Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit infection / multiple IE popups


  • This topic is locked This topic is locked
18 replies to this topic

#1 mzmm

mzmm

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 10 January 2010 - 05:46 PM

Hello to all who can hopefully help me!

was referred to this forum from my previous posts:
http://www.bleepingcomputer.com/forums/top...ml#entry1566837


I downloaded the dds.scr and rootrepeal.exe files but was unable to get them to run. It might be the thing with the disable script blocking, which I have no idea how to do. I also tried running the programs in safe mode, but that didn't help anything.

The dds.scr opens to a black screen saying it's going to run, but then simply closes

the rootrepeal gave me this error:

16:10:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)
16:10:49: DeviceIoControl Error! Error Code = 0x1e7
16:10:49: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000fc)

I've tried downloading both programs several times as well as renaming the .exe extension, but that didn't help.

After my last bootup, my regular user account is now being overwhelmed with IE popups so I am now using my administrative account which is even allowing me to log in here [couldn't log into anything online in any browser without crashing].

I'm getting several "IE has stopped working" [even though I am using Firefox and IE is closed] but no IE window redirect popups.

I've also received a windows warning saying I have a problem with malware and that it's UACD.sys, but can't find that.

Windows alsol wants me to update with windows vista service pack 1. I thought I had done this awhile back, but honestly, this situation right now has me s I can't be 100% sure of that - should I update or wait til all of this is [hopefully] resolved?

under advice from my original posts; programs run so far include

malwarebytes
superantispyware
kapersky online
dr web cureit

am running malwarebytes again as I post this, because at this point, I don't know what else I can do...

Edited by mzmm, 10 January 2010 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 10 January 2010 - 08:19 PM

Hello and welcome to the BleepingComputer.com! smile.gif

I will be helping you today. smile.gif
Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

For now please try to run the following tools:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 10 January 2010 - 10:11 PM

thanks so much for the quick response!

Gmer shut down both in normal mode and in safe mode

On its initial run, it did find:
Type: Service
Name: C:\\Windows\System32\drivers\H8SRT\eijcyctlhx.sys[***hidden***]
Value: [SYSTEM]H8SRTd.sys

Gmer ran up until device\HarddiskVolumeShadowcopy70 and then shut down.


OTL logfile created on: 1/10/2010 9:15:09 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16945)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 13.06 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 36.61 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.09 Gb Total Space | 44.30 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOPAZE-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/10 20:58:40 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2009/10/27 10:11:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/29 01:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/05 20:01:22 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2006/11/02 04:45:54 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe


========== Modules (SafeList) ==========

MOD - [2010/01/10 20:58:40 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2006/11/02 04:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 09:29:57 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/08 06:39:04 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ffc0bc1ec2de) Google Update Service (gupdate1c9ffc0bc1ec2de)
SRV - [2009/07/08 06:38:11 | 00,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/07/17 17:12:24 | 00,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/22 17:46:12 | 00,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2008/02/22 22:38:06 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/12/28 17:45:42 | 00,510,496 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/11/27 06:11:29 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/07 10:40:04 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/08/11 05:56:41 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/01 09:15:04 | 00,157,264 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2007/04/24 21:17:34 | 00,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/04/10 05:06:03 | 01,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/31 20:18:42 | 00,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/26 16:24:42 | 00,050,688 | ---- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/01/02 11:33:24 | 00,135,168 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/28 22:07:22 | 00,126,976 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2006/12/22 16:43:18 | 00,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/24 14:57:54 | 00,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/20 23:45:00 | 02,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/11/20 23:45:00 | 00,194,240 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/20 23:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/20 23:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/20 23:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/20 23:43:42 | 00,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/20 23:42:52 | 00,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/20 23:42:12 | 00,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/11/02 20:40:12 | 00,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/07/19 13:36:58 | 00,262,247 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/31 11:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/28 09:30:34 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 09:30:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 09:06:02 | 00,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/16 08:27:13 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/07/28 16:19:28 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/12/28 17:45:54 | 00,016,416 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/12/28 17:45:52 | 00,060,448 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/12/28 17:45:50 | 00,020,000 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/05/29 15:32:58 | 00,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2kp.sys -- (USA19H2KP)
DRV - [2007/05/29 15:30:36 | 00,698,752 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2k.sys -- (USA19H)
DRV - [2007/04/10 05:07:55 | 00,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/04/10 04:26:50 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/03/01 03:21:10 | 01,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/24 17:14:00 | 02,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/12/26 20:57:12 | 00,817,968 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/12/18 23:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/12/18 23:18:28 | 00,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/07 20:12:02 | 00,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/20 23:45:52 | 00,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/11/20 23:45:52 | 00,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/11/20 23:45:42 | 00,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/20 23:45:42 | 00,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/20 23:45:42 | 00,024,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/20 23:45:36 | 00,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/20 23:44:14 | 00,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/20 23:44:12 | 00,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/20 23:44:10 | 00,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/20 23:44:10 | 00,102,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2006/11/20 23:42:22 | 00,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/08 18:55:10 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/08 18:53:58 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/08 18:53:48 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/05 21:29:14 | 01,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/05 21:29:14 | 01,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 08:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 08:27:36 | 00,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/25 01:36:48 | 00,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 01:36:44 | 00,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 01:36:36 | 00,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/22 22:17:32 | 00,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/08/04 19:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/25 03:16:44 | 00,027,136 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MRFilter.sys -- (MrFilter)
DRV - [2000/06/15 20:54:02 | 00,206,368 | ---- | M] (Adaptec) [File_System | System | Stopped] -- C:\Windows\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2000/02/03 14:53:12 | 00,024,608 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\S-1-5-21-3030136466-1615109681-1585487735-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\S-1-5-21-3030136466-1615109681-1585487735-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:13:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/28 17:42:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 17:50:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 17:50:49 | 00,000,000 | ---D | M]

