Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INFECTED WITH UNKNOWN MALWARE, PLEASE HELP


  • This topic is locked This topic is locked
35 replies to this topic

#1 sa000

sa000

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 February 2010 - 05:08 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/297874/infected-with-rootkitagent/ ~ OB

I was told to create a new topic here by boopme. I am giving 4 logs, hijack this, 2 from dds thing , and 1 from gmer. I can not do a new gmer scan with those "unchecked" items as told in one of your forums because it automatically restarts the computer so I can only post the log that has everything. Also I believe the name of the malware is rootkit.agent . I saw another forum claiming that someone had that virus so hopefully there is a solution. Please someone help, I can not afford a new laptop and my dad would hate me forever.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:31 PM, on 2/24/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:Program FilesAdobeReader 9.0Readerreader_sl.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesApoint2KApoint.exe
C:Windowssystem32igfxsrvc.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrobat_sl.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesPowerISOPWRISOVM.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Windowssystem32igfxext.exe
C:Windowssystem32igfxsrvc.exe
C:UserskhairulAppDataLocalTempRtkBtMnt.exe
C:Windowsehomeehmsas.exe
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesApoint2KApntex.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80227
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80227
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_4730z
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:PROGRA~1INBOXT~1Inbox.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program FilesMSNToolbar3.0.1125.0msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:Program FilesAIM Toolbaraimtb.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:PROGRA~1INBOXT~1Inbox.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [eDataSecurity Loader] C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSloader.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe
O4 - HKLM..Run: [ePower_DMC] C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
O4 - HKLM..Run: [Acer Assist Launcher] C:Program FilesAcerAcer Assistlauncher.exe
O4 - HKLM..Run: [Acer Product Registration] "C:Program FilesAcerAcer RegistrationACE1.exe" /startup
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Microsoft Default Manager] "C:Program FilesMicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeADOBEV~1ServerbinVERSIO~2.EXE
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [DNS7reminder] "C:Program FilesNuanceNaturallySpeaking10EregEreg.exe" -r "C:ProgramDataNuanceNaturallySpeaking10Ereg.ini
O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE
O4 - HKLM..Run: [WheelMouse] C:Program FilesA4TechMouseAmoumain.exe
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Malwarebytes' Anti-Malware] "C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe" /starttray
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:ProgramDataAIM ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:Program FilesAIM Toolbaraimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:PROGRA~1INBOXT~1Inbox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:PROGRA~1CrawlerToolbarctbr.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:Program FilesStardockFencesFencesMenu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerbinVersionCueCS4.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:Windowssystem32agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f2588320d2a0) (gupdate1c9f2588320d2a0) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:Program FilesArcSoftMagic-i 3uMgiSvr.exe
O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

--
End of file - 13310 bytes



DDS (Ver_09-12-01.01) - NTFSx86
Run by khairul at 16:35:26.65 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1977.1029 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k secsvcs
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSLoader.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesApoint2KApoint.exe
C:Windowssystem32igfxsrvc.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:WindowsSystem32mobsync.exe
C:UserskhairulAppDataLocalTempRtkBtMnt.exe
C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
C:Windowssystem32agrsmsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
C:Program FilesAcerEmpowering TechnologyServiceETService.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesArcSoftMagic-i 3uMgiSvr.exe
C:AcerMobility CenterMobilityService.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesViewpointCommonViewpointService.exe
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Program FilesSpybot - Search & DestroySDWinSec.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesApoint2KApMsgFwd.exe
C:Program FilesLaunch ManagerLManager.exe
C:Program FilesAcerEmpowering TechnologyePowerePower_DMC.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesPowerISOPWRISOVM.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Windowssystem32igfxext.exe
C:Windowsehomeehmsas.exe
C:Windowssystem32wbemunsecapp.exe
C:Windowssystem32igfxsrvc.exe
C:Windowssystem32Taskmgr.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:Windowssystem32wuauclt.exe
C:WindowsservicingTrustedInstaller.exe
C:Windowssystem32taskeng.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UserskhairulDocumentsDownloadsdds (1).scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1108&m=aspire_4730z
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:progra~1inboxt~1Inbox.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:program filesaim toolbaraimtb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:program filesacerempowering technologyedatasecurityx86eDStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogletoolbar1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:program filesmsntoolbar3.0.1125.0msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:program filesaim toolbaraimtb.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:progra~1inboxt~1Inbox.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:progra~1crawlertoolbarctbr.dll
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [AdobeBridge]
uRun: [ISUSPM Startup] c:progra~1common~1instal~1update~1ISUSPM.exe -startup
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:program filesacerempowering technologyedatasecurityx86eDSloader.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [Apoint] c:program filesapoint2kApoint.exe
mRun: [LManager] c:progra~1launch~1LManager.exe
mRun: [ePower_DMC] c:program filesacerempowering technologyepowerePower_DMC.exe
mRun: [eRecoveryService]
mRun: [Acer Assist Launcher] c:program filesaceracer assistlauncher.exe
mRun: [Acer Product Registration] "c:program filesaceracer registrationACE1.exe" /startup
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [Microsoft Default Manager] "c:program filesmicrosoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"
mRun: [Adobe_ID0ENQBO] c:progra~1common~1adobeadobev~1serverbinVERSIO~2.EXE
mRun: [SSBkgdUpdate] "c:program filescommon filesscansoft sharedssbkgdupdateSSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:program filescommon filesinstallshieldupdateserviceissch.exe" -start
mRun: [DNS7reminder] "c:program filesnuancenaturallyspeaking10eregereg.exe" -r "c:programdatanuancenaturallyspeaking10Ereg.ini
mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE
mRun: [WheelMouse] c:program filesa4techmouseAmoumain.exe
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
StartupFolder: c:userskhairulappdataroamingmicros~1windowsstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:programdataaim toolbarietoolbarresourcesen-uslocalsearch.html
IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:program filesaim toolbaraimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~2office12ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:progra~1inboxt~1Inbox.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1crawlertoolbarctbr.dll
Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:progra~1googlegoogle~1GOEC62~1.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:program filesstardockfencesFencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:userskhairulappdataroamingmozillafirefoxprofileszll41j1w.default
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80227&language=en&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:program filescrawlertoolbarfirefoxcomponentsxcomm.dll
FF - component: c:program filescrawlertoolbarfirefoxcomponentsxshared.dll
FF - component: c:program filescrawlertoolbarfirefoxcomponentsxsupport.dll
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpbittorrent.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdnu.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpViewpoint.dll
FF - plugin: c:program filesviewpointviewpoint media playernpViewpoint.dll
FF - plugin: c:userskhairulprogram filesdnapluginsnpbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-2-18 114768]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2007-2-27 32256]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-2-18 20560]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2009-2-18 51792]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2009-2-18 138680]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:program filesnewtech infosystemsnti backup now 5clientAgentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:program filesacerempowering technologyserviceETService.exe [2008-8-18 24576]
R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2010-2-21 236368]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:program filesnewtech infosystemsnti backup now 5BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:program filesnewtech infosystemsnti backup now 5SchedulerSvc.exe [2008-4-25 131072]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:windowssystem32driversousbehci.sys [2009-11-3 45440]
R2 SBSDWSCService;SBSD Security Center Service;c:program filesspybot - search & destroySDWinSec.exe [2010-2-22 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:program filesalcohol softalcohol 52starwindStarWindServiceAE.exe [2007-5-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:program filesviewpointcommonViewpointService.exe [2009-2-1 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2009-2-18 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2009-2-18 352920]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-2-21 19160]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:windowssystem32driversousb2hub.sys [2009-11-3 56960]
S2 gupdate1c9f2588320d2a0;Google Update Service (gupdate1c9f2588320d2a0);c:program filesgoogleupdateGoogleUpdate.exe [2009-6-21 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filescommon filesadobeadobe version cue cs4serverbinVersionCueCS4.exe [2008-8-15 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:program filesgooglegoogle desktop searchGoogleDesktop.exe [2008-11-14 24064]
S3 JMCR;JMCR;c:windowssystem32driversjmcr.sys [2008-8-15 93968]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2006-2-16 4096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:windowssystem32driversVBoxNetAdp.sys [2009-12-17 99152]

