Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had a worm and think i still have malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 mghq

mghq

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 26 December 2009 - 05:25 PM

Well it is like this, the other day my computer was infected by Worm.Win32.NetSky, which i believe i had removed completely. Windows no longer shows that there is a level 5/5 virus on my computer. However, my google and yahoo searches are still being hijacked 1 time every so often, which goes to a malicious site that McAfee has reported as unsafe. Other times, Internet Explorer opens up random pages of advertisements to such things as neXplore and registry editors which i do not download.

Here is the DDS Logs:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Acer at 15:53:14.52 on Sat 12/26/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.724 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\system32\FastNetSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Acer\Downloads\spybotsd162.exe
C:\Users\Acer\AppData\Local\Temp\is-2Q4DC.tmp\spybotsd162.tmp
C:\Users\Acer\Downloads\spybotsd162.exe
C:\Users\Acer\AppData\Local\Temp\is-CIIIL.tmp\spybotsd162.tmp
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Acer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [mebakeleh] Rundll32.exe "c:\windows\system32\yafakeje.dll",a
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mebakeleh] Rundll32.exe "c:\windows\system32\yafakeje.dll",a
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
dRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll,gipekuya.dll c:\windows\system32\yafakeje.dll
SSODL: hawivugos - {d5acff12-ff5c-4137-8cc8-0472347e2a49} - c:\windows\system32\yafakeje.dll
STS: tokatiluy: {d5acff12-ff5c-4137-8cc8-0472347e2a49} - c:\windows\system32\yafakeje.dll
LSA: Notification Packages = scecli juzoteji.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 95.211.6.161 www.110mb.com
Hosts: 95.211.6.161 110mb.com
Hosts: 76.73.41.234 geekstep.com
Hosts: 76.73.41.234 www.geekstep.com
Hosts: 208.53.183.61 gaminghubs.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\kzm8xq9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2400844&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ClickTheStream Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://acer.yahoo.com/|http://yourgaminghubs.com/|http://gaminghubs.com|http://cashlagoon.com/|http://www.mygetpaidto.com/forum/|http://www.earnmoneyspace.com/forum/index.php
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\kzm8xq9x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\lib\winnt_x86-msvc\1.9.1\jetpack.dll
FF - component: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\kzm8xq9x.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\acer\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\acer\appdata\roaming\mozilla\firefox\profiles\kzm8xq9x.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? FirebirdServerDefaultInstance;Firebird Server - DefaultInstance
R? gupdate;Google Update Service (gupdate)
R? mferkdk;McAfee Inc. mferkdk
R? ndisdrv;ndisdrv
R? NPF;NetGroup Packet Filter Driver
R? SBSDWSCService;SBSD Security Center Service
R? winsts;winsts
R? WSVD;WSVD
S? BtwSrv;BtwSrv
S? fastnetsrv;fastnetsrv Service
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McProxy;McAfee Proxy Service
S? McShield;McAfee Real-time Scanner
S? McSysmon;McAfee SystemGuards
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfehidk;McAfee Inc. mfehidk
S? mfesmfk;McAfee Inc. mfesmfk
S? PCTCore;PCTools KDS
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service

=============== Created Last 30 ================

2009-12-26 21:52:40 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-26 21:52:39 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-25 04:29:37 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-25 04:27:44 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-25 04:27:44 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-25 04:27:44 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-25 04:27:43 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-25 04:27:23 0 d-----w- c:\windows\system32\xlive
2009-12-25 04:27:22 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-25 03:10:11 0 d-----w- c:\program files\Rockstar Games
2009-12-25 01:06:05 0 d-----w- c:\programdata\Malwarebytes
2009-12-25 00:49:12 0 d-----w- c:\program files\Trend Micro
2009-12-24 13:03:15 0 d-----w- c:\programdata\yedibona
2009-12-24 13:03:12 0 d-----w- c:\programdata\marokeru
2009-12-24 13:03:11 0 d-----w- c:\programdata\vugivodi
2009-12-24 00:53:32 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-23 16:16:19 0 d-----w- c:\programdata\WindowsSearch
2009-12-22 16:36:32 524288 --sha-w- c:\users\acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
2009-12-22 16:36:32 524288 --sha-w- c:\users\acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
2009-12-22 16:36:24 65536 --sha-w- c:\users\acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
2009-12-19 19:26:47 0 d-----w- c:\programdata\Nexon
2009-12-19 18:07:10 0 d-----w- C:\Nexon
2009-12-19 18:06:39 0 d-----w- c:\programdata\NexonUS
2009-12-19 05:23:19 0 d-----w- c:\programdata\PMB Files
2009-12-19 05:20:59 0 d-----w- c:\program files\Pando Networks
2009-12-11 12:29:10 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 12:29:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 12:29:05 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 03:33:11 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-11 03:27:40 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 01:17:16 3884 ----a-w- c:\users\acer\dmg2iso.pl
2009-11-29 00:09:21 0 d-----w- c:\program files\iTunes Library Updater
2009-11-28 23:11:21 5845 ----a-w- c:\users\acer\.recently-used.xbel
2009-11-28 04:32:14 0 d-----w- c:\program files\WinSCP

==================== Find3M ====================

2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 18:25:16 86016 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 18:25:14 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-31 18:25:14 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-14 01:49:31 25053 ----a-w- c:\users\acer\appdata\roaming\addons.dat
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-27 21:12:48 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-09 23:21:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-21 13:20:22 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-26 20:35:37 2713 --sh--w- c:\windows\system32\fapavifa.exe
2009-09-25 21:11:11 39424 --sha-w- c:\windows\system32\faseholu.dll
2009-09-26 20:35:36 2713 --sh--w- c:\windows\system32\fijiveni.dll
2009-09-26 20:35:37 2713 --sh--w- c:\windows\system32\gedekuye.dll
2009-09-25 21:12:18 53248 --sha-w- c:\windows\system32\gipekuya.dll
2009-09-25 01:22:21 45568 --sha-w- c:\windows\system32\jawepuwa.dll
2009-09-25 21:12:18 53248 --sha-w- c:\windows\system32\juzoteji.dll
2009-09-25 21:12:18 53248 --sha-w- c:\windows\system32\kejepuha.dll
2009-09-25 21:11:10 61440 --sha-w- c:\windows\system32\lekegafu.dll
2009-09-25 21:11:08 53248 --sha-w- c:\windows\system32\loguteyu.dll
2009-09-25 01:22:23 39424 --sha-w- c:\windows\system32\loyejosu.dll
2009-09-25 21:11:09 45568 --sha-w- c:\windows\system32\sabobosu.dll
2009-09-25 01:22:21 92160 --sha-w- c:\windows\system32\sojerire.dll
2009-09-25 21:11:08 92672 --sha-w- c:\windows\system32\yafakeje.dll
2009-06-11 13:56:02 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 15:59:02.94 ===============

RootRepeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/26 16:01
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: mchInjDrv.sys
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0xACFDD000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xABFE8000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splk.sys
Image Path: C:\Windows\System32\Drivers\splk.sys
Address: 0x84A90000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\spyware doctor\kdsinterface.txt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\programdata\spybot - search & destroy\proccache.sbc
Status: Size mismatch (API: 344, Raw: 276)

Path: c:\windows\temp\mcmsc_9m2zfgdxmc5amnb
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_3glkax2hjxke9et
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\Temp\WERE6E6.tmp.version.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\WERE6F7.tmp.appcompat.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\WERE820.tmp.hdmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_08e3747fa83e48bc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_acd0e4ffe1daef0a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.61242.0_none_e079b46b85043c20.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_390a91d20a21a864.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.60905.0_none_dd92b94d8a196297.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_c6e3d20ca2b1ebce.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~3.XRM
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\security-licensing-slc-component-sku-ocur-ppdlic.xrm-ms
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~2.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16386_none_9a0d805707fb1064\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\MICROS~1.CO~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_9b4ded6469d9c4a5\MICROS~1.CO~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16386_none_2e16e14b11c5e953\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9e939bf13c8e24e5\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9e939bf13c8e24e5\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_a0ca5ded397935b9\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_a0ca5ded397935b9\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_a2b5d6f9369b0105\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_a2b5d6f9369b0105\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18000_none_9c44425304e62138\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~2.XS~
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\ppdlic\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\ppdlic\SECURI~1.XRM
Status: Locked to the Windows API!

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.003
Status: Allocation size mismatch (API: 786432, Raw: 524288)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\MICROS~1.CO~
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\channels\OCUR\SECURI~3.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\channels\OCUR\SECURI~2.XRM
Status: Locked to the Windows API!

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.209.crwl
Status: Allocation size mismatch (API: 280, Raw: 8)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1196 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x875cc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x875ca1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x883c81f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8838c1f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_CREATE]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_CLOSE]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_CLEANUP]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: SmbP, IRP_MJ_PNP]
Process: System Address: 0x889681f8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_CREATE]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_CLOSE]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_CLEANUP]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: netbtY, IRP_MJ_PNP]
Process: System Address: 0x885db3c8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_CREATE]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_CLOSE]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_POWER]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉䀰足刴葯, IRP_MJ_PNP]
Process: System Address: 0x884021f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x875c81f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8835c1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x875cb1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x875cb1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x875cb1f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_CREATE]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_CLOSE]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_READ]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_WRITE]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_QUERY_EA]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SET_EA]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_CLEANUP]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SET_SECURITY]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_POWER]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_SET_QUOTA]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: mrxsmbꪠ赌І癅, IRP_MJ_PNP]
Process: System Address: 0x898e31f8 Size: 121

Object: Hidden Code [Driver: cdfsЇ慖⁤司蜒肘蛤㜈蜱敀昂ܠ, IRP_MJ_CREATE]
Process: System Address: 0x870651f8 Size: 121

Object: Hidden Code [Driver: cdfsЇ慖⁤司蜒肘蛤㜈蜱敀昂ܠ, IRP_MJ_CLOSE]
Process: System Address: 0x870651f8 Size: 121

Object: Hidden Code [Driver: cdfsЇ慖⁤司蜒肘蛤㜈蜱敀昂ܠ, IRP_MJ_READ]
Process: System Address: 0x870651f8 Size: 121