[2009/08/21 15:58:10 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/01/10 16:13:25 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\3hx9vplz.default\extensions
[2010/01/10 16:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (806 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll File not found
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware2\mbam.exe File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500..\Run: [Acer Tour Reminder] File not found
O4 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500..\Run: [MzRamBooster] C:\Windows\System32\MzRamBooster.exe File not found
O4 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: about.com ([forums] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: about.com ([generalhospital] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: blackplanet.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: creativepro.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: creflodollarministries.org ([interactive] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: dailyword.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: fanfiction.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: flashkit.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: flashkit.com ([board] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: harvest.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: intouch.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: invisionfree.com ([z7] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: todayspromise.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3030136466-1615109681-1585487735-500\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/09 12:37:00 | 00,000,062 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{af6b2f09-8529-11dd-97ae-0016d4d7579f}\Shell\AutoRun\command - "" = F:\bootcd\wintools\autorun.exe -- File not found
O33 - MountPoints2\{fcbd417b-003b-11dc-8ae3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fcbd417b-003b-11dc-8ae3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/10 21:14:13 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/01/10 19:56:16 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/01/10 19:56:16 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Opera
[2010/01/10 19:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/01/10 19:53:34 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/10 16:30:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010/01/07 20:39:58 | 00,000,000 | ---D | C] -- C:\FirefoxPortable
[2010/01/07 20:00:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware2
[2009/12/30 19:26:05 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/12/29 15:59:19 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/29 15:59:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/28 14:11:02 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/12/28 07:21:24 | 00,000,000 | ---D | C] -- C:\ebbc6f5c85f17d65bda6d11e
[2009/12/27 20:45:00 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/27 20:44:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/27 20:44:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/27 20:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/13 18:05:40 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2009/12/13 18:05:39 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx
[2009/12/13 18:05:39 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx
[2009/12/13 18:05:39 | 00,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx
[2007/04/10 04:32:24 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/01/10 21:15:25 | 04,980,736 | ---- | M] () -- C:\Users\Administrator\ntuser.dat
[2010/01/10 21:11:46 | 00,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/01/10 21:07:58 | 00,720,952 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/10 21:07:58 | 00,620,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/10 21:07:58 | 00,104,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/10 21:03:34 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/10 21:00:33 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE0FC7E3-81CC-4279-A31D-4B8AEB63CE14}.job
[2010/01/10 20:58:40 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/01/10 20:56:56 | 00,293,376 | ---- | M] () -- C:\Users\Administrator\Desktop\ff151lnj.exe
[2010/01/10 20:54:14 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/10 20:51:48 | 00,000,857 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010/01/10 20:51:19 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/10 20:51:05 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 20:51:05 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 20:51:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/10 19:51:10 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/10 19:48:37 | 00,781,909 | ---- | M] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010/01/10 16:10:49 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2010/01/10 15:24:50 | 00,268,328 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/01/08 17:48:59 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/08 12:44:48 | 00,136,991 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/08 12:44:47 | 47,598,314 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/08 01:54:23 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/01/07 22:22:06 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/07 03:07:47 | 02,040,687 | ---- | M] () -- C:\bookmarks-2010-01-07.html
[2010/01/07 03:07:47 | 02,040,687 | ---- | M] () -- C:\Users\Administrator\Desktop\bookmark.html
[2010/01/05 04:43:31 | 00,000,246 | ---- | M] () -- C:\Windows\System32\srcr.dat
[2009/12/29 16:24:15 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/12/28 17:03:27 | 00,008,224 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 14:18:25 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/12/28 14:15:18 | 02,052,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/28 14:13:20 | 00,140,392 | ---- | M] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2009/12/28 14:09:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/12/28 14:04:19 | 00,101,376 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/12/28 14:04:00 | 00,079,872 | ---- | M] (Axalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/12/27 20:45:03 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 18:09:11 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/26 15:25:05 | 00,000,486 | ---- | M] () -- C:\Windows\eReg.dat
[2009/12/16 11:01:57 | 00,019,180 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf

========== Files Created - No Company Name ==========

[2010/01/10 21:11:46 | 00,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010/01/10 21:09:38 | 00,293,376 | ---- | C] () -- C:\Users\Administrator\Desktop\ff151lnj.exe
[2010/01/10 19:49:20 | 00,781,909 | ---- | C] () -- C:\Users\Administrator\Desktop\RSIT.exe
[2010/01/10 18:43:50 | 02,040,687 | ---- | C] () -- C:\Users\Administrator\Desktop\bookmark.html
[2010/01/10 17:52:52 | 00,524,288 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/01/10 16:10:49 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2010/01/07 22:22:06 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/07 18:04:42 | 02,040,687 | ---- | C] () -- C:\bookmarks-2010-01-07.html
[2009/12/31 04:43:09 | 00,000,246 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/28 14:09:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/12/27 20:45:03 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/27 18:09:11 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/06/17 09:06:02 | 00,611,064 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/06/17 09:06:02 | 00,140,392 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2009/03/24 21:22:54 | 06,811,648 | ---- | C] () -- C:\Windows\System32\tliadjust31.dll
[2009/03/13 10:56:05 | 00,000,008 | RHS- | C] () -- C:\ProgramData\082A0F02D4.sys
[2009/03/13 10:56:04 | 00,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/01/21 22:28:03 | 00,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/12/10 15:40:47 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2008/12/10 15:40:47 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2008/12/10 15:40:27 | 00,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2008/12/10 15:40:27 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2008/09/07 09:06:55 | 00,000,059 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/09/07 09:06:45 | 00,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/09/07 09:06:41 | 00,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/05/22 17:46:14 | 00,000,857 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2008/05/22 17:46:12 | 00,049,152 | ---- | C] () -- C:\Windows\mmfs.dll
[2008/05/05 19:08:41 | 02,076,672 | ---- | C] () -- C:\Windows\System32\dz3delight.dll
[2008/05/05 19:08:40 | 06,131,712 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2008/05/05 19:08:39 | 01,785,856 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2008/02/22 20:02:02 | 00,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 18:13:42 | 00,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2007/12/28 16:54:32 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/12/28 16:53:44 | 00,270,336 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/12/28 16:51:48 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/12/07 22:40:29 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/10/27 08:25:33 | 00,102,400 | ---- | C] () -- C:\Windows\System32\USA19HPropPage.dll
[2007/10/27 08:25:33 | 00,049,152 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2007/08/22 22:18:39 | 00,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007/08/22 22:18:39 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/08/07 01:23:04 | 00,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2007/08/06 15:21:21 | 00,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/05/11 22:36:40 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007/05/11 22:36:39 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/04/10 05:43:43 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/04/10 04:42:55 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/04/10 04:42:55 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/04/10 04:42:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/04/10 04:32:24 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/10 04:12:36 | 00,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/04/10 04:04:38 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/04/10 03:29:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007/04/10 03:29:34 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/04/10 03:29:32 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/04/10 03:29:31 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/10 03:28:43 | 00,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2006/12/25 15:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/09/15 17:40:22 | 00,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/12/26 17:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Unicode (All) ==========
[2008/09/10 02:14:06 | 00,000,000 | ---D | M](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ둠睙ĨĨĨĨĨĨ
[2008/09/10 02:14:06 | 00,000,000 | ---D | C](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ĩ둠睙ĨĨĨĨĨĨ