=============== Created Last 30 ================

2010-02-24 21:17:25 20 ----a-w- c:userskhairuldefogger_reenable
2010-02-24 20:16:10 0 d-----w- c:program filesTrend Micro
2010-02-24 19:47:58 0 d-----w- c:program filesTrendMicro
2010-02-23 03:41:56 0 d-----w- C:$RECYCLE.BIN
2010-02-23 03:20:27 98816 ----a-w- c:windowssed.exe
2010-02-23 03:20:27 77312 ----a-w- c:windowsMBR.exe
2010-02-23 03:20:27 261632 ----a-w- c:windowsPEV.exe
2010-02-23 03:20:27 161792 ----a-w- c:windowsSWREG.exe
2010-02-23 03:11:52 0 d-----w- C:Commy
2010-02-23 02:46:42 0 d-----w- c:windowssystem32EventProviders
2010-02-23 01:44:07 0 d-----w- c:programdataSUPERAntiSpyware.com
2010-02-23 01:43:34 0 d-----w- c:userskhairulappdataroamingSUPERAntiSpyware.com
2010-02-23 01:43:34 0 d-----w- c:program filesSUPERAntiSpyware
2010-02-23 01:39:39 0 d-----w- c:programdataSpybot - Search & Destroy
2010-02-23 01:39:39 0 d-----w- c:program filesSpybot - Search & Destroy
2010-02-22 23:56:49 0 d-----w- c:program filesFileASSASSIN
2010-02-22 23:34:19 0 dc-h--w- c:programdata{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-02-21 17:58:27 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-02-21 17:58:24 19160 ----a-w- c:windowssystem32driversmbam.sys
2010-02-21 17:48:54 0 d-----w- c:programdataOffice Genuine Advantage
2010-02-21 15:02:04 0 d-----w- c:programdatayepilume
2010-02-21 15:02:04 0 d-----w- c:programdatapisiwofo
2010-02-21 15:02:04 0 d-----w- c:programdatagululupi
2010-02-21 02:42:07 791552 ----a-w- c:windowssystem32driversyyykv.sys
2010-02-21 02:41:11 0 d-----w- c:programdatakelonuwa
2010-02-21 02:41:11 0 d-----w- c:programdatagazugutu
2010-02-21 02:41:11 0 d-----w- c:programdatabetulota
2010-02-19 22:07:01 473088 ------w- c:windowsStarcraft.exe
2010-02-19 20:44:06 0 d-----w- c:programdataBlizzard Entertainment
2010-02-19 20:44:06 0 d-----w- c:program filesStarCraft II Beta
2010-02-19 20:44:06 0 d-----w- c:program filescommon filesBlizzard Entertainment
2010-02-19 20:43:26 0 d-----w- c:programdataBlizzard
2010-02-14 19:01:52 0 d-----w- c:program filesDirectVobSub
2010-02-03 02:57:15 0 d-----w- c:windowssystem32Adobe

==================== Find3M ====================

2010-01-20 18:01:52 86016 ----a-w- c:windowsinfinfstor.dat
2010-01-20 18:01:52 51200 ----a-w- c:windowsinfinfpub.dat
2010-01-20 18:01:52 143360 ----a-w- c:windowsinfinfstrng.dat
2010-01-14 16:12:06 181120 ------w- c:windowssystem32MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:windowssystem32wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:windowssystem32iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:windowssystem32iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:windowssystem32ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:windowssystem32tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:windowssystem32quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:windowssystem32msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:windowssystem32msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:windowssystem32msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:windowssystem32msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:windowssystem32mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:windowssystem32iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:windowssystem32avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:windowssystem32avicap32.dll
2009-12-08 20:52:17 3597912 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-12-08 20:52:16 3546200 ----a-w- c:windowssystem32ntoskrnl.exe
2009-11-30 23:02:40 171144 ----a-w- c:windowssystem32xliveinstall.dll
2009-11-30 23:02:38 72840 ----a-w- c:windowssystem32xliveinstallhost.exe
2008-08-19 01:57:41 665600 ----a-w- c:windowsinfdrvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-10-15 07:23:13 245760 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowsietldcacheindex.dat

============= FINISH: 16:38:19.96 ===============

Because of my huge gmer log, i have divided it into 2 parts, I apologize for the inconvenience but I can not rescan with it as my computer will automatically restart. Also, i can not see my "network" symbol on my lower right hand side on my laptop which concerns me.

I could not upload the last part because of space limitations but all of them File C:Program FilesAdobeAdobe Contribute CS4NetIOLAN.dll with just different variations in where the Adobe file. I know this is a hassle so I appreciate the work you are doing.

Merged 3 posts. ~ OB

Attached Files


Edited by sa000, 24 February 2010 - 09:18 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 26 February 2010 - 08:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 February 2010 - 10:44 PM

Hello myrti, first I would just like to thank you for taking your time to help me. OK, so I believe I am infected with a malware known at rootkit.agent. I have scanned my computer with avast, malware bytes and super anti spyware. It claims to have deleted it but everytime I restart my laptop, avast alerts me a rootkit agent is there and asks me if I want to delete it. I do but it always come back later. So I have scanned with OTl and below is the OTl and Extras logs. The first one is extras and the next one is the otl one.