Object: Hidden Code [Driver: cdfsЇ慖⁤司蜒肘蛤㜈蜱敀昂ܠ, IRP_MJ_WRITE]
Process: System Address: 0x870651f8 Size: 121

Object: Hidden Code [Driver: cdfsЇ慖⁤司蜒肘蛤㜈蜱敀昂ܠ, IRP==EOF==

Attached Files


Edited by mghq, 26 December 2009 - 06:29 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 26 December 2009 - 08:35 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 26 December 2009 - 11:22 PM

Thank you for helping sam. Here is the OTL log:
OTL logfile created on: 12/26/2009 9:53:09 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.92 Gb Total Space | 21.42 Gb Free Space | 30.63% Space Free | Partition Type: NTFS
Drive D: | 69.37 Gb Total Space | 62.94 Gb Free Space | 90.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DYLAN-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
PRC - [2009/12/23 18:20:52 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/12/18 06:36:48 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/01 00:32:45 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 00:28:15 | 00,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 01:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/07/15 23:51:44 | 00,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/05 21:06:00 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 20:31:28 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2007/05/24 20:31:20 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/24 20:31:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/24 20:31:14 | 00,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/05/24 20:31:06 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 17:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/04/25 12:35:56 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/02/09 06:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/09 03:41:10 | 00,845,360 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/02 03:46:03 | 00,041,984 | ---- | M] (Netopsystems AG) -- C:\Windows\System32\FastNetSrv.exe
PRC - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/02/13 15:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/02/13 15:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2007/05/22 16:00:04 | 00,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/18 15:25:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 11:13:28 | 00,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/05/22 16:00:02 | 00,135,168 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/16 23:15:22 | 00,163,840 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 11:52:30 | 00,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 00,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 13:57:54 | 00,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/02 03:46:03 | 00,041,984 | ---- | M] (Netopsystems AG) [Auto | Running] -- C:\Windows\System32\FastNetSrv.exe -- (fastnetsrv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ClickTheStream Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2400844&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ClickTheStream Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://acer.yahoo.com/|http://yourgaminghubs.com/|http://gaminghubs.com|http://cashlagoon.com/|http://www.mygetpaidto.com/forum/|http://www.earnmoneyspace.com/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.4
FF - prefs.js..extensions.enabledItems: jetpack@labs.mozilla.com:0.7
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {23ad39a3-36e7-4d8e-92d2-ba116ee32c45}:1.0.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {24d1fe20-76df-11de-8a39-0800200c9a66}:2.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/25 14:16:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 06:37:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 23:22:19 | 00,000,000 | ---D | M]

