Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus maybe more


  • This topic is locked This topic is locked
34 replies to this topic

#1 azlumberking

azlumberking

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 25 March 2010 - 01:03 AM

I am opening this topic as instructed. Please help. Thanks.

My original topic


I was not able to create a dds log or run the gmer program. It seems like almost all of the programs are blocked by whatever my computer is infected with.


here is a log from hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:17 PM, on 3/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\common\YMailAdvisor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)" -"http://espn.go.com/free-online-games/dcrFrame?swfPath=http://a.espncdn.com/arcade/prod/games/courtyard_basketball/20090610_1/courtyard_basketball.dcr&width=640&height=480&sw2=&gameID=59&swlist="
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popca...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10472 bytes


BC AdBot (Login to Remove)

 


#2 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 26 March 2010 - 09:42 PM

Hello and welcome to BC thumbup2.gif

Lets see if either of these scanning tools will have success running:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.
  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.

  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Proud Member of ASAP

Proud Member of UNITE


#3 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 April 2010 - 03:10 PM

Sorry for the delay, here are the RSIT logs.





Logfile of random's system information tool 1.06 (written by random/random)
Run by Jeff Menard at 2010-04-06 12:57:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 159 GB (68%) free of 234 GB
Total RAM: 1791 MB (38% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-04-01 880368]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2009-10-20 128832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"Acer Tour"= []
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-02-02 630784]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"Skytel"=C:\Windows\Skytel.exe [2007-03-16 1822720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-18 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2009-10-19 71152]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-20 1120704]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-21 468408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
ImageMixer 3 SE Camera Monitor Ver.5.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Users\Jeff Menard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60656ea1-25d4-11dd-ab91-001c2550f64e}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-04-06 12:57:15 ----D---- C:\rsit
2010-04-03 10:16:31 ----A---- C:\Windows\system32\lsdelete.exe
2010-04-03 10:09:45 ----DC---- C:\Windows\system32\DRVSTORE
2010-04-03 10:08:31 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-03 10:08:01 ----D---- C:\ProgramData\Lavasoft
2010-04-03 10:08:01 ----D---- C:\Program Files\Lavasoft
2010-03-26 13:50:30 ----A---- C:\ComboFix.txt
2010-03-26 13:24:58 ----D---- C:\Qoobox
2010-03-26 12:45:03 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Malwarebytes
2010-03-26 12:44:58 ----D---- C:\ProgramData\Malwarebytes
2010-03-24 14:41:44 ----D---- C:\Users\Jeff Menard\AppData\Roaming\QuickScan
