2009-10-14 11:14 . 2009-10-14 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-10-14 11:13 . 2009-10-14 11:13 -------- d-----w- c:\program files\WorldOfGooDemo
2009-10-13 22:56 . 2009-10-13 22:55 -------- d-----w- c:\documents and settings\David\Application Data\foobar2000
2009-10-13 22:55 . 2009-10-13 22:55 -------- d-----w- c:\program files\foobar2000
2009-09-14 22:38 . 2009-09-14 22:38 79856 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
2009-09-11 14:18 . 2009-07-25 23:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2009-07-25 23:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2007-07-20 12:47 . 2007-07-20 12:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-03-16 17:27 . 2007-03-16 17:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-03-16 17:27 . 2007-03-16 17:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 17:27 . 2007-03-16 17:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-02-07 21:46 . 2008-02-07 21:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-02-07 21:46 . 2008-02-07 21:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 21:46 . 2008-02-07 21:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 21:46 . 2008-02-07 21:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 21:46 . 2008-02-07 21:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 21:46 . 2008-02-07 21:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 21:46 . 2008-02-07 21:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-02-07 21:46 . 2008-02-07 21:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-06-02 24264488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe startup" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-16 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-19 15797248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16/11/2009 09:03 108792]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/07/2009 07:47 108289]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/11/2009 09:04 735960]
S2 gupdate1ca0de84eaaddf8;Google Update Service (gupdate1ca0de84eaaddf8);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 12:57 133104]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\realtemp_3.00\WinRing0.sys [21/07/2009 21:27 14416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-26 07:49]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 12:54]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 12:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\0mk05kk6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ePresentation - c:\windows\UnInst32.exe AcerePrj.UNI
AddRemove-foobar2000 - c:\program files\foobar2000\uninstall.exe _?=c:\program files\foobar2000
AddRemove-GridVista - c:\windows\UnInst32.exe GridV.UNI
AddRemove-LManager - c:\windows\UnInst32.exe LManager.UNI
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 13:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8651E618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7622f28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf742f852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf73a4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf73b1a21
SendHandler -> NDIS.sys @ 0xf738f87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1212)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1276)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\David\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-01 13:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-01 13:51

Pre-Run: 9,130,246,144 bytes free
Post-Run: 9,263,841,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D4AC8C52CAB60A21D53EEBBB45E89CD6

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 19 December 2009 - 07:46 PM

Hi!

Please try running GMER in safe mode. Hopefully, that should work, and a log will be produced. Post that up in your next reply.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 19 December 2009 - 08:17 PM

Thanks for the suggestion. Booting into safe mode made in run fine.

Below is all it logged:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-20 01:13:10
Windows 5.1.2600 Service Pack 3
Running: 45lp3d8x.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pxliipod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 21 December 2009 - 02:05 PM

Hi!

Just wanted to know that I haven't forgotten your thread. I'll post a fix soon :(

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 21 December 2009 - 02:34 PM

Hello, positive_jam.
We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


NEXT:

We need to run RootRepeal
  • Download RootRepeal
  • Extract RootRepeal.exe from the zip archive.
  • Open RootRepeal on your desktop.
  • Click the Report tab.
  • Click the Scan button.
  • Check all six boxes present (Drivers, Files, Processes, SSDT, Stealth Objects, Hidden Services)
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Save Report button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log
  • RootRepeal Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 21 December 2009 - 06:41 PM

Combo fix log attached.

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:14, on 21/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\David\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.33_Safari/532.0" -"http://www.ledgaming.com/Gems_WildTiles/html/shockwave.shtml"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1248606181203
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca0de84eaaddf8) (gupdate1ca0de84eaaddf8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10653 bytes


Attempted to download rootrepeal but site is showing this:

The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

Do you know of a mirror for it?

I haven't experienced any redirects for a couple of days now, do you think it might be fixed?

Thanks

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 21 December 2009 - 07:22 PM

Hi!

Looks like you've missed the combofix log. Please copy and paste that into your next reply.

Also, try running GMER again in normal mode. If the log looks different than the one previously posted (it should be a bit longer), then post that in your next reply.

Thanks :(

Edit:

I haven't experienced any redirects for a couple of days now, do you think it might be fixed?

I'll have to look at the logs in order to determine what combofix did.

Edited by aommaster, 21 December 2009 - 07:22 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 positive_jam

positive_jam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 21 December 2009 - 08:33 PM

oops sorry. Heres the combofix log, trying GMER again now.