[2009/05/23 17:24:47 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2009/12/25 19:02:57 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions
[2009/11/12 21:50:03 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009/12/23 19:05:27 | 00,000,000 | ---D | M] (Swoosty SEO Tools) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{23ad39a3-36e7-4d8e-92d2-ba116ee32c45}
[2009/10/09 16:27:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{24d1fe20-76df-11de-8a39-0800200c9a66}
[2009/05/24 14:05:05 | 00,000,000 | ---D | M] (HttpFox) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
[2009/11/02 17:48:18 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/07/02 11:50:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 17:24:46 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/01 14:58:47 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/12/23 19:04:42 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/12 23:14:44 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/05 09:44:23 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/12/23 19:04:59 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/07 09:03:15 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\firebug@software.joehewitt.com
[2009/12/23 19:05:24 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com
[2009/11/04 18:36:06 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\netvideohunter@netvideohunter.com
[2009/12/05 09:44:38 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\twitternotifier@naan.net
[2009/08/29 14:35:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\yyginstantplay@yoyogames.com
[2009/12/22 10:48:23 | 00,001,183 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\FireFox\Profiles\kzm8xq9x.default\searchplugins\swagbuckscom.xml
[2009/12/23 18:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/18 23:21:43 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (997 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 95.211.6.161 www.110mb.com
O1 - Hosts: 95.211.6.161 110mb.com
O1 - Hosts: 76.73.41.234 geekstep.com
O1 - Hosts: 76.73.41.234 www.geekstep.com
O1 - Hosts: 208.53.183.61 gaminghubs.com
O1 - Hosts: 208.53.183.61 www.gaminghubs.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\ah9AuzF4u.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\.DEFAULT..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKU\S-1-5-18..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [mebakeleh] C:\Windows\System32\yafakeje.DLL File not found
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.27.222.9 12.27.223.9
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (gipekuya.dll c:\windows\system32\yafakeje.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - C:\Windows\System32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/03/09 16:58:59 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 21:30:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 18:54:46 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2009/12/26 18:48:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/26 18:48:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/26 18:48:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/26 15:52:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/26 15:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/26 15:50:31 | 00,472,064 | ---- | C] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/25 16:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/12/25 15:30:48 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Rockstar Games
[2009/12/24 22:29:37 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 22:27:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009/12/24 22:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/12/24 21:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2009/12/24 19:06:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/24 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/24 07:03:15 | 00,000,000 | ---D | C] -- C:\ProgramData\yedibona
[2009/12/24 07:03:12 | 00,000,000 | ---D | C] -- C:\ProgramData\marokeru
[2009/12/24 07:03:11 | 00,000,000 | ---D | C] -- C:\ProgramData\vugivodi
[2009/12/23 18:53:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/12/23 10:16:19 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/19 13:27:07 | 00,000,000 | ---D | C] -- C:\Users\Acer\Documents\ؽ
[2009/12/19 13:26:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2009/12/19 12:07:10 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/12/19 12:06:39 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2009/12/18 23:23:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\PMB Files
[2009/12/18 23:23:19 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/12/18 23:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/12/15 14:00:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\Desktop\game
[2007/07/31 07:43:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/26 22:00:33 | 00,000,296 | ---- | M] () -- C:\Windows\tasks\soswmtcw.job
[2009/12/26 21:53:01 | 04,194,304 | -HS- | M] () -- C:\Users\Acer\ntuser.dat
[2009/12/26 21:51:27 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 21:51:27 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/26 21:47:10 | 00,011,808 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/12/26 21:46:14 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/26 21:44:41 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/26 21:44:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/26 21:44:25 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/12/26 21:44:13 | 21,369,89696 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 21:39:43 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\gupagaja
[2009/12/26 21:32:40 | 00,293,376 | ---- | M] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:31:27 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/26 21:31:27 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/26 21:31:27 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 21:21:51 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/26 21:21:51 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/26 21:21:49 | 03,267,175 | -H-- | M] () -- C:\Users\Acer\AppData\Local\IconCache.db
[2009/12/26 21:21:39 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | M] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | M] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:51:24 | 00,472,064 | ---- | M] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/26 15:30:57 | 00,524,288 | ---- | M] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 19:04:16 | 00,005,648 | ---- | M] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/12/25 17:53:54 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/12/25 17:28:38 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/12/25 16:31:45 | 00,001,749 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/24 22:29:37 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 21:10:11 | 00,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:10:30 | 00,253,832 | ---- | M] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | M] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/24 06:59:59 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/23 16:34:43 | 00,000,010 | RHS- | M] () -- C:\config.sys
[2009/12/22 14:47:50 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:26:46 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:26:46 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/19 17:05:29 | 00,056,202 | ---- | M] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:45:19 | 00,143,492 | ---- | M] () -- C:\Users\Acer\Desktop\Untitled.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 21:44:13 | 21,369,89696 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 21:32:23 | 00,293,376 | ---- | C] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:21:39 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | C] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | C] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:30:02 | 00,524,288 | ---- | C] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 16:31:45 | 00,001,749 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/25 15:11:13 | 00,000,296 | ---- | C] () -- C:\Windows\tasks\soswmtcw.job
[2009/12/24 21:10:11 | 00,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:09:40 | 00,253,832 | ---- | C] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | C] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:36:24 | 00,065,536 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/19 17:05:16 | 00,056,202 | ---- | C] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:30:21 | 00,143,492 | ---- | C] () -- C:\Users\Acer\Desktop\Untitled.jpg
[2009/11/27 22:32:44 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/10/13 19:49:31 | 00,025,053 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\addons.dat
[2009/10/04 15:22:24 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/15 17:38:39 | 00,000,561 | ---- | C] () -- C:\Windows\my.ini.old
[2009/09/13 20:40:46 | 00,000,316 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/08/27 21:12:23 | 00,000,004 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\94643B
[2009/08/27 21:12:22 | 00,870,128 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\mcs.rma
[2009/08/23 15:16:37 | 00,037,376 | ---- | C] () -- C:\Windows\System32\drivers\WMDrive.sys
[2009/08/23 07:56:25 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/21 15:17:03 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/07/19 19:44:20 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/18 21:04:49 | 00,003,120 | ---- | C] () -- C:\Windows\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2009/07/15 02:25:46 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/07/15 02:25:46 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/06/14 08:20:48 | 00,017,089 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\UserTile.png
[2009/06/08 20:49:12 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/08 19:47:02 | 00,040,960 | ---- | C] () -- C:\Windows\System32\GaugeSound.dll
[2009/05/27 14:48:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 14:48:16 | 00,061,440 | ---- | C] () -- C:\Windows\System32\Iasv32.dll
[2009/05/27 14:48:16 | 00,061,440 | ---- | C] () -- C:\Windows\System32\FastUv32.dll
[2009/05/27 14:48:16 | 00,002,304 | ---- | C] () -- C:\Windows\System32\winsts.sys
[2009/05/27 14:48:16 | 00,002,304 | ---- | C] () -- C:\Windows\System32\ndisdrv.sys
[2009/05/22 14:35:46 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/15 22:31:32 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/05/15 09:59:46 | 00,005,648 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/04/05 15:07:01 | 00,000,067 | ---- | C] () -- C:\Windows\ProductKeyExplorer.INI
[2009/03/10 18:49:14 | 00,008,704 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 17:13:42 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/07 16:24:52 | 00,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2009/03/07 15:53:47 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/07 15:44:22 | 00,000,054 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2009/03/07 15:41:01 | 00,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2008/10/22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/02/15 17:31:54 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/15 17:31:42 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/02/15 17:31:33 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/07/31 09:01:29 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 07:50:23 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 07:44:29 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 07:44:29 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 07:43:32 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 06:07:59 | 00,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 06:07:10 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 06:07:10 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/31 06:07:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 08:27:46 | 00,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006/11/02 03:46:03 | 00,000,003 | ---- | C] () -- C:\Windows\System32\FInstall.sys
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/03/26 08:56:40 | 00,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/05/23 14:10:03 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\.purple
[2008/02/16 07:19:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer
[2009/10/22 19:50:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Artisteer
[2009/10/10 10:26:42 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audacity
[2009/08/21 15:51:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audio Extractor
[2009/12/25 17:56:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\FileZilla
[2009/08/31 21:43:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GetRightToGo
[2009/08/21 21:17:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Gold Audio Suite
[2009/11/28 17:11:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\gtk-2.0
[2009/08/04 21:17:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\IObit
[2008/02/16 07:19:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Leadertech
[2009/04/11 12:12:17 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\NCH Swift Sound
[2009/07/08 12:39:08 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2009/09/19 18:11:25 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SeriousBit
[2009/09/15 18:28:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Stardock
[2009/05/22 13:52:46 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TeamViewer
[2009/10/06 13:06:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\uTorrent
[2009/08/23 17:12:32 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WinMount
[2009/10/24 20:34:24 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:03:07 | 00,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/26 21:38:01 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/12/26 22:00:33 | 00,000,296 | ---- | M] () -- C:\Windows\Tasks\soswmtcw.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 01:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 03:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: ENETHOOK.DLL >
[2007/05/22 16:00:04 | 00,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007/05/22 16:00:04 | 00,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Windows\System32\eNetHook.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 01:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 01:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 01:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 03:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 00:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:D00F0074
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Here is the contents of Extras.txt:
OTL Extras logfile created on: 12/26/2009 9:53:09 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.92 Gb Total Space | 21.42 Gb Free Space | 30.63% Space Free | Partition Type: NTFS
Drive D: | 69.37 Gb Total Space | 62.94 Gb Free Space | 90.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DYLAN-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0014EA53-0F67-4579-B6F8-4392844996B6}" = lport=85 | protocol=6 | dir=in | name=broadwave web server |
"{1D2D2A91-4C44-4E1D-84C0-3261CABA53B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E687EFE-FF85-454A-A7F5-99091F8559CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F347F90-DACD-4844-8F5C-62A32875A4D4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69D67920-1FB8-4F60-A532-92725D7EE801}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EA04174-338F-42B9-9EA0-7ED33630243A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AACA55C-A9CF-458C-A09B-C40BAA4CE8D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B507B1EE-73CF-45E2-919C-40AEA0077F9C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2B89225-0B50-4554-BBCE-D56C5C59C9A5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D1B45150-C9CB-4D6C-B2BD-69610C581571}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D781DCBF-D364-49DB-ABBA-D87A74A6A0D5}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040BB100-C31B-4E7B-A724-E007187D84EF}" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{0443FE6E-2C10-423C-8C19-B46711BC825F}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{04BE8D89-3035-4900-89FA-D0D8B52D345D}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{0BC162EB-C025-49BB-B173-BE976AE643BF}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{0F98A8D1-6F1A-467C-B75B-8C1A36C29EAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{144F498B-01DC-4D0B-9FFD-D791FC637C2D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{15CFE5B7-C026-48B6-8D43-03EA13FA5230}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{170BDD5B-68ED-488D-9D3A-9DAFB00C3DAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DC93D7D-2E62-4D4B-B56F-ED7E7760F1CE}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{26629073-E798-413D-84F8-68AD1D718635}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{28AC3FBB-0093-4DC3-B0F0-62F81B8B9D63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ACB6940-1DBF-47D5-996D-BC2057C63481}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{352EB8C8-900B-4C14-AB91-948D6AB52FC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3535CFC6-3A94-40B0-A5C9-DB57B7E65D1F}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{354FC90A-AB99-46D3-9B21-2B212F345330}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{35EA704C-C8D5-4E39-B589-16BA26A7B495}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{372DCB04-0CC7-40E3-BD94-AD2FF7615707}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3819329F-3381-4295-8B9F-5BD46953C6C5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{38B470E8-A441-4E96-B542-A3DB0D03818F}" = protocol=17 | dir=in | app=c:\windows\system32\lsm32.sys |