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:58CF2C8C



< End of report >

OTL Extras logfile created on: 1/10/2010 9:15:09 PM - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16945)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 13.06 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 36.61 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.09 Gb Total Space | 44.30 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: TOPAZE-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3030136466-1615109681-1585487735-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST.Inc)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST.Inc)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A94A69-2E5C-420D-92FC-CB2FFF9C9E77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{10C18F41-7FA9-4376-B786-35B379D8BA44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{510B7300-78ED-4BFA-B54C-BCD468E02B9B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F65B6E3-5A8E-49E6-8860-D5DB02889646}" = lport=2869 | protocol=6 | dir=in | app=system |
"{879C949A-0E11-42FF-9B82-6A1964D0E8E3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{91F082CD-EB8E-46F1-A5E7-D8B1FB7A9D63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D0E670D-2202-488E-874D-9E1E520C6D24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBBBAAFE-E0D8-42FB-9B99-6975AAE30CDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6735063-ECBF-459D-98C1-2457C865F1EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9584316-08FE-4E29-BB27-7F5A7AE73F11}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023C8296-2ECC-4C0D-A08B-A364CB6D66E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07307644-EEC7-4FBD-A739-5DA080F1A29A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0AC48301-6B0A-4622-9ABB-6793945438AA}" = protocol=6 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{11F3A936-7A25-4908-B2CB-B1A169C7FE58}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{1664B55E-BCB8-41EA-ADA9-70389C072F0D}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{19C913CA-3AEB-4FA5-BC56-7EC4E49BBE04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A4A210F-1DC7-42FC-838E-84B3DF94BB73}" = protocol=6 | dir=in | app=h:\program files\frostwire\frostwire.exe |
"{2077A193-F132-4448-8CA3-F78C1702DB07}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{234871E9-E4B5-4765-BFA9-17B71C732D2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{249E1EA4-625C-4E3A-BA9D-B549FA1FAB99}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{2564132A-89FC-4665-A9A2-1559BF33012E}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\magicdirector.exe |
"{2B9D8DDA-4F9E-4DDA-A7E7-8CD046E6C0C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{345BD23C-4857-4BE8-9890-BAEBAA592300}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{4D34CF70-5D65-4E48-ACB5-F30810927035}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\app4r.exe |
"{4DFCB906-EFBC-4730-8FF3-2586AEC279ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{517CED7B-7C18-4DBC-AD58-69ED6BE4CBA9}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{5745DB03-501B-4D1F-8DF0-E51FF3038E04}" = protocol=17 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{5FC19249-0D2B-4DEE-9787-5A812336FD21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61D6F5A3-DAD3-4E8C-9CE5-63523CC49926}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{66A0C893-2C68-4B3A-A3B1-DCA2F6F2FD47}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{6F37F65A-CCEC-4242-A5C6-9CA93E39EE2C}" = protocol=17 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{75898EAA-68CD-4899-BA4F-FCB0B09666D4}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe |
"{806ACF85-7434-4147-8834-81BEE756B030}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{825D2917-8732-49A2-BE3A-F54292B1ED4E}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe |
"{83647C30-D360-4E3B-9247-DD7283911AD6}" = protocol=17 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{85D8E272-1B0F-4581-8C67-A5AD1ADA028D}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe |
"{8F3A2D97-96A3-48B0-9267-735BDC4D0D92}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{A7BA67AC-3E90-44EF-AA02-0954BD10A5EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{A8BD918E-03F2-488D-9998-B5CF450A1F30}" = protocol=6 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{ACCF1E02-B162-430D-A89A-4CF54E86B1E5}" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{B2852E9F-E3C7-4B9E-91A1-0883F5AD846A}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddmon.exe |
"{B9B28EB3-7E02-482D-87E6-398ED7DE804A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9D0645F-FC52-4BDE-883A-22C18622E96B}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{BCACD11E-9063-4F9E-9BA0-31BA645554FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C72A0DB3-6C99-4683-B3CB-17150E6B94A1}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |
"{C8E47DAD-1531-4D87-9ECD-45765121097E}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{CF384AAC-3196-480D-BBD5-C5B3897CD9DF}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D1D32B53-CCEC-41CA-B683-DE5E3F4E49EE}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D4F4DE52-23FD-46DC-8880-1291B6CA0891}" = protocol=6 | dir=out | app=system |
"{D6AA9053-10FF-4EC0-AE13-F8ED2B0711D6}" = protocol=17 | dir=in | app=h:\program files\frostwire\frostwire.exe |
"{D7234E07-012D-42D4-AF05-A6748696508A}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\powerdv.exe |
"{DC41D370-CB11-434A-8164-259323BCB3D0}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe |
"{E10266D1-CB81-4367-87AC-E853952A3A77}" = protocol=6 | dir=in | app=d:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{E48CF941-CC68-4A28-8AA9-8A5202710C47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6EDF3FE-5F44-4544-8767-23E71D6942FF}" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"{F8555B2E-CC51-4CFB-B17F-FB7A3089BB2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F92F3B7D-937B-4CE2-AE67-C63A3EC4BEBC}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"TCP Query User{1B599B85-419C-4EF3-B291-FE8E9D9271C7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2AD07104-3F2D-4377-8311-046E37363D78}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"TCP Query User{343CEDEF-8373-47A4-B991-591AA373522D}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{3EBA1F14-2695-4728-9822-1C8DB763205C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{598BB72B-C70F-4065-949F-D289708D31FA}D:\portable\ adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=d:\portable\ adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{82131365-76EA-4272-95E8-5FD561007504}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8B03CE6B-6341-4553-BD3C-10030608AB90}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{8C1D8B1A-3074-49DA-89AE-255CDC163697}C:\program files\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"TCP Query User{9501989B-F874-4954-9080-3FC00250FE63}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{987C7CA0-809F-4E9C-99AE-D6E02EF3796B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A3FBD598-5553-42BD-B3FD-9CB58F5FB431}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{C95D373B-3718-43DE-93E6-170669741E52}C:\users\topaze\appdata\roaming\thinstall\adobe dreamweaver cs3\4000005e00002i\orbitnet.exe" = protocol=6 | dir=in | app=c:\users\topaze\appdata\roaming\thinstall\adobe dreamweaver cs3\4000005e00002i\orbitnet.exe |
"TCP Query User{F6BEC32E-7D1A-4B2A-B56E-8E10528EDAA7}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{07C9BB51-54DE-431A-9DA6-CC19F86BBC59}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1C73AD95-AC09-4D3B-B9C2-3E850E5FE353}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2E96D82D-D3E1-4CB9-AB81-6C89235EDAAD}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{300D3CEE-418E-4CCD-A235-399CECD99C85}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{5B2DD050-B7DB-4071-AFB7-7BF47B129B3D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65AB7710-6E34-4CBC-8AEC-FAD3A69F3CF4}C:\program files\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 2500 series\lxddamon.exe |
"UDP Query User{76D26822-7965-42B0-B5D5-C1E5A08EF8BE}C:\program files\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"UDP Query User{8C2D04AC-F56B-4D5B-905E-80B422D6A7A3}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{9022DD25-8A7D-4AC9-A11C-02A7E7DE6407}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9FE42AC3-6B03-42F4-ACAA-CCC9ACF3F00A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{AB08A1B6-915A-409B-82DB-890A078C79FE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{C0A2E6DB-1124-46A8-9290-B1DB807DD7BB}D:\portable\ adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=d:\portable\ adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{CEF04397-9A40-4AB7-95C0-DE2E92E323C8}C:\users\topaze\appdata\roaming\thinstall\adobe dreamweaver cs3\4000005e00002i\orbitnet.exe" = protocol=17 | dir=in | app=c:\users\topaze\appdata\roaming\thinstall\adobe dreamweaver cs3\4000005e00002i\orbitnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEC7728-1640-4E98-AABC-5EBE3FB57FE4}" = SMSC Fast Infrared Driver
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer OrbiCam
"{500054E5-9209-441C-83CC-AAD957F5492E}" = SAPI 5.1 Text-to-Speech
"{55104B04-4707-43E9-9204-99EBE904BD5F}" = Blaine's Contrast Effects
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8424EF22-44CF-4DD4-B702-FADA3998F4BA}" = StuffIt 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A37}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1B04862-B0FE-4399-9A20-770448087DCB}" = Blaine's Color Fade Effects
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E717820A-5DCE-4b9e-98E7-2A992395AB5A}" = MP3 Remix Player Standalone
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17B8386-A74A-4E4E-A7DD-435372991E14}" = Microsoft Visual Basic PowerPacks 2.0
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FEA8A3FF-807D-42CB-AF58-81E54D5EF48D}" = Serif FontManager X3
"abrViewer.NET" = abrViewer.NET 1.0.1
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Apophysis 2.0" = Apophysis 2.0
"Ask Toolbar_is1" = Ask Toolbar
"AutoEye" = Uninstall AutoEye
"AutoREALM" = AutoREALM
"AVerMedia M115 MiniPCI Hybrid DVBT" = AVerMedia M115 MiniPCI Hybrid DVBT 4.5.0.9
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Color Schemer Studio_is1" = Color Schemer Studio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dramatica Pro 4.0" = Dramatica Pro 4.0
"DreamSuite" = Uninstall DreamSuite
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DX-Ball 1.07" = DX-Ball 1.07
"ExpressBurn" = Express Burn
"FastCAD" = FastCAD
"FrostWire" = FrostWire 4.18.4
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"IrfanView" = IrfanView (remove only)
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Light v3.5 for Adobe Photoshop & Compatible Applications" = Light v3.5 for Adobe Photoshop & Compatible Applications
"Liquid Story Binder XE_is1" = Liquid Story Binder XE 3.11
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mystical" = Uninstall Mystical
"MysticalTTC" = Uninstall MysticalTTC
"Mz Ram Booster" = Mz Ram Booster
"Orbit_is1" = Orbit Downloader
"Prism" = Prism Video Converter
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Q-Xpress Installer" = Q-Xpress Installer 1.1.9
"RealPlayer 6.0" = RealPlayer
"Roxio MRFilter" = Roxio EasyWrite Reader
"Selteco Menu Maker 3.0" = Selteco Menu Maker 3.0
"SimPE_is1" = SimPE 0.64 (alpha)
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = ClockIt for Windows NT, Win9X
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Switch" = Switch Sound File Converter
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ToolBox" = NCH Toolbox
"Ultra Fractal 5.01 Animation Edition" = Ultra Fractal 5.01 Animation Edition
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yRead2_is1" = yRead2
"yRead3_is1" = yRead3
"yWriter4_is1" = yWriter4

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >





#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 10 January 2010 - 10:14 PM

Hi,

you're very welcome.