OTL Extras logfile created on: 2/26/2010 10:11:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\khairul\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 27.24 Gb Free Space | 24.45% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 111.28 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KHAIRUL-PC
Current User Name: khairul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AEFA7C-CEA1-4908-B658-EB659C6284D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0ECB33A6-ADAE-4409-9870-472E70B77680}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{16439FDD-7EF9-4E4F-B8B9-E2DB6CCAAE51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16996297-1417-42D9-B7CA-75EDCE9D555D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C1D1A9A-3053-4B9D-9132-36DC063DB679}" = lport=138 | protocol=17 | dir=in | app=system |
"{22EEC1AF-47C6-4838-B139-64BF2E190EDF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2B20DED6-CDA4-4146-B4A9-A7FDA1A092DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{32931F05-4661-4743-B1F3-B0697D1108A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{48E049C6-8E16-41A3-9CCD-BF2B0CA2BC66}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A296CBC-5672-4B3F-88B3-5E9962CC6574}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A3DB6FA-288C-43BD-A55B-E9082FF1F666}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64CF7B32-6BD8-4862-9A90-7134DB868AF7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{88A57024-F4DF-4055-BC8F-74650E427EF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{9A38F815-1DFC-45BA-9CCF-83049ADD10CB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9ECFA21A-B79D-4B3A-96E3-FEC5399940F1}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A209FCA3-3F6F-4EFB-9D76-834CD17D5749}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCE30472-591E-49A9-BAA1-C7AF2A9D8C68}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{CBAFBF1F-8171-4654-9989-909F40FFDA46}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CF30F030-5574-4747-A3AE-D17311C130CC}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E64AA755-5995-4271-A03F-731D82B071AC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E6689ACB-3746-4F93-9341-F87DE9DCD838}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{F1A96EB9-8060-41E2-8AA4-E278AF5CF0B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5985787-7606-4CD4-9EB6-40A66594D447}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F5D898FB-88E4-4122-92A4-1B84C43A6605}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DA8F38-610A-4777-8E60-622F084D0B58}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{068F4588-AB3A-4213-AF55-4F1746F2EC6B}" = protocol=17 | dir=in | app=c:\windows\system32\logonui.exe |
"{0E2A66D3-4FD1-43A6-8B12-35BF6AC0DF5C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{115784DE-44DE-4AB7-B8BB-F6D2EF1E2F78}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1414BF7A-C1ED-44A5-BA80-2379E5CA4E42}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{24480BAF-E533-42B6-AE18-2590B80DE362}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{29FDA2E0-9EC2-4ADE-B9CC-56A56F88C46C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{30C22780-A684-4291-8DB9-170E4986232D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33A8852F-38A5-4D30-A227-9DFFF33A03CC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3611BE38-17F8-413A-A279-406B1BB9918F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{3C4334CF-7197-4295-849F-AEEA6DA4AECC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{41991C12-4C03-49BC-A13E-952DAB6EC43C}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5DE76BE8-F734-4A10-A7B5-B9C8E70004C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{622BF3A9-7561-4F52-A2A1-8FA5E572CA84}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{6736C25F-FA30-4B68-95BC-6B7875AFC171}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D88527C-ABED-4785-A483-BF63AE6C9A68}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{76929EA1-FD80-44F6-85A6-C986623D751B}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{7920AB75-AD56-4C91-BEA3-33FA971B7C8C}" = protocol=6 | dir=in | app=c:\windows\system32\logonui.exe |
"{7B0973E8-82C0-43AA-9DF6-84DB2F818896}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FF5B1E1-DEDE-4654-9645-0CFCACE02718}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{846D20B2-1517-44A2-BA4F-E24F08E580CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{88FDC509-8726-43E6-A6C3-1243F1082C79}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{89DB8813-BE5F-4A7B-A42D-E54647E454B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{908A4514-3589-4E25-A103-640D616EDF2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{98BE6DE9-0144-48DF-8690-13DE2F7D35C3}" = protocol=6 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{99DD92B3-D5A7-4D7F-B9B6-802F28EB85E8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{9F96F577-C32B-47F6-AA56-DA61110279FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A44F6E31-2C51-45BF-89FC-B632CCB0B79F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9F450BB-0668-475B-B8AD-36F1D443A840}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3328BCD-9768-463C-8074-C1BABA83C0A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3F25090-2596-4708-BA88-62F6C2274499}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{CAD79D80-1173-4311-87F1-3EF0A31422AE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{CCA50E5B-06D6-4833-9322-2869B2DEA5E1}" = protocol=17 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{D17D1AD8-B310-47B5-996F-745B495B88D4}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D9C436FC-E697-49E4-A868-0B3CF8624194}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E11DE258-05D7-4474-A03E-204CC465476A}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F531E34F-E39D-402A-B865-E8E8A9F5DD28}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FED01425-9EF6-42F5-81AF-C3307948929F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{48B2CD1A-EB0D-45F0-8CE1-BA3B917E42D6}C:\users\khairul\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\khairul\program files\dna\btdna.exe |
"TCP Query User{6347FDF5-F330-484C-9DDD-235DE4088D82}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{67E150F2-BFDA-4E3C-86D1-A28A9F825EAF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{828359EA-2B64-433E-B435-3E3A2847951C}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"TCP Query User{88466E93-9E4B-4DD2-ACB7-8487F65417F3}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{8BB82B90-476F-4BCB-B147-6ED0E203A5BB}C:\users\khairul\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\khairul\desktop\utorrent.exe |
"TCP Query User{8CC95457-5B36-42F3-8F75-7647F45ED0BE}C:\users\khairul\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\khairul\desktop\left 4 dead\left4dead.exe |
"TCP Query User{94DC6CCD-3486-42E0-AF8D-C5BF8EA57AC2}C:\program files\activision\marvel - ultimate alliance\game.exe" = protocol=6 | dir=in | app=c:\program files\activision\marvel - ultimate alliance\game.exe |
"TCP Query User{B1D249B2-CEFF-4754-BC8C-991FB8F9B0DC}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{BF7018A5-12E2-4D74-BB6A-B31DB34777EA}C:\users\khairul\desktop\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\khairul\desktop\downloads\utorrent.exe |
"TCP Query User{C679B294-A5FB-4B6D-92B1-B0EB3DC832B5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{03CA14F2-A8AC-4CF4-8F32-827411A7D6AB}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"UDP Query User{1A0107ED-7A5F-415F-B0D9-5BBDFBE6031B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{268C3A94-25FC-4B54-AE63-C27728F415FF}C:\users\khairul\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\khairul\program files\dna\btdna.exe |
"UDP Query User{4833E716-2228-4FBD-883F-A45DEA4B9ED2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5EE39A79-37FD-4E02-A8F9-C762AFD6E858}C:\users\khairul\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\khairul\desktop\utorrent.exe |
"UDP Query User{6782BC08-127C-4563-938A-BF3D9FE1D11E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D60E16F5-03C4-4EAD-8604-A5B34A19885D}C:\program files\activision\marvel - ultimate alliance\game.exe" = protocol=17 | dir=in | app=c:\program files\activision\marvel - ultimate alliance\game.exe |
"UDP Query User{E205A934-F7F9-436D-BCF1-8A1B2DAD0513}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{E2FF5C17-E7BB-4617-BD3F-63CD4EAE3AA2}C:\users\khairul\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\khairul\desktop\left 4 dead\left4dead.exe |
"UDP Query User{F7CE9660-1596-4572-963C-5E82E1CA5026}C:\users\khairul\desktop\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\khairul\desktop\downloads\utorrent.exe |
"UDP Query User{FF120ADD-71FF-435D-A34E-D3CC1D3DCDB8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BB67266-D1A3-4CCC-8EB2-16770AB1FB76}" = ArcSoft WebCam Companion 2
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{719842F9-FF69-4BA6-A6FE-52244575E0B3}" = ArcSoft VideoImpression 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAB046D7-C187-4648-A1A9-FC875F7E3FCE}" = ArcSoft Magic-i 3
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Aquarius Soft PC Alarm Clock Professional" = Aquarius Soft PC Alarm Clock Professional
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"BootSkin Vista (Free)" = BootSkin Vista (Free)
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CToolbar_UNINSTALL" = Crawler Toolbar
"DirectVobSub" = DirectVobSub (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eyles_Comprehensive_Review" = CPC Review 2009
"Fences" = Fences
"FileASSASSIN" = FileASSASSIN
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"Higher Score on the SAT/PSAT_is1" = Higher Score on the SAT/PSAT
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"PC Satellite TV Pro" = PC Satellite TV Pro
"PeerGuardian_is1" = PeerGuardian 2.0
"PowerISO" = PowerISO
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"StarCraft II Beta" = StarCraft II Beta
"TI-Black Link" = TI-Black Link
"TI-Graph Link 83 Plus" = TI-Graph Link 83 Plus
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"WheelMouse" = iWheelZoom 7.72
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"001ffbb494cfb01a" = BSMx93 Starcraft KeyGenerator
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Cognitive Tutor" = Cognitive Tutor