ComboFix 09-12-20.08 - David 21/12/2009 23:22:57.3.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.623 [GMT 0:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-19 21:59 . 2009-12-19 22:00 -------- d-----w- C:\rsit
2009-12-12 08:08 . 2009-12-12 08:08 -------- d-----w- C:\FOUND.004
2009-12-08 19:42 . 2009-12-08 19:42 -------- d-----w- C:\FOUND.003
2009-12-05 23:26 . 2009-12-05 23:26 -------- d--h--w- c:\windows\PIF
2009-12-01 22:19 . 2009-12-01 22:19 -------- d-----w- c:\program files\Sophos
2009-12-01 15:05 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 15:05 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 13:57 . 2009-12-01 13:59 117760 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-01 13:57 . 2009-12-01 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-01 13:55 . 2009-12-01 13:55 152576 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-01 13:54 . 2009-12-01 13:54 79488 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-01 13:54 . 2009-12-01 13:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-12-01 11:21 . 2009-12-01 11:21 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\ESET
2009-12-01 10:38 . 2009-12-01 10:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-01 10:35 . 2009-12-01 10:35 -------- d-----w- c:\documents and settings\David\Application Data\ESET
2009-12-01 10:26 . 2009-12-01 10:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-01 10:16 . 2009-12-01 10:16 -------- d-----w- C:\FOUND.002
2009-11-30 23:29 . 2009-11-30 23:30 -------- d-----w- c:\program files\ESET
2009-11-30 23:29 . 2009-11-30 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-11-30 23:20 . 2009-11-30 23:20 -------- d-----w- c:\program files\Trend Micro
2009-11-30 22:40 . 2009-11-30 22:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-30 22:40 . 2009-11-30 22:40 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 22:38 . 2009-11-30 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-28 11:44 . 2009-11-28 11:44 188512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-26 02:05 . 2009-11-26 02:05 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Deployment
2009-11-25 23:11 . 2009-11-25 23:11 -------- d-----w- c:\documents and settings\David\Application Data\runic games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 10:46 . 2009-07-25 23:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-07 22:39 . 2009-07-26 07:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-26 16:53 . 2005-01-21 12:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-19 22:27 . 2009-11-19 22:27 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-11-17 12:00 . 2009-07-25 23:14 90352 ----a-w- c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 19:33 . 2009-11-11 19:33 -------- d-----w- c:\program files\Microsoft
2009-11-11 19:12 . 2009-11-11 19:12 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-11 19:11 . 2009-11-11 19:11 -------- d-----w- c:\program files\Real
2009-11-11 19:11 . 2009-11-11 19:11 -------- d-----w- c:\program files\Common Files\Real
2009-10-29 07:45 . 2009-07-25 23:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-07-25 23:32 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2009-07-25 23:32 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2009-07-25 23:32 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2009-07-25 23:31 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-07-25 23:31 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-07-25 23:31 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 04:17 . 2009-08-16 21:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-07-20 12:47 . 2007-07-20 12:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-03-16 17:27 . 2007-03-16 17:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-03-16 17:27 . 2007-03-16 17:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 17:27 . 2007-03-16 17:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-02-07 21:46 . 2008-02-07 21:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-02-07 21:46 . 2008-02-07 21:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 21:46 . 2008-02-07 21:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 21:46 . 2008-02-07 21:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 21:46 . 2008-02-07 21:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 21:46 . 2008-02-07 21:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 21:46 . 2008-02-07 21:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-02-07 21:46 . 2008-02-07 21:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-01_13.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-20 01:14 . 2009-12-20 01:14 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
- 2005-02-11 11:10 . 2009-12-01 13:46 72978 c:\windows\system32\perfc009.dat
+ 2005-02-11 11:10 . 2009-12-09 01:42 72978 c:\windows\system32\perfc009.dat
- 2009-03-08 04:31 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 04:31 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2009-07-25 23:31 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2009-07-25 23:31 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-10-07 10:46 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-10-07 10:46 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-10-07 10:46 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-10-07 10:46 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 04:33 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 04:33 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-07-25 23:31 . 2009-12-12 10:46 96512 c:\windows\system32\dllcache\atapi.sys
- 2009-07-25 23:31 . 2009-12-01 13:26 96512 c:\windows\system32\dllcache\atapi.sys
- 2005-02-11 10:40 . 2009-12-01 13:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-02-11 10:40 . 2009-12-11 00:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-02-11 10:40 . 2009-12-11 00:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-02-11 10:40 . 2009-12-01 13:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-02-11 10:40 . 2009-12-11 00:07 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-02-11 10:40 . 2009-12-01 13:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-01 13:57 . 2009-12-01 13:57 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-12-01 13:57 . 2009-12-01 13:57 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-20 20:19 . 2009-12-20 20:19 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 35088 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 18704 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 20240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-09 11:18 . 2009-12-09 11:18 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-08 21:15 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-12-01 13:57 . 2009-12-01 13:57 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-07-25 23:32 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2005-02-11 11:10 . 2009-12-09 01:42 445938 c:\windows\system32\perfh009.dat