"{41439B38-A2B0-4E92-9D59-7C0B9086970B}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{43383504-56BB-46CF-AE58-E14BA538061E}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{45E7A25A-CB85-4EEB-ABFC-D8D61639A72C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4CB5F829-1368-4C6F-8261-103BF8DB324B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D9FFC9C-A468-40B6-977E-151EACB21850}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{53718D7E-6140-4012-A541-C26EF2BF72BB}" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"{5E2F5859-57D1-4F46-AF67-700EE9749865}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{65DF2625-FBF2-4F76-86A1-A609C43CCA45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{709BBAA2-8AC2-4F06-8A01-D9C2DCBE0A56}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7E4C2C1A-603F-47B4-B3D5-5C459269E148}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86102660-B214-453A-87B5-14C1AC5793A4}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{8D7B1A5C-CE90-4B59-B106-D37EE3D805CD}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"{90F5CA61-155D-4FAA-B6C1-43F93387FC93}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{9C8C56A9-8660-438B-8111-8FA6CFB8D010}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9F14DDC9-002C-41CA-939C-A3507706A073}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A83B05E2-3F4E-4BB0-9C71-D37B5D8B1118}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{BAC0CC70-0627-402A-A46C-7C1273576082}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BCF8B06D-E733-418C-8914-A750C204BE44}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1200B01-FE2D-4C77-86E4-51531917732A}" = protocol=6 | dir=in | app=c:\windows\temp\ixp000.tmp\pa0821.exe |
"{C7DAD5C2-E1BC-4D33-9131-E348725337AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBB0623F-B5C7-4951-9FD8-08FAF8EFB119}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CEF0FBA8-84FE-477B-8B45-E4CE376683FB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D4AC19AC-A1FC-4907-97EE-B37BDAEFAABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6C5568F-CE1D-4A09-BB8E-57DFD9A93916}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC1E9BEC-F58D-4E40-89C1-A1666FA0384E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE8E3D4B-D968-4080-A030-28E591CB9FBB}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DF36427F-E423-4AF2-ADFF-6D9F522B9097}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{E2F5E7ED-FE4C-43E5-ADE8-86266E1EC2D1}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E6AE3C81-75CD-4053-99A1-D76997850787}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{E748F82C-1370-4CBB-9234-7DD316C55DCB}" = protocol=6 | dir=out | app=system |
"{E8F47F7E-3E84-45E7-86BC-A75E28A339B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EFA05787-FEE0-44BC-9754-057493A8D605}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{F08C6B24-CE72-434D-B2CD-C1051F0CAB07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0A58D05-C136-42EB-B05E-2CB40880603E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA2D590B-E100-410E-BD8A-166F23ACAF2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD91CB2C-983B-4F10-A04F-8A5FAF2925C7}" = protocol=17 | dir=in | app=c:\windows\temp\ixp000.tmp\pa0821.exe |
"{FFB7CC8A-3ECB-458C-85C1-657744AC77AA}" = protocol=6 | dir=in | app=c:\windows\system32\lsm32.sys |
"TCP Query User{16E28A96-300F-44E4-B2FE-CB1C75CF64F3}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{1D92208F-F258-4056-BF25-3A5A2E144168}C:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{2159477E-801E-442D-94E9-1649A88524C7}G:\chami\html-kit\bin\htmlkit.exe" = protocol=6 | dir=in | app=g:\chami\html-kit\bin\htmlkit.exe |
"TCP Query User{229DD809-762C-4021-8772-1E50E7250EB0}C:\users\acer\desktop\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampplite\apache\bin\httpd.exe |
"TCP Query User{24464087-5A00-49E2-8431-1A5B962C48F1}C:\users\acer\documents\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{2C7D4652-CAC9-40B4-9029-512A1DD44F23}C:\users\acer\documents\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{30B2A018-5DD5-44A4-AAAC-F90872BA49F3}C:\users\acer\desktop\webhost\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\webhost\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{3509F822-C2DC-4957-A0A2-FF4CC12C14A2}G:\chami\html-kit\bin\htmlkit.exe" = protocol=6 | dir=in | app=g:\chami\html-kit\bin\htmlkit.exe |
"TCP Query User{382805CE-2BF8-40D3-BE10-12413D3FAE1B}G:\joomlapack native tools\joomlapackremote.exe" = protocol=6 | dir=in | app=g:\joomlapack native tools\joomlapackremote.exe |
"TCP Query User{3830B891-4474-4C9D-85B5-BA9FBA45779F}C:\users\acer\documents\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampplite\apache\bin\httpd.exe |
"TCP Query User{38C9B3B5-DBE0-4C8A-A75A-95C0AE9DA9A4}C:\users\acer\desktop\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampp\apache\bin\apache.exe |
"TCP Query User{5E9E1244-0601-4790-81A2-76B9F30D6B5B}C:\users\acer\desktop\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampp\mysql\bin\mysqld.exe |
"TCP Query User{6F46B674-F180-4C10-81CF-CD471FBCBE4B}C:\program files\spaun\livezilla\livezilla server admin.exe" = protocol=6 | dir=in | app=c:\program files\spaun\livezilla\livezilla server admin.exe |
"TCP Query User{722DC965-4664-4588-835F-419E53F1A55E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{73E97076-85A3-4064-B33B-2A1B695827D5}C:\program files\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"TCP Query User{78E4A4C3-0524-4764-AF2E-8D631E65BC64}C:\users\acer\documents\xampp\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampp\xampplite\apache\bin\httpd.exe |
"TCP Query User{7A6AE7F6-E2CA-4120-AE8D-6F2E3043478F}C:\program files\shoutcast\sc_serv.exe" = protocol=6 | dir=in | app=c:\program files\shoutcast\sc_serv.exe |
"TCP Query User{7EAF6A91-F3B8-4F20-B313-1AE23736133A}C:\users\acer\desktop\files\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\files\xampplite\apache\bin\httpd.exe |
"TCP Query User{81181A31-9BA6-426A-B844-ED6E252CAE68}C:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{82D2491E-B8B4-4DA5-9390-870F8FE12ACE}C:\users\acer\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{8E30D690-6BF6-4D41-BB2B-69219F8E882A}C:\users\acer\desktop\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\visualboyadvance.exe |
"TCP Query User{8ED9153B-AC34-426B-B768-003A71A4BA8B}C:\users\acer\documents\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampplite\apache\bin\httpd.exe |
"TCP Query User{95E93DC7-1986-47A6-A826-6F6985BBB12F}C:\program files\livezilla\livezilla server admin.exe" = protocol=6 | dir=in | app=c:\program files\livezilla\livezilla server admin.exe |
"TCP Query User{A210C2C5-8E5E-4D3D-A1AC-64E2F23BB089}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{AA2043C6-89BB-4182-901B-03A9582C4E91}G:\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=g:\xampplite\apache\bin\httpd.exe |
"TCP Query User{B00F8FDF-686C-4A7A-A1AD-29ABC0435AF6}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{B0D187F0-D643-4A35-B63E-A0D739DDEE83}C:\users\acer\appdata\local\temp\pyl628a.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\temp\pyl628a.tmp\pyrun.exe |
"TCP Query User{B4949B35-9EC8-4652-A53C-54523954FD67}G:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{B4F94CC4-1D7B-4CA5-84CF-043EB6FE659F}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B9E99F39-4373-4E16-B243-6349E92DED98}C:\users\acer\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\acer\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{C445EAC7-BEBB-4A1D-8230-3737F7BB8F52}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C7A219B0-2AC0-4A56-A256-5B7826ED1C96}C:\users\acer\desktop\files\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\files\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{C9C5A84B-5271-4FAC-8AC7-20D49B09746A}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=6 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"TCP Query User{D0F89827-00E3-4BF6-9924-1A2320AB1A2E}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"TCP Query User{D1232E3B-5F91-4183-AFF0-F6E27354BA04}C:\users\acer\desktop\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\xampplite\apache\bin\httpd.exe |
"TCP Query User{D6DD9CD2-237E-40E2-8FB2-7C28CA34B8BD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E9362382-EBB8-476D-82F6-540896E160A2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ECBC29CD-F748-4CB1-9F66-6A66C5702DCA}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"TCP Query User{F912C1D7-463F-439D-8EF0-1521BC63FD24}C:\users\acer\desktop\webhost\xampplite\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\acer\desktop\webhost\xampplite\apache\bin\httpd.exe |
"TCP Query User{FB9455C3-FA87-43A9-9516-41944E771845}C:\users\acer\documents\xampp\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\acer\documents\xampp\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{FC5DFEDD-128D-4271-B687-8717CEFAF6F9}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=6 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"UDP Query User{015249C0-2503-4971-B29C-EF2D2D91AA25}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F51A554-7734-4540-8161-0F58B31E592C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1CAFF3B5-999F-4D07-9C97-7625241D7BF1}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"UDP Query User{1E804DA6-7A46-44CD-B032-1AB90B3E6647}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{1ECD7AF3-6850-435D-85C9-95F9116CD1B4}C:\users\acer\documents\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{1ED3FB60-F2CD-477D-9592-39ACAD8C3A33}C:\users\acer\appdata\local\temp\pyl628a.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\temp\pyl628a.tmp\pyrun.exe |
"UDP Query User{27E4545B-821F-4A0E-9615-7E6602E1607B}G:\chami\html-kit\bin\htmlkit.exe" = protocol=17 | dir=in | app=g:\chami\html-kit\bin\htmlkit.exe |
"UDP Query User{2C8FBAB4-8C52-4EA0-A071-0AD576DD266F}C:\users\acer\documents\xampp\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampp\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{373B323E-9401-4428-9345-8A14BB5F927E}G:\joomlapack native tools\joomlapackremote.exe" = protocol=17 | dir=in | app=g:\joomlapack native tools\joomlapackremote.exe |
"UDP Query User{3B8D204E-18D4-449E-805E-2C73F77E0753}C:\users\acer\documents\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{3FC97DA8-B004-4AE2-84EB-40656C2C8BF2}C:\users\acer\desktop\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampplite\apache\bin\httpd.exe |
"UDP Query User{43E409FF-5EAD-4330-9AF9-9B17E34163AE}C:\users\acer\desktop\webhost\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\webhost\xampplite\apache\bin\httpd.exe |
"UDP Query User{52D489F5-C9B7-4D0A-BA63-3CE28DC2E9E9}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=17 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"UDP Query User{5C9AF971-3DAA-4D02-81CC-381E0DAF07B5}C:\program files\chami\html-kit\bin\htmlkit.exe" = protocol=17 | dir=in | app=c:\program files\chami\html-kit\bin\htmlkit.exe |
"UDP Query User{5E462362-FAEA-4844-9BA2-70142565438E}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"UDP Query User{71A81E3C-96E1-4FA1-A545-59E7A0A6BA2D}C:\users\acer\desktop\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampp\apache\bin\apache.exe |
"UDP Query User{721C6A18-020B-4905-A60D-F1E294ADC94B}C:\users\acer\documents\xampp\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampp\xampplite\apache\bin\httpd.exe |
"UDP Query User{791AE355-0379-4753-AEEB-18EEDE4CEC0A}C:\users\acer\documents\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampplite\apache\bin\httpd.exe |
"UDP Query User{7A0367B4-67CB-4731-8898-FFC9BEEC4B06}C:\program files\spaun\livezilla\livezilla server admin.exe" = protocol=17 | dir=in | app=c:\program files\spaun\livezilla\livezilla server admin.exe |
"UDP Query User{7BAA4569-D522-415E-AF3C-A723095DD328}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{862FCD70-A97A-44F1-9897-085EC339D949}C:\users\acer\desktop\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampp\mysql\bin\mysqld.exe |
"UDP Query User{86D81002-515B-48B6-8653-E7BA627D28CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0C06F8F-1119-437D-9849-3D83C3C40988}C:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{A1768921-4494-4426-9F5C-E19DCECD7352}C:\program files\shoutcast\sc_serv.exe" = protocol=17 | dir=in | app=c:\program files\shoutcast\sc_serv.exe |
"UDP Query User{A1A49A47-5EC9-4EA9-92AB-810008D8702D}C:\users\acer\documents\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\documents\xampplite\apache\bin\httpd.exe |
"UDP Query User{AAA41D5E-FF41-4F63-8963-CE728A388265}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"UDP Query User{AE6C6D6D-B0C5-4E16-8C22-563887806B90}C:\program files\livezilla\livezilla server admin.exe" = protocol=17 | dir=in | app=c:\program files\livezilla\livezilla server admin.exe |
"UDP Query User{B02872C9-E1EA-4958-BDFF-0E23F8661642}G:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{B359B83E-398C-491B-AEF3-618EC72F5DF8}C:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{B3A5DCB4-B19C-4E73-AFF7-FC4C4F8AFB46}C:\users\acer\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\acer\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{BD63B300-FBFF-49AB-82F5-CA4A2B7EB9C0}C:\users\acer\desktop\files\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\files\xampplite\apache\bin\httpd.exe |
"UDP Query User{C32AE229-7DB1-40B8-87F0-31B8F120B770}C:\program files\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files\windows media components\encoder\wmenc.exe |
"UDP Query User{C5C57C5A-EAA2-4105-93A0-0E26376F241C}G:\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=g:\xampplite\apache\bin\httpd.exe |
"UDP Query User{D5291B9D-CD1B-4F06-8443-2E32A2BB2EFF}C:\users\acer\desktop\webhost\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\webhost\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{D6F0AF1B-E8E9-463E-9AF9-CA72E4A8FF75}C:\users\acer\desktop\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\visualboyadvance.exe |
"UDP Query User{DDC158E4-25F9-4A00-934A-8A2B22B065D7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E1708953-5773-4ABC-A728-928D0271E5C9}C:\users\acer\desktop\xampplite\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\xampplite\apache\bin\httpd.exe |
"UDP Query User{EA3A402E-99B2-427F-AE5D-1429F66BDD38}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{EC872F86-3943-4969-874E-C8F6BBC6440C}C:\users\acer\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{FBA84D57-025D-44E1-ADE6-6873A9714044}C:\users\acer\desktop\files\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\acer\desktop\files\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{FEA4FB8D-EDB2-4C32-BA6B-8D9C4BF1FC48}G:\chami\html-kit\bin\htmlkit.exe" = protocol=17 | dir=in | app=g:\chami\html-kit\bin\htmlkit.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX5000 Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1" = Sothink Web Video Downloader
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A9B824-75D4-4702-B0FA-0305FBECCF4E}_is1" = Sothink Quicker for Silverlight
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Disney Toontown Online" = Disney Toontown Online
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.6.1
"Gold Audio Suite_is1" = Gold Audio Suite v3.2.1.2
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HTMLKit_is1" = HTML-Kit
"InstallShield_{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSC" = McAfee SecurityCenter
"Seven Remix" = Seven Remix 1.0
"Spyware Doctor" = Spyware Doctor 6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TUGZip_is1" = TUGZip 3.5
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"WinGimp-2.0_is1" = GIMP 2.6.7
"winscp3_is1" = WinSCP 4.1.9
"Wondershare FLV Downloader Pro_is1" = Wondershare FLV Downloader Pro(Build 1.4.1.16)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2009 5:47:17 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application capuserv.exe, version 1.0.0.0, time stamp 0x4664c6c6,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0001136c, process id 0xd98, application start time 0x01ca84e2a897c898.