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/22/2009 1:51:33 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:51:34 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:51:41 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:53:47 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:53:47 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:53:47 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:54:08 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:57:40 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 8/22/2009 1:57:40 PM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
I:\DCIM\100HP735\HPIM0405.JPG failed, 00000570.

Error - 2/21/2010 11:56:05 AM | Computer Name = khairul-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 0000001F.

[ Application Events ]
Error - 2/21/2010 12:02:06 PM | Computer Name = khairul-PC | Source = Application Error | ID = 1000
Description = Faulting application BackupSvc.exe, version 5.1.0.3, time stamp 0x4812a332,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0xdc0, application start time 0x01cab30f360fda10.

Error - 2/21/2010 12:02:26 PM | Computer Name = khairul-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/21/2010 12:03:20 PM | Computer Name = khairul-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 2/21/2010 12:06:21 PM | Computer Name = khairul-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1031
Description =

Error - 2/21/2010 1:48:52 PM | Computer Name = khairul-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/21/2010 2:03:13 PM | Computer Name = khairul-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/21/2010 3:04:31 PM | Computer Name = khairul-PC | Source = VSS | ID = 8194
Description =

Error - 2/21/2010 3:12:15 PM | Computer Name = khairul-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/21/2010 7:38:10 PM | Computer Name = khairul-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/22/2010 7:08:40 PM | Computer Name = khairul-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.44.0.0, time stamp 0x4b46461a,
faulting module PSDProtect.dll, version 3.0.0.4, time stamp 0x488ee5db, exception
code 0x40000015, fault offset 0x0000af13, process id 0x12c8, application start time
0x01cab3fde7b4ad60.

[ Media Center Events ]
Error - 6/1/2009 8:39:32 PM | Computer Name = khairul-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 9/18/2009 7:26:42 PM | Computer Name = khairul-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/10/2009 9:01:19 PM | Computer Name = khairul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36826
seconds with 2040 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/26/2010 4:21:37 AM | Computer Name = khairul-PC | Source = HTTP | ID = 15016
Description =

Error - 2/26/2010 4:22:02 AM | Computer Name = khairul-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/26/2010 4:25:21 AM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 4:25:21 AM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 4:25:21 AM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 4:25:22 AM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 8:48:31 PM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_01401025&REV_00\4&1f1c355f&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 8:48:31 PM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_01401025&REV_00\4&1f1c355f&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 8:48:31 PM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_01401025&REV_00\4&1f1c355f&0&03E4)
disappeared from the system without first being prepared for removal.

Error - 2/26/2010 8:48:31 PM | Computer Name = khairul-PC | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_01401025&REV_00\4&1f1c355f&0&04E4)
disappeared from the system without first being prepared for removal.


< End of report >

OTL logfile created on: 2/26/2010 10:11:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\khairul\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 27.24 Gb Free Space | 24.45% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 111.28 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KHAIRUL-PC
Current User Name: khairul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/26 22:09:52 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\khairul\Desktop\OTL.exe
PRC - [2010/02/24 05:59:14 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\khairul\AppData\Local\temp\RtkBtMnt.exe
PRC - [2010/02/05 13:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/15 05:15:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/02/06 06:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/02/05 16:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 16:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 16:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 16:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 16:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/25 07:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/01 12:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 19:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/16 17:31:42 | 000,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/07/16 17:31:38 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/07/16 17:31:36 | 000,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/07/16 17:31:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/07/16 17:31:14 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/07/02 13:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/06/19 19:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/06/02 11:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/20 21:23:52 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/07/21 20:18:14 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/06/06 18:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2007/05/22 16:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007/01/17 13:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/02/26 22:09:52 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\khairul\Desktop\OTL.exe
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/06/21 05:10:16 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f2588320d2a0) Google Update Service (gupdate1c9f2588320d2a0)
SRV - [2009/05/30 11:30:20 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/05/29 18:51:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/06 06:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/02/05 16:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 16:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 16:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 16:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/26 06:41:22 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/14 10:20:54 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 11:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/18 13:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/17 13:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 17:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/17 15:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/06/05 12:07:37 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/29 12:36:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/05 16:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 16:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 16:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/02/05 16:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 16:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/08/20 12:58:58 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/29 19:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/29 19:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/29 19:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/07/11 12:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/20 19:03:18 | 002,147,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/02 11:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/30 21:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/19 21:42:56 | 000,912,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/19 00:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/30 04:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 04:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 16:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/07/02 14:08:14 | 000,017,664 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/02/27 12:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 23:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 23:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/02/11 04:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 04:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 04:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 04:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 04:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005/01/15 07:39:16 | 000,056,960 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2005/01/15 07:39:16 | 000,045,440 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ousbehci.sys -- (ousbehci)
DRV - [1999/08/30 13:51:42 | 000,009,152 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Ticalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_4730z
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\S-1-5-21-2259255512-3436507111-3811391660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\S-1-5-21-2259255512-3436507111-3811391660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.2
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80227&language=en&qkw="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2009/11/03 22:48:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 16:53:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 16:53:00 | 000,000,000 | ---D | M]