- 2005-02-11 11:10 . 2009-12-01 13:46 445938 c:\windows\system32\perfh009.dat
+ 2009-07-25 23:31 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
- 2009-07-25 23:31 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2009-03-08 04:32 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2009-03-08 04:32 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
- 2009-08-16 21:15 . 2009-08-16 21:15 149280 c:\windows\system32\javaws.exe
+ 2009-12-01 13:56 . 2009-10-11 04:17 149280 c:\windows\system32\javaws.exe
+ 2009-12-01 13:56 . 2009-10-11 04:17 145184 c:\windows\system32\javaw.exe
- 2009-08-16 21:15 . 2009-08-16 21:15 145184 c:\windows\system32\javaw.exe
- 2009-08-16 21:15 . 2009-08-16 21:15 145184 c:\windows\system32\java.exe
+ 2009-12-01 13:56 . 2009-10-11 04:17 145184 c:\windows\system32\java.exe
- 2009-07-25 23:31 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2009-07-25 23:31 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
+ 2009-07-25 23:31 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2009-07-25 23:31 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2009-07-25 23:31 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
- 2009-07-25 23:31 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2009-03-08 04:34 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 04:34 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 13:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2009-03-08 04:34 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 04:34 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-10-07 10:46 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-10-07 10:46 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-10-07 10:46 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-10-07 10:46 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 04:31 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 04:31 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 14:09 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 14:09 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 04:32 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 04:32 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2009-07-26 13:56 . 2009-11-16 16:17 888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 888080 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 272648 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 922384 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 845584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 217864 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 159504 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-08 21:15 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-08 21:15 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-08 21:15 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-08 21:15 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-08 21:15 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-07-25 23:31 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
- 2009-07-25 23:31 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2009-07-25 23:31 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
+ 2009-03-08 04:32 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 04:32 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 04:34 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2009-03-08 04:34 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-03-08 04:41 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
+ 2009-10-07 10:46 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-10-07 10:46 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-12-01 13:57 . 2009-12-01 13:57 1583616 c:\windows\Installer\a8ab7.msi
+ 2009-11-20 23:36 . 2009-11-20 23:36 5002752 c:\windows\Installer\560a0b.msp
+ 2009-10-16 07:09 . 2009-10-16 07:09 2518016 c:\windows\Installer\5609f5.msp
+ 2009-12-20 20:19 . 2009-12-20 20:19 1262080 c:\windows\Installer\417561f.msi
+ 2009-07-26 13:56 . 2009-12-08 21:14 1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 1172240 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-07-26 13:56 . 2009-12-08 21:14 1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-26 13:56 . 2009-11-16 16:17 1165584 c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 04:26 . 2009-03-06 04:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002119110000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-12-08 21:15 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-08 21:15 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-07-26 12:41 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2009-03-08 04:39 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2009-07-19 18:48 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-08 21:15 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-26 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-06-02 24264488]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26/07/2009 07:47 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]
S2 gupdate1ca0de84eaaddf8;Google Update Service (gupdate1ca0de84eaaddf8);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 12:57 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C153.tmp --> c:\windows\system32\C153.tmp [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\realtemp_3.00\WinRing0.sys [21/07/2009 21:27 14416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\0mk05kk6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 23:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C153.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 23:29:58
ComboFix-quarantined-files.txt 2009-12-21 23:29
ComboFix2.txt 2009-12-01 13:51

Pre-Run: 11,511,726,080 bytes free
Post-Run: 11,519,950,848 bytes free

- - End Of File - - 240ABD4609E9C6FA9988815B7F1163DD

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 21 December 2009 - 11:26 PM

Hi!

Please try the RootRepeal download link now. Are you still having trouble accessing it?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:42 AM

Posted 24 December 2009 - 02:29 PM

Hello positive_jam
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users