Error - 12/24/2009 5:47:28 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application ePowerSvc.exe, version 2.5.4014.0, time stamp
0x464b11f9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0xe48, application start time
0x01ca84e2af0327b8.

Error - 12/24/2009 5:50:39 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x4b18b14e, faulting module svchost.exe, version 6.0.6001.18000, time stamp 0x4b18b14e,
exception code 0xc0000005, fault offset 0x000019fc, process id 0x1454, application
start time 0x01ca84e31fd069d8.

Error - 12/24/2009 5:52:16 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE, version
2.5.4006.0, time stamp 0x462ecc99, faulting module unknown, version 0.0.0.0, time
stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id
0x1394, application start time 0x01ca84e358f021b8.

Error - 12/24/2009 5:52:20 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application EPOWER_DMC.EXE, version 2.5.4014.0, time stamp
0x464bb1d4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0001136c, process id 0x20c, application start time
0x01ca84e358028d68.

Error - 12/24/2009 5:52:20 PM | Computer Name = Dylan-PC | Source = Application Error | ID = 1000
Description = Faulting application ENMTRAY.EXE, version 2.6.4.7, time stamp 0x4652943e,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0001136c, process id 0x130c, application start time 0x01ca84e357756898.

Error - 12/24/2009 6:14:51 PM | Computer Name = Dylan-PC | Source = SPP | ID = 16387
Description =

Error - 12/24/2009 6:14:51 PM | Computer Name = Dylan-PC | Source = System Restore | ID = 8193
Description =

Error - 12/24/2009 6:16:34 PM | Computer Name = Dylan-PC | Source = SPP | ID = 16387
Description =

Error - 12/24/2009 6:16:34 PM | Computer Name = Dylan-PC | Source = System Restore | ID = 8193
Description =

[ OSession Events ]
Error - 4/16/2009 9:32:15 PM | Computer Name = Acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/26/2009 11:45:54 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2009 11:45:54 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2009 11:45:54 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/26/2009 11:45:54 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2009 11:45:59 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/26/2009 11:46:00 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2009 11:46:13 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/26/2009 11:46:13 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/26/2009 11:46:28 PM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/27/2009 12:12:38 AM | Computer Name = Dylan-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >


I will post GMER shortly, it crashed my computer before

Edit: GMER keeps crashing my computer causing a BSOD saying something about a thread.
Also, i guess i did not completely fix the Internet Security 2010 problem.
Her is one file i have in Malwarebytes FastNetSrv.exe, but it will not delete

Edited by mghq, 26 December 2009 - 11:56 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 27 December 2009 - 10:42 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
    O4 - HKU\S-1-5-18..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe File not found
    O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [mebakeleh] C:\Windows\System32\yafakeje.DLL File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - AppInit_DLLs: (gipekuya.dll c:\windows\system32\yafakeje.dll) - File not found
    [2009/12/26 22:00:33 | 00,000,296 | ---- | M] () -- C:\Windows\tasks\soswmtcw.job
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

======================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 December 2009 - 02:28 PM

Here is the contents after the run fix:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 not found.
Registry value HKEY_USERS\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mebakeleh not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gipekuya.dll c:\windows\system32\yafakeje.dll deleted successfully.
C:\Windows\Tasks\soswmtcw.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 18073269 bytes
->Temporary Internet Files folder emptied: 10157944 bytes
->Java cache emptied: 55575074 bytes
->FireFox cache emptied: 63465793 bytes
->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mghq
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 20562664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32934 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 160.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12272009_131746

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcmsc_Gytx3Pc7vp2yvv2 not found!
File\Folder C:\Windows\temp\mcmsc_HZb0aehs9beZAPz not found!
File\Folder C:\Windows\temp\mcmsc_S8gxGiIoRXOG1cR not found!
File\Folder C:\Windows\temp\sqlite_FqkMPnnI2eOtHvO not found!
File\Folder C:\Windows\temp\sqlite_pmMrfbPSscqqXet not found!
File\Folder C:\Windows\temp\sqlite_W4zL2a7d0VIy0Ow not found!
File\Folder C:\Windows\temp\sqlite_Z3vefIeezxxfUI8 not found!
C:\Windows\temp\WERD8D3.tmp.hdmp moved successfully.

Registry entries deleted on Reboot...


I will post the new OTL scan shortly along with the malwarebytes

EDIT, here is the new OTL Scan:
OTL logfile created on: 12/27/2009 1:29:15 PM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.92 Gb Total Space | 21.61 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive D: | 69.37 Gb Total Space | 62.94 Gb Free Space | 90.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DYLAN-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/27 13:25:37 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
PRC - [2009/12/18 06:36:48 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/01 00:32:45 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 01:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/07/15 23:51:44 | 00,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/05 21:06:00 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 20:31:28 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2007/05/24 20:31:20 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/24 20:31:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/24 20:31:14 | 00,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/05/24 20:31:06 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 17:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/02/09 06:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/09 03:41:10 | 00,845,360 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/02/13 15:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/02/13 15:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2007/05/22 16:00:04 | 00,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/18 15:25:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 11:13:28 | 00,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/05/22 16:00:02 | 00,135,168 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/16 23:15:22 | 00,163,840 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 11:52:30 | 00,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 00,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 13:57:54 | 00,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ClickTheStream Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2400844&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ClickTheStream Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://acer.yahoo.com/|http://yourgaminghubs.com/|http://gaminghubs.com|http://cashlagoon.com/|http://www.mygetpaidto.com/forum/|http://www.earnmoneyspace.com/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.4
FF - prefs.js..extensions.enabledItems: jetpack@labs.mozilla.com:0.7
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {23ad39a3-36e7-4d8e-92d2-ba116ee32c45}:1.0.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {24d1fe20-76df-11de-8a39-0800200c9a66}:2.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/25 14:16:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 06:37:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 23:22:19 | 00,000,000 | ---D | M]

[2009/05/23 17:24:47 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2009/12/26 22:30:51 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions
[2009/11/12 21:50:03 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009/12/23 19:05:27 | 00,000,000 | ---D | M] (Swoosty SEO Tools) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{23ad39a3-36e7-4d8e-92d2-ba116ee32c45}
[2009/10/09 16:27:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{24d1fe20-76df-11de-8a39-0800200c9a66}
[2009/05/24 14:05:05 | 00,000,000 | ---D | M] (HttpFox) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
[2009/11/02 17:48:18 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/07/02 11:50:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 17:24:46 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/01 14:58:47 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/12/23 19:04:42 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/12 23:14:44 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/05 09:44:23 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/12/23 19:04:59 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/07 09:03:15 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\firebug@software.joehewitt.com
[2009/12/23 19:05:24 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com
[2009/11/04 18:36:06 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\netvideohunter@netvideohunter.com
[2009/12/05 09:44:38 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\twitternotifier@naan.net
[2009/08/29 14:35:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\yyginstantplay@yoyogames.com
[2009/12/22 10:48:23 | 00,001,183 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Mozilla\FireFox\Profiles\kzm8xq9x.default\searchplugins\swagbuckscom.xml
[2009/12/23 18:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/18 23:21:43 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (997 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 95.211.6.161 www.110mb.com
O1 - Hosts: 95.211.6.161 110mb.com
O1 - Hosts: 76.73.41.234 geekstep.com
O1 - Hosts: 76.73.41.234 www.geekstep.com
O1 - Hosts: 208.53.183.61 gaminghubs.com
O1 - Hosts: 208.53.183.61 www.gaminghubs.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\ah9AuzF4u.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.27.222.9 12.27.223.9
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (gipekuya.dll c:\windows\system32\yafakeje.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/27 13:17:46 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/26 21:30:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 18:54:46 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2009/12/26 18:48:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/26 18:48:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/26 18:48:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/26 15:52:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/26 15:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/26 15:50:31 | 00,472,064 | ---- | C] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/25 16:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/12/25 15:30:48 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Rockstar Games
[2009/12/24 22:29:37 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 22:27:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009/12/24 22:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/12/24 21:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2009/12/24 19:06:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/24 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/23 18:53:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/12/23 10:16:19 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/19 13:27:07 | 00,000,000 | ---D | C] -- C:\Users\Acer\Documents\ؽ
[2009/12/19 13:26:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2009/12/19 12:07:10 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/12/19 12:06:39 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2009/12/18 23:23:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\PMB Files
[2009/12/18 23:23:19 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/12/18 23:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/12/15 14:00:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\Desktop\game
[2007/07/31 07:43:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 14 Days ==========

[2009/12/27 13:40:45 | 04,194,304 | -HS- | M] () -- C:\Users\Acer\ntuser.dat
[2009/12/27 13:38:22 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/27 13:28:15 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/27 13:28:15 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/27 13:28:15 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/27 13:26:00 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/27 13:26:00 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/27 13:24:46 | 00,011,808 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/12/27 13:23:47 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/27 13:22:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/27 13:22:45 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/12/27 13:22:30 | 21,369,89696 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 13:21:16 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 13:21:16 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/26 23:57:31 | 03,278,967 | -H-- | M] () -- C:\Users\Acer\AppData\Local\IconCache.db
[2009/12/26 21:39:43 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\gupagaja
[2009/12/26 21:32:40 | 00,293,376 | ---- | M] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 21:21:39 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | M] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | M] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:51:24 | 00,472,064 | ---- | M] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/26 15:30:57 | 00,524,288 | ---- | M] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 19:04:16 | 00,005,648 | ---- | M] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/12/25 17:53:54 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/12/25 17:28:38 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/12/25 16:31:45 | 00,001,749 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/24 22:29:37 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 21:10:11 | 00,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:10:30 | 00,253,832 | ---- | M] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | M] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/24 06:59:59 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/23 16:34:43 | 00,000,010 | RHS- | M] () -- C:\config.sys
[2009/12/22 14:47:50 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:26:46 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:26:46 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/19 17:05:29 | 00,056,202 | ---- | M] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:45:19 | 00,143,492 | ---- | M] () -- C:\Users\Acer\Desktop\Untitled.jpg