[2009/02/01 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\khairul\AppData\Roaming\Mozilla\Extensions
[2010/02/25 20:58:08 | 000,000,000 | ---D | M] -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions
[2009/08/20 22:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/08/13 14:18:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/20 22:31:43 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/11/03 22:36:09 | 000,000,000 | ---D | M] -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions\inboxcomtoolbar@inbox.com
[2009/12/12 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\extensions\searchrecs@veoh.com
[2009/08/20 22:35:11 | 000,004,207 | ---- | M] () -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\searchplugins\aim-search-1.xml
[2009/11/05 15:14:51 | 000,002,168 | ---- | M] () -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\searchplugins\inbox-search.xml
[2009/03/23 23:56:05 | 000,001,633 | ---- | M] () -- C:\Users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\searchplugins\live-search.xml
[2009/12/18 16:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/02/22 22:41:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\ShellBrowser: (no name) - {32CA105A-BD6C-4AFC-B4D9-346262E9F483} - No CLSID value found.
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - Startup: C:\Users\khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2259255512-3436507111-3811391660-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk - C:\Program Files\HP\Button Manager\BM.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i.lnk - C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^Users^khairul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Alarm Clock Pro.lnk - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe - (Aquarius Soft)
MsConfig - StartUpFolder: C:^Users^khairul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe - File not found
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe File not found
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\khairul\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 22:09:49 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\khairul\Desktop\OTL.exe
[2010/02/25 18:27:47 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Local\Apple
[2010/02/24 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\khairul\Desktop\gmer
[2010/02/24 16:41:41 | 000,093,056 | ---- | C] (GMER) -- C:\pxrdafod.sys
[2010/02/24 15:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/24 15:11:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 15:11:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 15:10:58 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 15:10:58 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 15:10:57 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 15:10:57 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 15:10:56 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 15:10:56 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 15:10:55 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 15:10:55 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 15:10:55 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 14:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/24 06:00:30 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Local\Adobe
[2010/02/23 15:09:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\khairul\Desktop\ATF-Cleaner.exe
[2010/02/22 22:41:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/02/22 22:37:43 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Local\temp
[2010/02/22 22:20:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/22 22:20:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/22 22:20:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/22 22:20:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/22 22:11:52 | 000,000,000 | ---D | C] -- C:\Commy
[2010/02/22 22:11:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/22 22:11:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/22 21:46:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/02/22 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/22 20:43:34 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/22 20:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/22 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/22 20:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/22 18:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/02/22 18:34:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/02/22 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Local\PackageAware
[2010/02/21 12:58:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/21 12:58:24 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/21 12:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/21 10:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\yepilume
[2010/02/21 10:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\pisiwofo
[2010/02/21 10:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\gululupi
[2010/02/20 21:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\kelonuwa
[2010/02/20 21:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\gazugutu
[2010/02/20 21:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\betulota
[2010/02/19 17:07:01 | 000,473,088 | ---- | C] (HackingEdge.com) -- C:\Windows\Starcraft.exe
[2010/02/19 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\khairul\Documents\StarCraft II Beta
[2010/02/19 15:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Beta
[2010/02/19 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Local\Blizzard Entertainment
[2010/02/19 15:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/02/19 15:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/02/19 15:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/02/14 14:08:24 | 000,000,000 | ---D | C] -- C:\Users\khairul\AppData\Roaming\vlc
[2010/02/14 14:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub
[2010/02/10 14:18:26 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 14:18:25 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 14:18:12 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 14:18:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 14:18:11 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 14:18:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/02/10 14:18:10 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/02 21:57:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2008/08/18 21:18:26 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 22:15:44 | 000,791,552 | ---- | M] () -- C:\Windows\System32\drivers\yyykv.sys
[2010/02/26 22:14:24 | 004,194,304 | -HS- | M] () -- C:\Users\khairul\ntuser.dat
[2010/02/26 22:09:52 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\khairul\Desktop\OTL.exe
[2010/02/26 22:08:47 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 22:08:46 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/26 22:08:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/26 03:37:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 03:28:17 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/26 03:28:17 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/26 03:28:17 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/26 03:22:43 | 000,108,304 | ---- | M] () -- C:\Users\khairul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 03:22:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/26 03:22:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/02/26 03:21:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/26 03:21:33 | 002,327,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/26 03:20:27 | 2074,099,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/26 03:18:11 | 000,524,288 | -HS- | M] () -- C:\Users\khairul\ntuser.dat{191412a9-aed8-11de-aece-001eecd4f5c0}.TMContainer00000000000000000001.regtrans-ms
[2010/02/26 03:18:11 | 000,065,536 | -HS- | M] () -- C:\Users\khairul\ntuser.dat{191412a9-aed8-11de-aece-001eecd4f5c0}.TM.blf
[2010/02/26 03:18:07 | 002,394,775 | -H-- | M] () -- C:\Users\khairul\AppData\Local\IconCache.db
[2010/02/24 16:59:40 | 177,872,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/24 16:56:08 | 000,284,915 | ---- | M] () -- C:\Users\khairul\Desktop\gmer.zip
[2010/02/24 16:41:41 | 000,093,056 | ---- | M] (GMER) -- C:\pxrdafod.sys
[2010/02/24 16:18:01 | 000,000,020 | ---- | M] () -- C:\Users\khairul\defogger_reenable
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 15:09:23 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\khairul\Desktop\ATF-Cleaner.exe
[2010/02/22 22:42:05 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/22 22:41:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/22 21:21:25 | 000,001,356 | ---- | M] () -- C:\Users\khairul\AppData\Local\d3d9caps.dat
[2010/02/22 20:43:42 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/02/22 20:40:02 | 000,001,019 | ---- | M] () -- C:\Users\khairul\Desktop\Spybot - Search & Destroy.lnk
[2010/02/22 18:56:49 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/02/21 12:58:30 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/21 10:56:09 | 000,006,456 | -H-- | M] () -- C:\ProgramData\fuvavavo
[2010/02/21 10:44:03 | 000,473,088 | ---- | M] (HackingEdge.com) -- C:\Windows\Starcraft.exe
[2010/02/20 12:08:52 | 000,053,248 | ---- | M] () -- C:\Users\khairul\AppData\Roaming\chrtmp
[2010/02/19 16:04:35 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/02/15 19:37:00 | 000,091,658 | ---- | M] () -- C:\Users\khairul\Desktop\Islamic Calendar for 2010 CE.mht
[2010/02/14 14:07:48 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/14 13:58:36 | 000,044,596 | ---- | M] () -- C:\Users\khairul\Desktop\Bloody Monday season 2 ep03 (704x396 DivX).ass
[2010/02/14 13:55:32 | 000,018,432 | ---- | M] () -- C:\Users\khairul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 11:17:08 | 550,233,342 | ---- | M] () -- C:\Users\khairul\Desktop\Bloody Monday Season 2 ep03 (704x396 DivX6).avi
[2010/02/12 19:31:34 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/02/08 19:28:39 | 000,393,918 | ---- | M] () -- C:\Users\khairul\Documents\my health assessment profile.mht
[2010/02/07 21:36:16 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/06 21:24:41 | 000,007,109 | ---- | M] () -- C:\Users\khairul\Documents\Billing Receipt nrmp.htm
[2010/01/27 23:15:40 | 000,002,587 | ---- | M] () -- C:\Users\khairul\Desktop\Microsoft Office Word 2007.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\fuvavavo
[2010/02/24 16:59:42 | 2074,099,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/24 16:56:05 | 000,284,915 | ---- | C] () -- C:\Users\khairul\Desktop\gmer.zip
[2010/02/24 16:17:25 | 000,000,020 | ---- | C] () -- C:\Users\khairul\defogger_reenable
[2010/02/22 22:20:27 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/22 22:20:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/22 22:20:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/22 22:20:27 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 22:20:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 20:43:41 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/02/22 20:40:02 | 000,001,019 | ---- | C] () -- C:\Users\khairul\Desktop\Spybot - Search & Destroy.lnk
[2010/02/22 18:56:49 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/02/21 12:58:30 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/20 21:42:07 | 000,791,552 | ---- | C] () -- C:\Windows\System32\drivers\yyykv.sys
[2010/02/20 21:38:44 | 000,053,248 | ---- | C] () -- C:\Users\khairul\AppData\Roaming\chrtmp
[2010/02/19 15:44:06 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II Beta.lnk
[2010/02/15 19:36:59 | 000,091,658 | ---- | C] () -- C:\Users\khairul\Desktop\Islamic Calendar for 2010 CE.mht
[2010/02/14 14:07:48 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/14 13:58:34 | 000,044,596 | ---- | C] () -- C:\Users\khairul\Desktop\Bloody Monday season 2 ep03 (704x396 DivX).ass
[2010/02/14 13:55:05 | 550,233,342 | ---- | C] () -- C:\Users\khairul\Desktop\Bloody Monday Season 2 ep03 (704x396 DivX6).avi
[2010/02/08 19:28:34 | 000,393,918 | ---- | C] () -- C:\Users\khairul\Documents\my health assessment profile.mht
[2010/02/07 21:36:15 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/02/06 21:24:41 | 000,007,109 | ---- | C] () -- C:\Users\khairul\Documents\Billing Receipt nrmp.htm
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 05:49:29 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2009/07/09 06:00:03 | 000,001,356 | ---- | C] () -- C:\Users\khairul\AppData\Local\d3d9caps.dat
[2009/06/26 05:03:42 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/19 20:07:07 | 000,000,170 | ---- | C] () -- C:\Windows\game.ini
[2009/06/06 13:46:39 | 000,002,673 | ---- | C] () -- C:\Users\khairul\AppData\Roaming\SAS7_000.DAT
[2009/06/05 12:01:16 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/17 23:38:36 | 000,009,152 | ---- | C] () -- C:\Windows\System32\drivers\Ticalc.sys
[2009/04/17 23:38:36 | 000,000,472 | ---- | C] () -- C:\Windows\Wlink83p.ini
[2009/03/22 16:55:55 | 000,000,128 | ---- | C] () -- C:\Users\khairul\AppData\Roaming\wklnhst.dat
[2009/01/31 23:24:14 | 000,018,432 | ---- | C] () -- C:\Users\khairul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/14 10:25:13 | 000,006,048 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/15 19:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/15 19:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/15 19:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/18 21:25:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/18 21:25:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/18 21:06:18 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/18 21:00:26 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/15 13:15:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/08/11 22:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\netlogon.dll
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\System32\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\ACER\Preload\Acer\Recovery\HPartition\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:F35A93AD
< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 01 March 2010 - 08:19 AM