2010-03-22 15:29:57 ----D---- C:\Windows\BDOSCAN8
2010-03-08 13:00:54 ----D---- C:\Program Files\Trend Micro
2010-03-02 11:45:40 ----D---- C:\ProgramData\Yahoo!
2010-02-24 17:45:17 ----D---- C:\rip
2010-02-24 17:41:55 ----D---- C:\Program Files\KJAMP
2010-02-18 09:20:30 ----A---- C:\Windows\ntbtlog.txt
2010-02-16 09:37:04 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Mozilla
2010-02-13 14:28:02 ----D---- C:\Users\Jeff Menard\AppData\Roaming\WinRAR
2010-02-13 14:27:22 ----D---- C:\Program Files\WinRAR
2010-02-10 05:36:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 05:35:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 05:35:53 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 05:35:53 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 05:35:53 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 05:35:52 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 18:30:57 ----A---- C:\bdlog.txt
2010-02-09 17:37:58 ----A---- C:\Users\Jeff Menard\AppData\Roaming\bdfvconp.ini
2010-02-09 17:05:47 ----D---- C:\Users\Jeff Menard\AppData\Roaming\BitDefender
2010-02-09 17:04:42 ----D---- C:\Program Files\Common Files\MSSoap
2010-02-09 17:04:14 ----D---- C:\ProgramData\BitDefender
2010-02-09 17:04:14 ----D---- C:\Program Files\BitDefender
2010-02-09 16:59:51 ----D---- C:\Windows\system32\URTTEMP
2010-02-09 16:58:54 ----D---- C:\Program Files\Common Files\BitDefender
2010-02-03 11:24:57 ----D---- C:\Users\Jeff Menard\AppData\Roaming\IObit
2010-02-03 11:24:54 ----D---- C:\Program Files\IObit
2010-02-01 17:46:23 ----D---- C:\ProgramData\SecTaskMan
2010-02-01 17:46:09 ----D---- C:\Program Files\Security Task Manager
2010-02-01 11:29:43 ----A---- C:\Windows\system32\ava290C.tmp
2010-02-01 11:29:43 ----A---- C:\Windows\system32\asw286B.tmp
2010-02-01 11:03:57 ----A---- C:\Windows\system32\ava9120.tmp
2010-02-01 11:03:57 ----A---- C:\Windows\system32\asw9070.tmp
2010-01-27 09:00:06 ----A---- C:\Windows\system32\ava5EA.tmp
2010-01-27 09:00:06 ----A---- C:\Windows\system32\asw4FF.tmp
2010-01-27 08:59:59 ----D---- C:\ProgramData\Alwil Software
2010-01-25 09:47:33 ----A---- C:\Windows\system32\javaws.exe
2010-01-25 09:47:33 ----A---- C:\Windows\system32\javaw.exe
2010-01-25 09:47:33 ----A---- C:\Windows\system32\java.exe
2010-01-21 13:27:59 ----A---- C:\Windows\system32\mshtml.dll
2010-01-21 13:27:59 ----A---- C:\Windows\system32\ieframe.dll
2010-01-21 13:27:56 ----A---- C:\Windows\system32\wininet.dll
2010-01-21 13:27:56 ----A---- C:\Windows\system32\urlmon.dll
2010-01-21 13:27:56 ----A---- C:\Windows\system32\occache.dll
2010-01-21 13:27:56 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-21 13:27:56 ----A---- C:\Windows\system32\iertutil.dll
2010-01-21 13:27:55 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-21 13:27:53 ----A---- C:\Windows\system32\ieui.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-21 13:27:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-21 13:27:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\iesetup.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\iernonce.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\iepeers.dll
2010-01-21 13:27:52 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-20 09:48:31 ----A---- C:\Windows\system32\t2embed.dll
2010-01-20 09:48:30 ----A---- C:\Windows\system32\fontsub.dll
2010-01-19 14:36:27 ----D---- C:\$AVG
2010-01-19 14:35:48 ----D---- C:\ProgramData\avg9