========== Files Created - No Company Name ==========

[2009/12/26 21:44:13 | 21,369,89696 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 21:32:23 | 00,293,376 | ---- | C] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:21:39 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | C] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | C] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:30:02 | 00,524,288 | ---- | C] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 16:31:45 | 00,001,749 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/24 21:10:11 | 00,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:09:40 | 00,253,832 | ---- | C] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | C] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:36:24 | 00,065,536 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/19 17:05:16 | 00,056,202 | ---- | C] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:30:21 | 00,143,492 | ---- | C] () -- C:\Users\Acer\Desktop\Untitled.jpg
[2009/11/27 22:32:44 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/10/13 19:49:31 | 00,025,053 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\addons.dat
[2009/10/04 15:22:24 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/15 17:38:39 | 00,000,561 | ---- | C] () -- C:\Windows\my.ini.old
[2009/09/13 20:40:46 | 00,000,316 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/08/27 21:12:23 | 00,000,004 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\94643B
[2009/08/27 21:12:22 | 00,870,128 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\mcs.rma
[2009/08/23 15:16:37 | 00,037,376 | ---- | C] () -- C:\Windows\System32\drivers\WMDrive.sys
[2009/08/23 07:56:25 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/21 15:17:03 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/07/19 19:44:20 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/18 21:04:49 | 00,003,120 | ---- | C] () -- C:\Windows\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2009/07/15 02:25:46 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/07/15 02:25:46 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/06/14 08:20:48 | 00,017,089 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\UserTile.png
[2009/06/08 20:49:12 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/08 19:47:02 | 00,040,960 | ---- | C] () -- C:\Windows\System32\GaugeSound.dll
[2009/05/27 14:48:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 14:48:16 | 00,061,440 | ---- | C] () -- C:\Windows\System32\Iasv32.dll
[2009/05/27 14:48:16 | 00,002,304 | ---- | C] () -- C:\Windows\System32\ndisdrv.sys
[2009/05/22 14:35:46 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/15 22:31:32 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/05/15 09:59:46 | 00,005,648 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/04/05 15:07:01 | 00,000,067 | ---- | C] () -- C:\Windows\ProductKeyExplorer.INI
[2009/03/10 18:49:14 | 00,008,704 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 17:13:42 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/07 16:24:52 | 00,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2009/03/07 15:53:47 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/07 15:44:22 | 00,000,054 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2009/03/07 15:41:01 | 00,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2008/10/22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/02/15 17:31:54 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/15 17:31:42 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/02/15 17:31:33 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/07/31 09:01:29 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 07:50:23 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 07:44:29 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 07:44:29 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 07:43:32 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 06:07:59 | 00,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 06:07:10 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 06:07:10 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/31 06:07:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 08:27:46 | 00,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006/11/02 03:46:03 | 00,000,003 | ---- | C] () -- C:\Windows\System32\FInstall.sys
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/03/26 08:56:40 | 00,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/05/23 14:10:03 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\.purple
[2008/02/16 07:19:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer
[2009/10/22 19:50:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Artisteer
[2009/10/10 10:26:42 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audacity
[2009/08/21 15:51:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audio Extractor
[2009/12/25 17:56:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\FileZilla
[2009/08/31 21:43:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GetRightToGo
[2009/08/21 21:17:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Gold Audio Suite
[2009/11/28 17:11:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\gtk-2.0
[2009/08/04 21:17:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\IObit
[2008/02/16 07:19:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Leadertech
[2009/04/11 12:12:17 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\NCH Swift Sound
[2009/07/08 12:39:08 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2009/09/19 18:11:25 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SeriousBit
[2009/09/15 18:28:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Stardock
[2009/05/22 13:52:46 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TeamViewer
[2009/10/06 13:06:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\uTorrent
[2009/08/23 17:12:32 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WinMount
[2009/10/24 20:34:24 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:03:07 | 00,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/27 13:21:26 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:D00F0074
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

My computer crashed while scanning in malwarebytes. I will be doing it in pieces so it wont crash.

Here is the D Drive results, will try to post C Drive Soon:
Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

12/26/2009 9:41:59 PM
mbam-log-2009-12-26 (21-41-59).txt

Scan type: Quick Scan
Objects scanned: 18211
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\juzoteji.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\Windows\System32\yafakeje.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5acff12-ff5c-4137-8cc8-0472347e2a49} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mebakeleh (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5acff12-ff5c-4137-8cc8-0472347e2a49} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hawivugos (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: juzoteji.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yafakeje.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yafakeje.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gipekuya.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\juzoteji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\yafakeje.dll (Trojan.Vundo.H) -> Delete on reboot.

Edited by mghq, 27 December 2009 - 04:20 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 28 December 2009 - 09:43 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - AppInit_DLLs: (gipekuya.dll c:\windows\system32\yafakeje.dll) - File not found
    
    :Files
    C:\Windows\System32\juzoteji.dll 
    C:\Windows\System32\yafakeje.dll 
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 28 December 2009 - 07:54 PM

Here is after "run fix":
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gipekuya.dll c:\windows\system32\yafakeje.dll deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\juzoteji.dll not found.
File\Folder C:\Windows\System32\yafakeje.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 553951 bytes
->Temporary Internet Files folder emptied: 3884102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36467553 bytes
->Google Chrome cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mghq
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 231606 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 12282009_184802

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_IMQinOYdopfaMVJ not found!
File\Folder C:\Windows\temp\mcmsc_1fiIjycEBlSHtYt not found!
File\Folder C:\Windows\temp\mcmsc_nfhgDhCWZhcZb4A not found!
File\Folder C:\Windows\temp\mcmsc_rLtKoL5f7pQkDdQ not found!
File\Folder C:\Windows\temp\sqlite_hIVhGwK0Tqdya1g not found!
File\Folder C:\Windows\temp\sqlite_hZkqjrzki47WlPw not found!
File\Folder C:\Windows\temp\sqlite_UkmLCv7svPiHc6o not found!
File\Folder C:\Windows\temp\sqlite_ulE90p4WM3FLNaJ not found!

Registry entries deleted on Reboot...


I will be posting a new scan here shortly, my computer's browser search's are still being hijacked every few search's. IE is no longer popping up randomly, to a antivirus or software website

Here is the newly run log
OTL logfile created on: 12/28/2009 6:57:31 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.92 Gb Total Space | 21.61 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive D: | 69.37 Gb Total Space | 62.94 Gb Free Space | 90.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DYLAN-PC
Current User Name: Acer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 18:52:58 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
PRC - [2009/12/18 06:36:48 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/01 00:32:45 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/11 00:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 00:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 01:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/07/15 23:51:44 | 00,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/07/05 21:06:00 | 04,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/24 20:31:28 | 00,142,104 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2007/05/24 20:31:20 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/24 20:31:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/24 20:31:14 | 00,166,680 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/05/24 20:31:06 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/25 17:33:36 | 00,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007/02/09 06:35:54 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/02/09 03:41:10 | 00,845,360 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 00,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/04/11 00:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/02/13 15:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/02/13 15:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2007/05/22 16:00:04 | 00,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (FirebirdServerDefaultInstance)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 12:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/18 15:25:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/21 14:08:06 | 01,095,560 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 00,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 11:13:28 | 00,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/05/22 16:00:02 | 00,135,168 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/16 23:15:22 | 00,163,840 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 17:34:30 | 00,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 11:52:30 | 00,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 06:26:50 | 00,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/29 23:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 13:57:54 | 00,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/04 22:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ClickTheStream Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2400844&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://acer.yahoo.com/|http://yourgaminghubs.com/|http://gaminghubs.com|http://cashlagoon.com/|http://www.mygetpaidto.com/forum/|http://www.earnmoneyspace.com/forum/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.4
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.4
FF - prefs.js..extensions.enabledItems: jetpack@labs.mozilla.com:0.7
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {23ad39a3-36e7-4d8e-92d2-ba116ee32c45}:1.0.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {24d1fe20-76df-11de-8a39-0800200c9a66}:2.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/25 14:16:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 06:37:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 23:22:19 | 00,000,000 | ---D | M]

[2009/05/23 17:24:47 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Extensions
[2009/12/27 22:42:42 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions
[2009/11/12 21:50:03 | 00,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009/12/23 19:05:27 | 00,000,000 | ---D | M] (Swoosty SEO Tools) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{23ad39a3-36e7-4d8e-92d2-ba116ee32c45}
[2009/10/09 16:27:18 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{24d1fe20-76df-11de-8a39-0800200c9a66}
[2009/05/24 14:05:05 | 00,000,000 | ---D | M] (HttpFox) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}
[2009/11/02 17:48:18 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/07/02 11:50:51 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 17:24:46 | 00,000,000 | ---D | M] (FireFTP) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/01 14:58:47 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/12/23 19:04:42 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/12 23:14:44 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/05 09:44:23 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/12/23 19:04:59 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/07 09:03:15 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\firebug@software.joehewitt.com
[2009/12/23 19:05:24 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com
[2009/11/04 18:36:06 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\netvideohunter@netvideohunter.com
[2009/12/05 09:44:38 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\twitternotifier@naan.net
[2009/08/29 14:35:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\yyginstantplay@yoyogames.com
[2009/12/23 18:44:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/18 23:21:43 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (997 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 95.211.6.161 www.110mb.com
O1 - Hosts: 95.211.6.161 110mb.com
O1 - Hosts: 76.73.41.234 geekstep.com
O1 - Hosts: 76.73.41.234 www.geekstep.com
O1 - Hosts: 208.53.183.61 gaminghubs.com
O1 - Hosts: 208.53.183.61 www.gaminghubs.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\ah9AuzF4u.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1917168828-3472043916-1911176189-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...eb-20070115.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.27.222.9 12.27.223.9
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - AppInit_DLLs: (gipekuya.dll c:\windows\system32\yafakeje.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/27 13:17:46 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/26 21:30:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 18:54:46 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\Malwarebytes
[2009/12/26 18:48:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/26 18:48:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/26 18:48:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/26 15:52:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/26 15:52:39 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/26 15:50:31 | 00,472,064 | ---- | C] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/25 16:29:34 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/12/25 15:30:48 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\Rockstar Games
[2009/12/24 22:29:37 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 22:27:23 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009/12/24 22:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/12/24 21:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2009/12/24 19:06:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/24 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/23 18:53:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/12/23 10:16:19 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/19 13:27:07 | 00,000,000 | ---D | C] -- C:\Users\Acer\Documents\ؽ
[2009/12/19 13:26:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2009/12/19 12:07:10 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/12/19 12:06:39 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2009/12/18 23:23:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\PMB Files
[2009/12/18 23:23:19 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/12/18 23:20:59 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/12/15 14:00:54 | 00,000,000 | ---D | C] -- C:\Users\Acer\Desktop\game
[2007/07/31 07:43:36 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 14 Days ==========