Hi,

I see that you started topics at other boards as well. Please decide upon one board and follow their instructions. Following advice from different people at the same time may lead to disaster.

Please provide the logs from Malwarebytes and ComboFix you ran earlier.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 March 2010 - 03:16 PM

Yes, yes I did but I trust Bleepigncomputers more as they have helped me before so i Have not done any other steps that the other forum has instructed me to do . I am sorry for an inconvenience it might have caused.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 01 March 2010 - 03:35 PM

hi,

you seem to have run ComboFix, I would need to see the log. Please check if you can find it, it should be in C:\combofix.txt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 March 2010 - 03:55 PM

Combo fix:

ComboFix 10-02-21.02 - khairul 02/22/2010 22:23:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1977.769 [GMT -5:00]
Running from: C:\Users\khairul\Desktop\commy.exe
Command switches used :: /stepdel
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-2259255512-3436507111-3811391660-500
C:\$RECYCLE.BIN\S-1-5-21-2259255512-3436507111-3811391660-500\desktop.ini
C:\ProgramData\mswintmp.dat
C:\Windows\system32\4DW4R3CtpKVTLaTI.dll
C:\Windows\system32\4DW4R3eRvsIbpePq.dll
C:\Windows\system32\4DW4R3FPpSNSOIMx.dll
C:\Windows\system32\4DW4R3OQRHwgmRcL.dll
C:\Windows\system32\4DW4R3sv.dat
C:\Windows\system32\4DW4R3upIjHFjLil.dll
C:\Windows\system32\4DW4R3xQMqXSOpCr.dll
C:\Windows\system32\drivers\4DW4R3BibbFitRUV.sys
C:\Windows\system32\drivers\4DW4R3NRNyEqtbTW.sys
C:\Windows\system32\drivers\4DW4R3sNosjXIWjK.sys
C:\Windows\system32\drivers\4DW4R3VceqqEHMwG.sys