Since you seem to be infected by a rootkit, I would like you to run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 11 January 2010 - 01:19 AM

after using combofix the computer booted up okay, but after the log was completed, I was unable to access any programs, including the web browsers. Everything I clicked on came back with the message: "illegal operation attempted on a registry key marked for deletion." Males me afraid to turn the computer Off!


CF log:

ComboFix 10-01-04.01 - install 01/11/2010 0:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1005 [GMT -5:00]
Running from: c:\users\install\Desktop\ComboFix.bat.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Images
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\H8SRTeijcyctlhx.sys
c:\windows\system32\H8SRTdtoaqxdmex.dat
c:\windows\system32\H8SRTrujdwfqrcf.dll
c:\windows\system32\H8SRTttotpmmqeq.dll
c:\windows\system32\H8SRTxmuadxycpk.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_H8SRTd.sys
-------\Service_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 05:42 . 2007-12-28 21:51 10240 ----a-w- C:\SensApi.dll
2010-01-11 05:39 . 2010-01-11 05:43 -------- d-----w- c:\users\install\AppData\Local\temp
2010-01-11 04:24 . 2010-01-11 04:24 -------- d-----w- C:\32788R22FWJFW
2010-01-11 04:10 . 2010-01-11 04:10 -------- d-----w- C:\ComboFix.com3199C
2010-01-11 04:07 . 2010-01-11 04:07 -------- d-----w- C:\ComboFix.com
2010-01-11 04:03 . 2010-01-11 03:54 3819182 ----a-w- C:\ComboFix.exe
2010-01-11 03:43 . 2010-01-11 03:43 -------- d-----w- c:\users\install\AppData\Local\AVG Security Toolbar
2010-01-11 02:11 . 2010-01-11 02:11 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-11 00:56 . 2010-01-11 00:56 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-01-11 00:53 . 2010-01-11 00:53 -------- d-----w- c:\program files\trend micro
2010-01-11 00:53 . 2010-01-11 00:54 -------- d-----w- C:\rsit
2010-01-10 21:30 . 2010-01-10 21:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-10 21:10 . 2010-01-10 21:10 0 ----a-w- c:\windows\system32\settings.dat
2010-01-08 22:10 . 2010-01-08 22:48 -------- d-----w- c:\users\topaze\DoctorWeb
2010-01-08 17:42 . 2010-01-11 01:08 849 ----a-w- c:\windows\system32\h8srtkrl32mainweq.dll
2010-01-08 01:39 . 2010-01-08 01:40 -------- d-----w- C:\FirefoxPortable
2010-01-08 01:00 . 2010-01-08 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-12-31 00:26 . 2009-12-31 00:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-29 20:59 . 2010-01-05 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-29 20:59 . 2009-12-29 20:59 -------- d-----w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com
2009-12-28 12:21 . 2009-12-28 17:58 -------- d-----w- C:\ebbc6f5c85f17d65bda6d11e
2009-12-28 01:49 . 2009-12-28 01:49 -------- d-----w- c:\users\topaze\AppData\Roaming\Malwarebytes
2009-12-28 01:45 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 01:44 . 2009-12-28 01:44 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 01:44 . 2010-01-08 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 01:44 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-13 23:06 . 2009-12-14 02:54 -------- d-----w- c:\users\topaze\AppData\Roaming\DVD Flick
2009-12-13 23:05 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 05:42 . 2008-05-22 22:46 857 --sha-w- c:\windows\system32\mmf.sys
2010-01-11 03:44 . 2007-12-08 13:21 268328 ----a-w- c:\users\install\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-11 03:37 . 2007-10-27 20:05 -------- d-----w- c:\users\topaze\AppData\Roaming\WTablet
2010-01-11 01:35 . 2009-02-22 20:20 1 ----a-w- c:\users\topaze\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 20:24 . 2008-02-16 01:08 268328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-10 19:54 . 2008-03-01 15:19 -------- d-----w- c:\users\topaze\AppData\Roaming\Orbit
2010-01-10 19:48 . 2008-03-01 15:19 -------- d-----w- c:\program files\Orbitdownloader
2010-01-10 12:39 . 2009-12-04 17:46 1356 ----a-w- c:\users\topaze\AppData\Local\d3d9caps.dat
2010-01-08 16:31 . 2007-04-10 10:02 -------- d-----w- c:\programdata\Symantec
2010-01-08 06:54 . 2008-12-08 04:12 16 ----a-w- c:\windows\popcinfo.dat
2010-01-08 00:52 . 2010-01-08 00:46 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 20:17 . 2008-11-13 20:30 -------- d-----w- c:\users\topaze\AppData\Roaming\FrostWire
2010-01-06 02:52 . 2008-08-28 03:13 -------- d-----w- c:\program files\Incomplete
2010-01-06 02:52 . 2008-11-13 20:29 -------- d-----w- c:\program files\FrostWire
2010-01-05 17:40 . 2009-12-31 00:28 52224 ----a-w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-05 17:40 . 2009-12-31 00:28 117760 ----a-w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 03:02 . 2008-02-09 14:39 -------- d-----w- c:\program files\Tierazon-v29
2009-12-29 22:00 . 2007-05-12 04:00 -------- d-----w- c:\program files\Launch Manager
2009-12-29 20:58 . 2009-02-01 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 16:13 . 2007-12-08 11:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 12:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-28 22:03 . 2008-02-16 01:08 8224 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-28 19:13 . 2009-06-17 14:06 140392 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-28 19:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-28 19:09 . 2009-12-28 19:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 19:04 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2009-12-28 19:04 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2009-12-26 20:25 . 2007-10-01 16:45 486 ----a-w- c:\windows\eReg.dat
2009-12-26 03:22 . 2009-12-26 03:22 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 03:14 . 2009-10-30 12:28 144160 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\uninstall.exe
2009-12-25 03:13 . 2009-12-10 19:26 4187512 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2009-12-25 03:13 . 2009-10-30 12:28 -------- d-----w- c:\users\topaze\AppData\Roaming\Move Networks
2009-12-21 15:09 . 2009-12-13 14:23 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-16 16:09 . 2009-07-08 11:38 -------- d-----w- c:\program files\Google
2009-12-16 16:01 . 2008-12-10 20:29 -------- d-----w- c:\program files\Lexmark Toolbar
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-03 12:11 . 2009-12-03 12:11 -------- d-----w- c:\programdata\NtiDvdCopy
2009-11-14 16:29 . 2009-11-14 16:29 -------- d-----w- c:\users\topaze\AppData\Roaming\DivX
2009-11-14 16:29 . 2009-11-14 16:28 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-14 16:28 . 2009-11-14 16:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 16:06 . 2009-01-24 01:39 -------- d-----w- c:\program files\NCH Software
2009-11-09 13:34 . 2009-12-10 08:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-10 08:10 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-10 08:10 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 05:26 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 12:28 . 2009-08-03 21:48 4187512 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-10-29 07:59 . 2009-11-25 08:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-09 13:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-09 13:51 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-09 13:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-09 13:51 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-09 13:51 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-09 13:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-09 13:51 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-03-01 18:14 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-07-04 18:49 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-07-04 18:49 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-11 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-12-28 458752]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-25 155648]