[2009/12/28 18:56:06 | 04,194,304 | -HS- | M] () -- C:\Users\Acer\ntuser.dat
[2009/12/28 18:55:42 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/28 18:55:42 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/28 18:55:42 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/28 18:52:57 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/28 18:52:57 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/28 18:52:12 | 00,011,970 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/12/28 18:51:12 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/28 18:50:21 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/28 18:50:06 | 00,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2009/12/28 18:49:53 | 21,369,89696 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 18:48:49 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 18:48:49 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/28 18:38:15 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/28 13:34:04 | 00,004,527 | ---- | M] () -- C:\Users\Acer\Desktop\ownerbar.png
[2009/12/28 13:16:04 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/12/27 22:52:20 | 03,435,504 | -H-- | M] () -- C:\Users\Acer\AppData\Local\IconCache.db
[2009/12/26 21:39:43 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\gupagaja
[2009/12/26 21:32:40 | 00,293,376 | ---- | M] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:30:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.exe
[2009/12/26 21:21:39 | 00,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | M] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | M] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:51:24 | 00,472,064 | ---- | M] ( ) -- C:\Users\Acer\Desktop\RootRepeal.exe
[2009/12/26 15:30:57 | 00,524,288 | ---- | M] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 19:04:16 | 00,005,648 | ---- | M] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/12/25 17:28:38 | 00,000,600 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/12/25 16:31:45 | 00,001,749 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/24 22:29:37 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/12/24 21:10:11 | 00,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:10:30 | 00,253,832 | ---- | M] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | M] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/24 06:59:59 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/23 16:34:43 | 00,000,010 | RHS- | M] () -- C:\config.sys
[2009/12/22 14:47:50 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:26:46 | 00,524,288 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:26:46 | 00,065,536 | -HS- | M] () -- C:\Users\Acer\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/12/19 17:05:29 | 00,056,202 | ---- | M] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:45:19 | 00,143,492 | ---- | M] () -- C:\Users\Acer\Desktop\Untitled.jpg

========== Files Created - No Company Name ==========

[2009/12/28 13:33:26 | 00,004,527 | ---- | C] () -- C:\Users\Acer\Desktop\ownerbar.png
[2009/12/26 21:44:13 | 21,369,89696 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/26 21:32:23 | 00,293,376 | ---- | C] () -- C:\Users\Acer\Desktop\ipk5vb8n.exe
[2009/12/26 21:21:39 | 00,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ysnmf.sys
[2009/12/26 18:48:37 | 00,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/26 16:00:23 | 00,000,000 | ---- | C] () -- C:\Users\Acer\Desktop\settings.dat
[2009/12/26 15:53:26 | 00,001,019 | ---- | C] () -- C:\Users\Acer\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 15:30:02 | 00,524,288 | ---- | C] () -- C:\Users\Acer\Desktop\dds.scr
[2009/12/25 16:31:45 | 00,001,749 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/12/24 21:10:11 | 00,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2009/12/24 20:09:40 | 00,253,832 | ---- | C] () -- C:\Users\Acer\Desktop\cc_20091224_200934.reg
[2009/12/24 18:49:12 | 00,001,838 | ---- | C] () -- C:\Users\Acer\Desktop\HijackThis.lnk
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000002.regtrans-ms
[2009/12/22 10:36:32 | 00,524,288 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TMContainer00000000000000000001.regtrans-ms
[2009/12/22 10:36:24 | 00,065,536 | -HS- | C] () -- C:\Users\Acer\ntuser.dat{121f4e58-ef18-11de-951c-ef023c355784}.TM.blf
[2009/12/19 17:05:16 | 00,056,202 | ---- | C] () -- C:\Users\Acer\Desktop\logo2.png
[2009/12/15 14:30:21 | 00,143,492 | ---- | C] () -- C:\Users\Acer\Desktop\Untitled.jpg
[2009/11/27 22:32:44 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\winscp.rnd
[2009/10/04 15:22:24 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/15 17:38:39 | 00,000,561 | ---- | C] () -- C:\Windows\my.ini.old
[2009/09/13 20:40:46 | 00,000,316 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/08/27 21:12:23 | 00,000,004 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\94643B
[2009/08/27 21:12:22 | 00,870,128 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\mcs.rma
[2009/08/23 15:16:37 | 00,037,376 | ---- | C] () -- C:\Windows\System32\drivers\WMDrive.sys
[2009/08/23 07:56:25 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/21 15:17:03 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/07/19 19:44:20 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/18 21:04:49 | 00,003,120 | ---- | C] () -- C:\Windows\System32\32985ae5-e1a2-444b-a036-f62f31304442.dll
[2009/07/15 02:25:46 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/07/15 02:25:46 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/06/14 08:20:48 | 00,017,089 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\UserTile.png
[2009/06/08 20:49:12 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/08 19:47:02 | 00,040,960 | ---- | C] () -- C:\Windows\System32\GaugeSound.dll
[2009/05/27 14:48:16 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 14:48:16 | 00,002,304 | ---- | C] () -- C:\Windows\System32\ndisdrv.sys
[2009/05/22 14:35:46 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/15 22:31:32 | 00,000,600 | ---- | C] () -- C:\Users\Acer\AppData\Local\PUTTY.RND
[2009/05/15 09:59:46 | 00,005,648 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009/04/05 15:07:01 | 00,000,067 | ---- | C] () -- C:\Windows\ProductKeyExplorer.INI
[2009/03/10 18:49:14 | 00,008,704 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 17:13:42 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/03/07 16:24:52 | 00,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\wklnhst.dat
[2009/03/07 15:53:47 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/03/07 15:44:22 | 00,000,054 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2009/03/07 15:41:01 | 00,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2008/10/22 05:29:06 | 00,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/02/15 17:31:54 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/15 17:31:42 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/02/15 17:31:33 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/07/31 09:01:29 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 07:50:23 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/07/31 07:44:29 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/07/31 07:44:29 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 07:43:32 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/07/31 06:07:59 | 00,000,115 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 06:07:10 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/31 06:07:10 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/31 06:07:10 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 08:27:46 | 00,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/03/26 08:56:40 | 00,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996/04/03 13:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/05/23 14:10:03 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\.purple
[2008/02/16 07:19:14 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer
[2009/10/22 19:50:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Artisteer
[2009/10/10 10:26:42 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audacity
[2009/08/21 15:51:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Audio Extractor
[2009/12/25 17:56:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\FileZilla
[2009/08/31 21:43:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GetRightToGo
[2009/08/21 21:17:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Gold Audio Suite
[2009/11/28 17:11:21 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\gtk-2.0
[2009/08/04 21:17:28 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\IObit
[2008/02/16 07:19:12 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Leadertech
[2009/04/11 12:12:17 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\NCH Swift Sound
[2009/07/08 12:39:08 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2009/09/19 18:11:25 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SeriousBit
[2009/09/15 18:28:41 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Stardock
[2009/05/22 13:52:46 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\TeamViewer
[2009/10/06 13:06:39 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\uTorrent
[2009/08/23 17:12:32 | 00,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WinMount
[2009/10/24 20:34:24 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/11/01 00:03:07 | 00,000,316 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/12/28 18:48:50 | 00,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:0C1EFF69
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:C265C458
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:D00F0074
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Here is a Malwarebytes scan again
Malwarebytes' Anti-Malware 1.42
Database version: 3441
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/28/2009 7:35:01 PM
mbam-log-2009-12-28 (19-34-59).txt

Scan type: Quick Scan
Objects scanned: 106990
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\yhuisktl.xwn (Backdoor.Bot) -> No action taken.
C:\Windows\System32\ndisdrv.sys (Rootkit.Agent) -> No action taken.

Edited by mghq, 28 December 2009 - 08:42 PM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 30 December 2009 - 01:37 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 December 2009 - 01:50 PM

I have a problem, my computer will not allow me to download it. But only that, i can download other files

Edited by mghq, 30 December 2009 - 01:51 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 30 December 2009 - 01:56 PM

Disable your antivirus first. Then try downloading it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 December 2009 - 02:00 PM

I ended them in taskmanager should i go and manually disable

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 30 December 2009 - 02:38 PM

Check here for the proper way to disable your antivirus.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 30 December 2009 - 04:32 PM

Here is the log
ComboFix 09-12-29.06 - Acer 12/30/2009 14:32:11.1.1 - x86
Microsoft Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.2037.934 [GMT -6:00]
Running from: c:\users\Acer\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.
The following files were disabled during the run:
c:\windows\system32\eNetHook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\3ed56251-224a-4256-a485-b694a866e00c.ocx
c:\windows\system32\32985ae5-e1a2-444b-a036-f62f31304442.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fapavifa.exe
c:\windows\system32\Install.txt
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