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 03:37:43 . 2010-02-23 03:42:27 -------- d-----w- C:\Users\khairul\AppData\Local\temp
2010-02-23 03:37:43 . 2010-02-23 03:37:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-02-23 02:46:42 . 2010-02-23 02:46:42 -------- d-----w- C:\Windows\system32\EventProviders
2010-02-23 01:44:07 . 2010-02-23 01:44:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2010-02-23 01:43:34 . 2010-02-23 01:43:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-02-23 01:43:34 . 2010-02-23 01:43:34 -------- d-----w- C:\Users\khairul\AppData\Roaming\SUPERAntiSpyware.com
2010-02-23 01:39:39 . 2010-02-23 02:30:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2010-02-23 01:39:39 . 2010-02-23 01:40:02 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-02-22 23:56:49 . 2010-02-22 23:56:49 -------- d-----w- C:\Program Files\FileASSASSIN
2010-02-22 23:34:19 . 2010-02-22 23:34:20 -------- dc-h--w- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-02-22 23:31:12 . 2010-02-22 23:31:12 -------- d-----w- C:\Users\khairul\AppData\Local\PackageAware
2010-02-21 17:58:27 . 2010-01-07 21:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-02-21 17:58:24 . 2010-01-07 21:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-21 17:48:54 . 2010-02-21 17:48:54 -------- d-----w- C:\ProgramData\Office Genuine Advantage
2010-02-21 15:02:04 . 2010-02-21 16:49:24 -------- d-----w- C:\ProgramData\yepilume
2010-02-21 15:02:04 . 2010-02-21 16:49:10 -------- d-----w- C:\ProgramData\pisiwofo
2010-02-21 15:02:04 . 2010-02-21 16:47:29 -------- d-----w- C:\ProgramData\gululupi
2010-02-21 02:41:11 . 2010-02-21 16:47:30 -------- d-----w- C:\ProgramData\kelonuwa
2010-02-21 02:41:11 . 2010-02-21 16:47:29 -------- d-----w- C:\ProgramData\gazugutu
2010-02-21 02:41:11 . 2010-02-21 16:47:29 -------- d-----w- C:\ProgramData\betulota
2010-02-19 22:07:01 . 2010-02-21 15:44:03 473088 ------w- C:\Windows\Starcraft.exe
2010-02-19 20:44:06 . 2010-02-19 21:04:32 -------- d-----w- C:\Program Files\StarCraft II Beta
2010-02-19 20:44:06 . 2010-02-19 21:04:32 -------- d-----w- C:\Program Files\Common Files\Blizzard Entertainment
2010-02-19 20:44:06 . 2010-02-19 21:04:28 -------- d-----w- C:\Users\khairul\AppData\Local\Blizzard Entertainment
2010-02-19 20:44:06 . 2010-02-19 21:04:28 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2010-02-19 20:43:26 . 2010-02-19 20:43:26 -------- d-----w- C:\ProgramData\Blizzard
2010-02-14 19:08:24 . 2010-02-14 22:56:49 -------- d-----w- C:\Users\khairul\AppData\Roaming\vlc
2010-02-14 19:01:52 . 2010-02-14 19:01:53 -------- d-----w- C:\Program Files\DirectVobSub
2010-02-03 02:57:15 . 2010-02-07 23:04:27 -------- d-----w- C:\Windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 01 March 2010 - 05:32 PM

Hi,

it seems your log got cut off in the middle, could you check if there isn't more.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 01 March 2010 - 11:06 PM

Nope thats it.

#10 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 02 March 2010 - 06:05 AM

I am not even sure if combo fix successful finished its scan.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 02 March 2010 - 08:30 AM

Hi,

please remove the copy of combofix you had and download a fresh one:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 02 March 2010 - 04:56 PM

Ok i downloaded a new combo fix and did a scan.

ComboFix 10-03-02.02 - khairul 03/02/2010 16:25:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1977.967 [GMT -5:00]
Running from: c:\users\khairul\Documents\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\yyykv.sys
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-2259255512-3436507111-3811391660-500\desktop.ini
c:\programdata\mswintmp.dat
c:\windows\system32\4DW4R3CtpKVTLaTI.dll
c:\windows\system32\4DW4R3eRvsIbpePq.dll
c:\windows\system32\4DW4R3FPpSNSOIMx.dll
c:\windows\system32\4DW4R3OQRHwgmRcL.dll
c:\windows\system32\4DW4R3sv.dat
c:\windows\system32\4DW4R3upIjHFjLil.dll
c:\windows\system32\4DW4R3xQMqXSOpCr.dll
c:\windows\system32\drivers\4DW4R3BibbFitRUV.sys
c:\windows\system32\drivers\4DW4R3NRNyEqtbTW.sys
c:\windows\system32\drivers\4DW4R3sNosjXIWjK.sys
c:\windows\system32\drivers\4DW4R3VceqqEHMwG.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_yyykv
-------\Service_yyykv