c:\users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-11-1 575488]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal1.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 MrFilter;EasyWrite Driver;c:\windows\System32\drivers\MRFilter.sys [2/24/2009 9:00 AM 27136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2/8/2009 3:12 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/8/2009 3:12 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [4/10/2007 5:11 AM 50688]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 7:30 AM 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 5:12 PM 161064]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [4/10/2007 5:09 AM 202872]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 USA19H;USA19H;c:\windows\System32\drivers\usa19h2k.sys [10/27/2007 8:26 AM 698752]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\System32\drivers\usa19h2kp.sys [10/27/2007 8:26 AM 24192]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6/17/2009 9:06 AM 611064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 11:38]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 11:39]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 11:39]

2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{DE0FC7E3-81CC-4279-A31D-4B8AEB63CE14}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: about.com\forums
Trusted Zone: about.com\generalhospital
Trusted Zone: blackplanet.com\www
Trusted Zone: creativepro.com\www
Trusted Zone: creflodollarministries.org\interactive
Trusted Zone: dailyword.com\www
Trusted Zone: fanfiction.net\www
Trusted Zone: flashkit.com
Trusted Zone: flashkit.com\board
Trusted Zone: harvest.org\www
Trusted Zone: intouch.org\www
Trusted Zone: invisionfree.com\z7
Trusted Zone: live.com\login
Trusted Zone: todayspromise.com\www
FF - ProfilePath - c:\users\install\AppData\Roaming\Mozilla\Firefox\Profiles\zr5nbjha.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint_.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint_0306003B.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-MzRamBooster - c:\windows\System32\MzRamBooster.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-IgfxTray - (no file)
HKLM-Run-eDSMSNfix - c:\acer\Empowering Technology\eDSMSNfix.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware2\mbam.exe
AddRemove-Adobe Photoshop CS4_is1 - h:\program files\Photoshop CS4\unins000.exe
AddRemove-Apophysis 2.0 - h:\program files\Apophysis 2.0\uninstall.exe
AddRemove-AutoREALM - h:\program files\AutoREALM\DeIsL1.isu
AddRemove-DVD Flick_is1 - h:\program files\DVD Flick\unins000.exe
AddRemove-FastCAD - h:\install\CC3\CC3\UNINST.EXE
AddRemove-FrostWire - h:\program files\FrostWire\Uninstall.exe
AddRemove-Liquid Story Binder XE_is1 - h:\program files\Black Obelisk Software\Liquid Story Binder XE\unins000.exe
AddRemove-Mz Ram Booster - c:\program files\MzRam\uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\runservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Smith Micro\StuffIt11\ArcNameService.exe
c:\windows\system32\Wacom_Tablet.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\Wacom_Tablet.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\users\install\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-11 00:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 05:53

Pre-Run: 11,636,387,840 bytes free
Post-Run: 11,571,994,624 bytes free

- - End Of File - - D057BE1D89B31449BA2FDAB005F76712


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 11 January 2010 - 07:46 AM

Hi,

do you have a second PC through which we could communicate in case something went wrong?

If so please reboot, I don't expect anything to go wrong.


Let me know if the messages still appear after reboot.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 11 January 2010 - 08:38 AM

thank you thank you thank you!!!

Everything seems to be working ok at this point. Restore points are back [it set one last night around 3am] Windows update is trying to run but failed - but we are having power outages this morning [it's COLD in the southeast of the USA this morning!] so I'm hoping that's the issue.

I've been going through my programs, and so far so good... if there's anything that doesn't go right, hopefully I'll catch it before the day is out. But thank you again for your help; this is the first time in more than ten years that I haven't been able to fix my computer myself one way or another!

Now that I have all of these antispyware programs in my arsenal, which ones would you suggest I begin to run on a regular basis? [so this doesn't happen again?]

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 11 January 2010 - 08:59 AM

Hi,

please don't leave just yet. We need to remove some more entries the malware left on your system and bring it up to date.

First of all I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Norton.