c:\windows\System32\calc.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINSTS
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 20:58 . 2009-12-30 21:06 -------- d-----w- c:\users\Acer\AppData\Local\temp
2009-12-30 20:58 . 2009-12-30 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-12-30 20:58 . 2009-12-30 20:58 -------- d-----w- c:\users\mghq\AppData\Local\temp
2009-12-30 20:58 . 2009-12-30 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 08:33 . 2009-12-30 08:33 -------- d-----w- c:\program files\QS
2009-12-30 01:43 . 2009-12-30 20:41 -------- d-----w- c:\users\Acer\AppData\Roaming\Skype
2009-12-30 01:42 . 2009-12-30 01:42 -------- d-----w- c:\program files\Common Files\Skype
2009-12-30 01:42 . 2009-12-30 01:42 -------- d-----r- c:\program files\Skype
2009-12-27 19:17 . 2009-12-27 19:17 -------- d-----w- C:\_OTL
2009-12-27 03:21 . 2009-12-27 03:21 54016 ----a-w- c:\windows\system32\drivers\ysnmf.sys
2009-12-27 00:54 . 2009-12-27 00:54 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2009-12-27 00:48 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 00:48 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 00:48 . 2009-12-27 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-26 21:52 . 2009-12-27 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-26 21:52 . 2009-12-26 21:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-25 22:29 . 2009-12-25 22:31 -------- d-----w- c:\program files\FileZilla FTP Client
2009-12-25 21:30 . 2009-12-25 21:30 -------- d-----w- c:\users\Acer\AppData\Local\Rockstar Games
2009-12-25 04:29 . 2009-12-25 04:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-25 04:27 . 2008-03-05 21:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-12-25 04:27 . 2008-03-05 21:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-25 04:27 . 2008-02-06 05:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-25 04:27 . 2007-04-05 00:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-12-25 04:27 . 2009-12-25 04:27 -------- d-----w- c:\windows\system32\xlive
2009-12-25 04:27 . 2009-12-25 04:27 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-25 03:10 . 2009-12-25 03:11 -------- d-----w- c:\program files\Rockstar Games
2009-12-25 01:06 . 2009-12-25 01:06 -------- d-----w- c:\programdata\Malwarebytes
2009-12-25 00:49 . 2009-12-25 00:49 -------- d-----w- c:\program files\Trend Micro
2009-12-24 00:53 . 2009-12-24 00:53 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-23 16:16 . 2009-12-23 16:16 -------- d-----w- c:\programdata\WindowsSearch
2009-12-19 19:26 . 2009-12-19 19:26 -------- d-----w- c:\programdata\Nexon
2009-12-19 18:07 . 2009-12-24 00:37 -------- d-----w- C:\Nexon
2009-12-19 18:06 . 2009-12-19 19:27 -------- d-----w- c:\programdata\NexonUS
2009-12-19 05:23 . 2009-12-23 22:30 -------- d-----w- c:\users\Acer\AppData\Local\PMB Files
2009-12-19 05:23 . 2009-12-19 15:20 -------- d-----w- c:\programdata\PMB Files
2009-12-19 05:20 . 2009-12-19 05:20 -------- d-----w- c:\program files\Pando Networks
2009-12-11 12:29 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 12:29 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 12:29 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 03:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-11 03:27 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 17:09 . 2009-05-22 20:35 -------- d-----w- c:\users\Acer\AppData\Roaming\skypePM
2009-12-30 01:42 . 2009-05-22 20:31 -------- d-----w- c:\programdata\Skype
2009-12-30 01:35 . 2009-03-04 22:22 -------- d-----w- c:\programdata\Yahoo! Companion
2009-12-30 01:33 . 2008-02-16 13:07 -------- d-----w- c:\program files\Yahoo!
2009-12-29 06:42 . 2009-03-19 23:19 -------- d-----w- c:\users\Acer\AppData\Roaming\Yahoo!
2009-12-29 04:59 . 2009-03-04 23:34 -------- d-----w- c:\users\Acer\AppData\Roaming\gtk-2.0
2009-12-26 01:04 . 2009-05-15 15:59 5648 ----a-w- c:\users\Acer\AppData\Local\d3d9caps.dat
2009-12-25 23:56 . 2009-07-07 18:19 -------- d-----w- c:\users\Acer\AppData\Roaming\FileZilla
2009-12-25 03:11 . 2007-07-31 12:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 01:52 . 2009-04-06 23:40 -------- d-----w- c:\users\Acer\AppData\Roaming\Apple Computer
2009-12-25 01:26 . 2009-10-31 18:20 -------- d-----w- c:\programdata\Apple
2009-12-24 22:19 . 2007-07-31 14:04 -------- d-----w- c:\programdata\Microsoft Help
2009-12-24 17:41 . 2006-11-02 12:59 1356 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-12-19 18:07 . 2009-12-19 18:07 90112 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-12-19 18:06 . 2009-12-19 18:06 118784 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2009-12-19 18:06 . 2009-12-19 18:06 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2009-12-19 18:06 . 2009-12-19 18:06 393216 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2009-12-19 18:06 . 2009-12-19 18:06 561152 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2009-12-19 18:06 . 2009-12-19 18:06 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2009-12-18 15:59 . 2009-12-24 01:05 80384 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\lib\WINNT_x86-msvc\1.9.1\jetpack.dll
2009-12-18 15:59 . 2009-12-24 01:05 80384 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\lib\WINNT_x86-msvc\1.9.2\jetpack.dll
2009-12-18 15:58 . 2009-12-24 01:05 98304 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\libjetpackaudio.dll
2009-12-18 15:58 . 2009-12-24 01:05 1743872 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\libsndfile-1.dll
2009-12-18 15:58 . 2009-12-24 01:05 73728 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\platform\WINNT_x86-msvc\components\portaudio_x86.dll
2009-12-18 12:28 . 2009-10-24 23:10 -------- d-----w- c:\program files\McAfee
2009-12-09 22:41 . 2009-10-14 01:54 -------- d-----w- c:\program files\Common Files\Steam
2009-12-02 00:40 . 2009-10-24 22:48 -------- d-----w- c:\programdata\McAfee
2009-11-29 21:51 . 2008-02-16 13:10 108848 ----a-w- c:\users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-29 19:45 . 2009-07-11 20:32 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-29 00:10 . 2009-11-29 00:10 31702 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_6FEFF9B68218417F98F549.exe
2009-11-29 00:10 . 2009-11-29 00:10 31702 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_2964C3DE7E291AF3F2353D.exe
2009-11-29 00:10 . 2009-11-29 00:10 31702 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_21F3885A18D238E15AAE81.exe
2009-11-29 00:10 . 2009-11-29 00:10 25214 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_6459EB3CC1021F99697573.exe
2009-11-29 00:10 . 2009-11-29 00:10 25214 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_4D456665B6A1916105928F.exe
2009-11-29 00:10 . 2009-11-29 00:10 1078 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{38EE230F-F631-451F-8800-E29F5E5C9E7D}\_0044238C9C33EE6AE43EBB.exe
2009-11-29 00:09 . 2009-11-29 00:09 -------- d-----w- c:\program files\iTunes Library Updater
2009-11-28 04:32 . 2009-11-28 04:32 -------- d-----w- c:\program files\WinSCP
2009-11-28 04:10 . 2009-09-27 04:31 -------- d-----w- c:\program files\Paint.NET
2009-11-25 02:26 . 2009-11-13 03:42 -------- d-----w- c:\program files\Winamp
2009-11-22 15:11 . 2009-11-22 05:50 -------- d-----w- c:\program files\DivX
2009-11-22 05:53 . 2009-04-11 18:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-18 22:10 . 2009-07-14 02:36 -------- d-----w- c:\program files\Java
2009-11-17 00:12 . 2009-11-17 00:12 -------- d-----w- c:\program files\Citrix
2009-11-14 03:04 . 2009-11-14 03:03 -------- d-----w- c:\users\Acer\AppData\Roaming\NCH Software
2009-11-14 03:04 . 2009-11-14 03:01 -------- d-----w- c:\program files\NCH Software
2009-11-14 03:03 . 2009-11-14 03:01 -------- d-----w- c:\programdata\NCH Software
2009-11-12 01:17 . 2009-11-12 01:16 -------- d-----w- c:\program files\GIMP-2.0
2009-11-10 20:39 . 2009-12-30 01:33 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-10 01:43 . 2009-09-18 21:25 -------- d-----w- c:\program files\Google
2009-11-08 02:07 . 2009-11-08 02:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-04 03:31 . 2009-11-04 03:31 -------- d-----w- c:\program files\SourceTec
2009-11-03 02:42 . 2009-10-02 19:08 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-11-02 03:41 . 2009-11-02 03:41 -------- d--h--w- c:\program files\Zero G Registry
2009-10-29 09:17 . 2009-11-26 16:43 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 01:58 . 2009-10-29 01:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-22 19:35 . 2009-12-29 05:21 565248 ----a-w- c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
2009-10-22 00:07 . 2009-05-04 00:19 187328 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2009-10-22 00:06 . 2009-03-15 01:04 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-10-21 01:43 . 2009-03-15 01:07 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-17 21:12 . 2009-10-17 21:12 112640 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-10-11 10:17 . 2009-07-08 18:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 21:22 . 2009-10-04 21:22 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
.

------- Sigcheck -------

[-] 2009-09-19 . E8F0D3B322C7C2DFE8F33BFF26F2A88B . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\ah9AuzF4u.exe" [2009-12-27 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2009-12-19 05:22 2935480 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:f9,1c,37,08,12,df,c9,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [3/4/2009 6:03 PM 130936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/24/2009 5:20 PM 93320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 3:25 PM 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/31/2007 6:07 AM 179712]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [12/26/2009 6:48 PM 38224]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [3/5/2009 7:40 PM 80744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2008-01-19 07:33 128000 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 21:25]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 21:25]

2009-10-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-24 17:22]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-24 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2400844&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://acer.yahoo.com/|http://yourgaminghubs.com/|http://gaminghubs.com|http://cashlagoon.com/|http://www.mygetpaidto.com/forum/|http://www.earnmoneyspace.com/forum/index.php
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\jetpack@labs.mozilla.com\lib\WINNT_x86-msvc\1.9.1\jetpack.dll
FF - component: c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Acer\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\kzm8xq9x.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
MSConfigStartUp-RocketDock - g:\rocketdock\RocketDock\RocketDock.exe
MSConfigStartUp-Web Video Downloader - g:\sourcetec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-CCleaner - g:\ccleaner\uninst.exe
AddRemove-Gold Audio Suite_is1 - g:\gold audio suite\unins000.exe
AddRemove-HTMLKit_is1 - g:\chami\HTML-Kit\unins000.exe
AddRemove-TUGZip_is1 - g:\tugzip\unins000.exe
AddRemove-Wondershare FLV Downloader Pro_is1 - g:\wondershare\FLV Downloader Pro\unins000.exe
AddRemove-{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1 - g:\sourcetec\Sothink Web Video Downloader Stand-alone\unins000.exe
AddRemove-{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1 - g:\sourcetec\Sothink SWF Decompiler\unins000.exe
AddRemove-{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1 - g:\sourcetec\Sothink SWF Quicker\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Acer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 15:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87650618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a5bed24
\Driver\ACPI -> acpi.sys @ 0x8500bd68
\Driver\atapi -> 0x875ca1f8
IoDeviceObjectType -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
SecurityProcedure -> 0xffffffff
QueryNameProcedure -> 0xffffffff
\Device\Harddisk0\DR0 -> DumpProcedure -> 0xffffffff
DeleteProcedure -> 0xffffffff
ParseProcedure -> 0xffffffff
SecurityProcedure -> 0xffffffff
QueryNameProcedure -> 0xffffffff
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1917168828-3472043916-1911176189-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,42,ea,9a,3a,3b,57,76,bb,d1,08,c6,21,6a,73,4c,51,17,a3,23,de,
a4,3a,93,c7,03,ab,f7,da,e2,f6,58,b5,1d,ab,c5,43,77,52,16,7f,88,06,93,17,d6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1680)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\rundll32.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-12-30 15:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 21:26

Pre-Run: 22,887,567,360 bytes free
Post-Run: 22,225,498,112 bytes free

- - End Of File - - DB610E80BB77426E0BF6FC5F8777B4DD

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:29 AM

Posted 31 December 2009 - 11:51 AM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 mghq

mghq
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 02 January 2010 - 07:13 AM

Tried running, almost completed then crashed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users