((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 21:39 . 2010-03-02 21:44 -------- d-----w- c:\users\khairul\AppData\Local\temp
2010-03-02 21:39 . 2010-03-02 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 21:21 . 2010-03-02 21:21 -------- d-----w- C:\32788R22FWJFW
2010-02-25 23:27 . 2010-02-25 23:27 -------- d-----w- c:\users\khairul\AppData\Local\Apple
2010-02-24 21:41 . 2010-02-24 21:41 93056 ----a-w- C:\pxrdafod.sys
2010-02-24 20:16 . 2010-02-24 20:16 -------- d-----w- c:\program files\Trend Micro
2010-02-24 20:11 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:10 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:10 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:10 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:10 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:10 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:10 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:10 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:10 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:10 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 19:47 . 2010-02-24 19:47 -------- d-----w- c:\program files\TrendMicro
2010-02-24 11:00 . 2010-02-24 18:42 -------- d-----w- c:\users\khairul\AppData\Local\Adobe
2010-02-23 02:46 . 2010-02-23 02:46 -------- d-----w- c:\windows\system32\EventProviders
2010-02-23 01:44 . 2010-02-23 01:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-23 01:43 . 2010-02-24 11:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-23 01:43 . 2010-02-23 01:43 -------- d-----w- c:\users\khairul\AppData\Roaming\SUPERAntiSpyware.com
2010-02-23 01:39 . 2010-02-23 02:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-23 01:39 . 2010-02-23 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-22 23:56 . 2010-02-22 23:56 -------- d-----w- c:\program files\FileASSASSIN
2010-02-22 23:34 . 2010-02-22 23:34 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-02-22 23:31 . 2010-02-22 23:31 -------- d-----w- c:\users\khairul\AppData\Local\PackageAware
2010-02-21 17:58 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 17:58 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 17:48 . 2010-02-21 17:48 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-21 15:02 . 2010-02-21 16:49 -------- d-----w- c:\programdata\yepilume
2010-02-21 15:02 . 2010-02-21 16:49 -------- d-----w- c:\programdata\pisiwofo
2010-02-21 15:02 . 2010-02-21 16:47 -------- d-----w- c:\programdata\gululupi
2010-02-21 02:41 . 2010-02-21 16:47 -------- d-----w- c:\programdata\kelonuwa
2010-02-21 02:41 . 2010-02-21 16:47 -------- d-----w- c:\programdata\gazugutu
2010-02-21 02:41 . 2010-02-21 16:47 -------- d-----w- c:\programdata\betulota
2010-02-19 22:07 . 2010-02-21 15:44 473088 ------w- c:\windows\Starcraft.exe
2010-02-19 20:44 . 2010-02-19 21:04 -------- d-----w- c:\program files\StarCraft II Beta
2010-02-19 20:44 . 2010-02-19 21:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-19 20:44 . 2010-02-19 21:04 -------- d-----w- c:\users\khairul\AppData\Local\Blizzard Entertainment
2010-02-19 20:44 . 2010-02-19 21:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-02-19 20:43 . 2010-02-19 20:43 -------- d-----w- c:\programdata\Blizzard
2010-02-14 19:08 . 2010-02-28 21:24 -------- d-----w- c:\users\khairul\AppData\Roaming\vlc
2010-02-14 19:01 . 2010-02-14 19:01 -------- d-----w- c:\program files\DirectVobSub
2010-02-03 02:57 . 2010-02-07 23:04 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 08:22 . 2009-01-26 11:42 108304 ----a-w- c:\users\khairul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 19:48 . 2010-02-24 19:48 388096 ----a-r- c:\users\khairul\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-24 14:16 . 2009-10-03 01:58 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 04:42 . 2009-06-05 17:01 -------- d-----w- c:\users\khairul\AppData\Roaming\BitTorrent
2010-02-23 04:42 . 2009-03-27 16:32 -------- d-----w- c:\program files\Stardock
2010-02-23 04:42 . 2009-01-26 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 02:21 . 2009-07-09 11:00 1356 ----a-w- c:\users\khairul\AppData\Local\d3d9caps.dat
2010-02-23 01:41 . 2009-04-18 05:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-11 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 08:03 . 2008-08-19 02:29 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 02:35 . 2008-11-14 15:20 -------- d-----w- c:\program files\Google
2010-01-20 18:03 . 2009-01-28 21:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 04:27 . 2009-05-30 18:09 -------- d-----w- c:\program files\DivX
2010-01-18 04:18 . 2010-01-18 04:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-02 06:38 . 2010-01-22 00:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 00:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 00:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 00:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 19:18 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 19:18 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 19:18 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 19:18 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 19:18 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 19:18 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 19:18 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 19:18 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 19:18 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 19:18 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-17 20:02 . 2010-01-09 19:05 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-12-17 20:02 . 2010-01-09 19:04 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-12-17 20:02 . 2009-12-17 20:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-11 12:07 . 2010-02-10 19:18 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 19:18 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 19:18 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 19:18 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 19:18 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 19:18 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 19:18 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-20 6244896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-22 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-03-19 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

c:\users\khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i.lnk
backup=c:\windows\pss\Magic-i.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^khairul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Alarm Clock Pro.lnk]
path=c:\users\khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk
backup=c:\windows\pss\Aquarius Soft PC Alarm Clock Pro.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^khairul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk]
path=c:\users\khairul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk
backup=c:\windows\pss\ImpulseNow.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:05 203416 ----a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-04-29 10:38 188728 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-05 17:22 321344 ----a-w- c:\users\khairul\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 04:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-11-14 15:20 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-05-23 15:12 1314816 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2/18/2009 5:47 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2/18/2009 5:47 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2/18/2009 5:47 PM 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 3:11 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [8/18/2008 9:06 PM 24576]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/21/2010 12:58 PM 236368]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/25/2008 11:36 PM 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/25/2008 11:36 PM 131072]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\System32\drivers\ousbehci.sys [11/3/2009 3:52 PM 45440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2/22/2010 8:39 PM 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/1/2009 7:58 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [2/21/2010 12:58 PM 19160]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\System32\drivers\ousb2hub.sys [11/3/2009 3:52 PM 56960]
S2 gupdate1c9f2588320d2a0;Google Update Service (gupdate1c9f2588320d2a0);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2009 5:10 AM 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/14/2008 10:20 AM 24064]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [8/15/2008 1:17 PM 93968]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [12/17/2009 3:02 PM 99152]
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 10:10]

2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 10:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1108&m=aspire_4730z
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\khairul\AppData\Roaming\Mozilla\Firefox\Profiles\zll41j1w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80227&language=en&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\khairul\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 16:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859A21F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x889df322
\Driver\ACPI -> acpi.sys @ 0x807b2d4c
\Driver\atapi -> 0x859a21f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3720)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-03-02 16:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-02 21:55

Pre-Run: 33,082,851,328 bytes free
Post-Run: 32,753,647,616 bytes free

- - End Of File - - 6A16E8D7E33E3D47CEEBDD1E983DC9D0


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 02 March 2010 - 05:54 PM

Hi,

please run defogger and mbr next:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
mbr.exe -t >"C:\mbr.log"
notepad C:\mbr.log
  • Save the file as query.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "query.bat" and rightclick it. Select run as administrator.
  • It will open a text file, please copy the content in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 sa000

sa000
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 03 March 2010 - 12:43 AM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
kernel: MBR read successfully
user & kernel MBR OK


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:04 AM

Posted 03 March 2010 - 12:33 PM

Hi,

there are some leftovers, please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
C:\pxrdafod.sys
Folder::
c:\programdata\yepilume
c:\programdata\pisiwofo
c:\programdata\gululupi
c:\programdata\kelonuwa
c:\programdata\gazugutu
c:\programdata\betulota


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users