Next to remove the remaining entries, please run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\h8srtkrl32mainweq.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal1.sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll,"


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

Edited by myrti, 11 January 2010 - 09:00 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 11 January 2010 - 05:41 PM

Did everything

ComboFix 10-01-04.01 - install 01/11/2010 17:03:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1134 [GMT -5:00]
Running from: c:\users\install\Desktop\ComboFix.bat.exe
Command switches used :: c:\users\install\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\h8srtkrl32mainweq.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\system32\h8srtkrl32mainweq.dll
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 22:12 . 2010-01-11 22:12 -------- d-----w- c:\users\install\AppData\Local\temp
2010-01-11 22:12 . 2010-01-11 22:12 -------- d-----w- c:\users\topaze\AppData\Local\temp
2010-01-11 22:12 . 2010-01-11 22:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-11 22:12 . 2010-01-11 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 22:12 . 2010-01-11 22:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-11 21:55 . 2010-01-11 22:02 -------- d-----w- C:\32788R22FWJFW
2010-01-11 15:23 . 2007-12-28 21:51 10240 ----a-w- C:\SensApi.dll
2010-01-11 13:23 . 2010-01-11 13:23 1 ----a-w- c:\users\install\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-11 13:19 . 2010-01-11 13:19 -------- d-----w- c:\users\install\AppData\Roaming\OpenOffice.org
2010-01-11 13:15 . 2010-01-11 13:15 -------- d-----w- c:\users\install\AppData\Local\Opera
2010-01-11 04:10 . 2010-01-11 04:10 -------- d-----w- C:\ComboFix.com3199C
2010-01-11 04:07 . 2010-01-11 04:07 -------- d-----w- C:\ComboFix.com
2010-01-11 04:03 . 2010-01-11 03:54 3819182 ----a-w- C:\ComboFix.exe
2010-01-11 03:43 . 2010-01-11 03:43 -------- d-----w- c:\users\install\AppData\Local\AVG Security Toolbar
2010-01-11 02:11 . 2010-01-11 02:11 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-01-11 00:56 . 2010-01-11 00:56 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2010-01-11 00:53 . 2010-01-11 00:53 -------- d-----w- c:\program files\trend micro
2010-01-11 00:53 . 2010-01-11 00:54 -------- d-----w- C:\rsit
2010-01-10 21:30 . 2010-01-10 21:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-01-10 21:10 . 2010-01-10 21:10 0 ----a-w- c:\windows\system32\settings.dat
2010-01-08 22:10 . 2010-01-08 22:48 -------- d-----w- c:\users\topaze\DoctorWeb
2010-01-08 01:39 . 2010-01-08 01:40 -------- d-----w- C:\FirefoxPortable
2010-01-08 01:00 . 2010-01-08 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2010-01-08 00:46 . 2010-01-08 00:52 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 00:28 . 2010-01-05 17:40 52224 ----a-w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-31 00:28 . 2010-01-05 17:40 117760 ----a-w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-31 00:26 . 2009-12-31 00:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-29 20:59 . 2010-01-05 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-29 20:59 . 2009-12-29 20:59 -------- d-----w- c:\users\topaze\AppData\Roaming\SUPERAntiSpyware.com
2009-12-28 12:21 . 2009-12-28 17:58 -------- d-----w- C:\ebbc6f5c85f17d65bda6d11e
2009-12-28 01:49 . 2009-12-28 01:49 -------- d-----w- c:\users\topaze\AppData\Roaming\Malwarebytes
2009-12-28 01:45 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 01:44 . 2009-12-28 01:44 -------- d-----w- c:\programdata\Malwarebytes
2009-12-28 01:44 . 2010-01-08 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 01:44 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 03:22 . 2009-12-26 03:22 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 23:06 . 2009-12-14 02:54 -------- d-----w- c:\users\topaze\AppData\Roaming\DVD Flick
2009-12-13 23:05 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-12-13 14:23 . 2009-12-21 15:09 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 17:52 . 2007-04-10 10:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-11 17:50 . 2007-04-10 10:02 -------- d-----w- c:\programdata\Symantec
2010-01-11 15:23 . 2008-05-22 22:46 857 --sha-w- c:\windows\system32\mmf.sys
2010-01-11 14:04 . 2007-10-27 20:05 -------- d-----w- c:\users\topaze\AppData\Roaming\WTablet
2010-01-11 03:44 . 2007-12-08 13:21 268328 ----a-w- c:\users\install\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-11 01:35 . 2009-02-22 20:20 1 ----a-w- c:\users\topaze\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 20:24 . 2008-02-16 01:08 268328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-10 19:54 . 2008-03-01 15:19 -------- d-----w- c:\users\topaze\AppData\Roaming\Orbit
2010-01-10 19:48 . 2008-03-01 15:19 -------- d-----w- c:\program files\Orbitdownloader
2010-01-10 12:39 . 2009-12-04 17:46 1356 ----a-w- c:\users\topaze\AppData\Local\d3d9caps.dat
2010-01-08 06:54 . 2008-12-08 04:12 16 ----a-w- c:\windows\popcinfo.dat
2010-01-07 20:17 . 2008-11-13 20:30 -------- d-----w- c:\users\topaze\AppData\Roaming\FrostWire
2010-01-06 02:52 . 2008-08-28 03:13 -------- d-----w- c:\program files\Incomplete
2010-01-06 02:52 . 2008-11-13 20:29 -------- d-----w- c:\program files\FrostWire
2009-12-31 03:02 . 2008-02-09 14:39 -------- d-----w- c:\program files\Tierazon-v29
2009-12-29 22:00 . 2007-05-12 04:00 -------- d-----w- c:\program files\Launch Manager
2009-12-29 20:58 . 2009-02-01 01:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 16:13 . 2007-12-08 11:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 12:36 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-28 22:03 . 2008-02-16 01:08 8224 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-28 19:13 . 2009-06-17 14:06 140392 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-28 19:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-28 19:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-28 19:09 . 2009-12-28 19:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 19:04 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2009-12-28 19:04 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2009-12-26 20:25 . 2007-10-01 16:45 486 ----a-w- c:\windows\eReg.dat
2009-12-25 03:14 . 2009-10-30 12:28 144160 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\uninstall.exe
2009-12-25 03:13 . 2009-12-10 19:26 4187512 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2009-12-25 03:13 . 2009-10-30 12:28 -------- d-----w- c:\users\topaze\AppData\Roaming\Move Networks
2009-12-16 16:09 . 2009-07-08 11:38 -------- d-----w- c:\program files\Google
2009-12-16 16:01 . 2008-12-10 20:29 -------- d-----w- c:\program files\Lexmark Toolbar
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-03 12:11 . 2009-12-03 12:11 -------- d-----w- c:\programdata\NtiDvdCopy
2009-11-14 16:29 . 2009-11-14 16:29 -------- d-----w- c:\users\topaze\AppData\Roaming\DivX
2009-11-14 16:29 . 2009-11-14 16:28 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-11-14 16:28 . 2009-11-14 16:27 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 16:06 . 2009-01-24 01:39 -------- d-----w- c:\program files\NCH Software
2009-11-09 13:34 . 2009-12-10 08:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-10 08:10 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-10 08:10 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 05:26 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 12:28 . 2009-08-03 21:48 4187512 ----a-w- c:\users\topaze\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-10-29 07:59 . 2009-11-25 08:03 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-09 13:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-09 13:51 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-09 13:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-09 13:51 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-09 13:51 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-09 13:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-09 13:51 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-03-01 18:14 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-07-04 18:49 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-07-04 18:49 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-11 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-12-28 458752]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-25 155648]

c:\users\topaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 MrFilter;EasyWrite Driver;c:\windows\System32\drivers\MRFilter.sys [2/24/2009 9:00 AM 27136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2/8/2009 3:12 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/8/2009 3:12 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/29/2009 7:30 AM 297752]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 5:12 PM 161064]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\System32\Wacom_Tablet.exe [10/27/2007 3:03 PM 1373480]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [4/10/2007 5:11 AM 50688]
S2 gupdate1c9ffc0bc1ec2de;Google Update Service (gupdate1c9ffc0bc1ec2de);c:\program files\Google\Update\GoogleUpdate.exe [7/8/2009 6:39 AM 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [5/22/2008 5:46 PM 2560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 USA19H;USA19H;c:\windows\System32\drivers\usa19h2k.sys [10/27/2007 8:26 AM 698752]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\System32\drivers\usa19h2kp.sys [10/27/2007 8:26 AM 24192]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [6/17/2009 9:06 AM 611064]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
.
Contents of the 'Scheduled Tasks' folder

2010-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-08 11:38]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 11:39]

2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 11:39]

2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{DE0FC7E3-81CC-4279-A31D-4B8AEB63CE14}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: about.com\forums
Trusted Zone: about.com\generalhospital
Trusted Zone: blackplanet.com\www
Trusted Zone: creativepro.com\www
Trusted Zone: creflodollarministries.org\interactive
Trusted Zone: dailyword.com\www
Trusted Zone: fanfiction.net\www
Trusted Zone: flashkit.com
Trusted Zone: flashkit.com\board
Trusted Zone: harvest.org\www
Trusted Zone: intouch.org\www
Trusted Zone: invisionfree.com\z7
Trusted Zone: live.com\login
Trusted Zone: todayspromise.com\www
FF - ProfilePath - c:\users\install\AppData\Roaming\Mozilla\Firefox\Profiles\zr5nbjha.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint_.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint_0306003B.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 17:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-11 17:15:03
ComboFix-quarantined-files.txt 2010-01-11 22:15
ComboFix2.txt 2010-01-11 05:54

Pre-Run: 8,170,110,976 bytes free
Post-Run: 8,022,589,440 bytes free

- - End Of File - - 3AD6CE7E1D0FF28A2F974A1B2ED4E02D


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 11 January 2010 - 06:15 PM

Hi,

that log is looking much better, the PC is still doing fine? Just to be safe I would like to run an online scan as well:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 January 2010 - 02:52 PM

Here's the results:

C:\Documents and Settings\topaze\DoctorWeb\Quarantine\setup.exe multiple threats deleted - quarantined
C:\Documents and Settings\topaze\Shared\Color Schemer Studio v1.5 + 240 Schemes.RaR probably a variant of Win32/Agent trojan deleted - quarantined
C:\Program Files\SWiSH Max2\Patch.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTttotpmmqeq.dll.vir a variant of Win32/Kryptik.BLL trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\H8SRTxmuadxycpk.dll.vir Win32/Kryptik.BLL.Gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\drivers\H8SRTeijcyctlhx.sys.vir a variant of Win32/Rootkit.Kryptik.AG trojan cleaned by deleting - quarantined
D:\PORTABLE\Adobe Illustrator CS3\Program Data\1000000800002i\svchost.exe probably a variant of Win32/IRCBot trojan cleaned by deleting - quarantined

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 12 January 2010 - 03:00 PM

Hi,

this is looking good, the files found were no longer active. smile.gif

Before getting to the final step, I would like you to update your software:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 January 2010 - 06:09 PM

ok, I've updated my java - it had been trying to update just as the computer was trying to go crazy and I wasn't letting anything update. And speaking of that, Windows Vista service pack 1 also wants to update - is it ok at this point to let it run?

Also my main account has lost its desktop, bookmarks, etc. That shouldn't be hard to fix, or is it?

Edited by mzmm, 12 January 2010 - 06:09 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:20 AM

Posted 12 January 2010 - 06:38 PM

Hi,

yes please update vista as well.

When did you loose your information and what exactly was it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 mzmm

mzmm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 January 2010 - 06:55 PM

I tried to go back into my regular account on the computer - the desktop was back, but then I keep getting a popup window saying "Windows Explorer has stopped working" over and over and over again. Of course, that means I couldn't do anything else. Am back in my secondary account. Is there any way that I can access my Firefox bookmarks from here? I thought I backed them up to an html file, but can't import them into Firefox.

This stuff is minor compared to what just got fixed, so I just want to thank you again at this point. Talk about being relieved! clapping.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users