======List of files/folders modified in the last 3 months======

2010-04-06 12:56:29 ----D---- C:\Windows\Temp
2010-04-06 12:31:03 ----D---- C:\Windows\System32
2010-04-06 12:31:03 ----D---- C:\Windows\inf
2010-04-06 12:31:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-06 12:25:30 ----D---- C:\Windows\system32\Tasks
2010-04-06 12:25:01 ----D---- C:\Users\Jeff Menard\AppData\Roaming\OpenOffice.org2
2010-04-03 10:09:45 ----D---- C:\Windows\system32\drivers
2010-04-03 10:09:45 ----D---- C:\Windows\system32\catroot
2010-04-03 10:08:41 ----SHD---- C:\Windows\Installer
2010-04-03 10:08:31 ----HD---- C:\ProgramData
2010-04-03 10:08:01 ----RD---- C:\Program Files
2010-04-03 10:07:57 ----D---- C:\Windows\winsxs
2010-04-01 08:13:37 ----D---- C:\Windows\Prefetch
2010-03-30 15:02:21 ----D---- C:\Windows\system32\catroot2
2010-03-30 14:29:05 ----SD---- C:\Windows\Downloaded Program Files
2010-03-30 12:18:43 ----RSD---- C:\Windows\Fonts
2010-03-30 12:18:43 ----D---- C:\Windows\AppPatch
2010-03-30 12:18:43 ----D---- C:\Program Files\Yahoo!
2010-03-30 12:18:43 ----D---- C:\Program Files\Common Files\LightScribe
2010-03-30 12:18:42 ----D---- C:\Windows\system32\Msdtc
2010-03-30 12:18:40 ----D---- C:\Windows\system32\wbem
2010-03-30 12:18:40 ----D---- C:\Windows
2010-03-30 12:18:03 ----D---- C:\Windows\system32\config
2010-03-30 12:17:15 ----D---- C:\Windows\Tasks
2010-03-30 12:17:15 ----D---- C:\Windows\system32\spool
2010-03-30 12:17:15 ----D---- C:\Windows\system32\en-US
2010-03-30 12:17:14 ----D---- C:\Windows\system32\CodeIntegrity
2010-03-30 12:17:14 ----D---- C:\Windows\rescache
2010-03-30 12:17:13 ----D---- C:\Users\Jeff Menard\AppData\Roaming\RoxBox
2010-03-30 12:17:13 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Move Networks
2010-03-30 12:17:12 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Azureus
2010-03-30 12:17:11 ----D---- C:\Program Files\Winamp
2010-03-30 12:17:11 ----D---- C:\Program Files\Vuze
2010-03-30 12:17:11 ----D---- C:\Program Files\QuickTime
2010-03-30 12:17:09 ----D---- C:\Program Files\Mozilla Firefox
2010-03-30 12:17:08 ----D---- C:\Program Files\Microsoft Works
2010-03-30 12:17:07 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-30 12:17:07 ----D---- C:\Program Files\IrfanView
2010-03-30 12:17:06 ----D---- C:\Program Files\HxD
2010-03-30 12:17:06 ----D---- C:\Program Files\DivX
2010-03-30 12:17:06 ----D---- C:\Program Files\CCleaner
2010-03-30 12:17:05 ----SHD---- C:\$RECYCLE.BIN
2010-03-30 12:17:05 ----D---- C:\Program Files\Apple Software Update
2010-03-30 12:17:05 ----D---- C:\Program Files\Acer Registration
2010-03-30 12:17:05 ----D---- C:\Program Files\Acer Assist
2010-03-30 12:16:53 ----D---- C:\Windows\registration
2010-03-30 12:16:46 ----D---- C:\Windows\ehome
2010-03-30 12:16:46 ----D---- C:\Program Files\Internet Explorer
2010-03-30 12:11:53 ----SHD---- C:\System Volume Information
2010-03-30 12:09:00 ----D---- C:\Windows\Logs
2010-03-26 13:35:33 ----D---- C:\Program Files\Common Files
2010-03-26 13:21:12 ----RSD---- C:\Windows\assembly
2010-03-26 12:43:53 ----D---- C:\Windows\Debug
2010-03-02 11:45:59 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Yahoo!
2010-02-17 13:01:46 ----D---- C:\Users\Jeff Menard\AppData\Roaming\ImTOO
2010-02-17 13:00:07 ----D---- C:\ProgramData\EPSON
2010-02-11 12:38:49 ----D---- C:\Program Files\RoxBox
2010-02-11 08:34:46 ----D---- C:\Program Files\Windows Mail
2010-02-01 12:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-27 08:59:59 ----D---- C:\Program Files\Alwil Software
2010-01-25 09:47:30 ----D---- C:\Program Files\Java
2010-01-22 03:16:12 ----D---- C:\Windows\system32\migration
2010-01-20 10:33:07 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-20 10:33:07 ----D---- C:\Program Files\PIXELA
2010-01-20 10:33:02 ----D---- C:\Windows\system32\EventProviders
2010-01-20 10:33:01 ----D---- C:\Program Files\cavs
2010-01-20 10:32:53 ----D---- C:\Program Files\Common Files\xing shared
2010-01-20 10:32:53 ----D---- C:\Program Files\Common Files\Real
2010-01-20 10:32:52 ----D---- C:\Windows\Boot
2010-01-20 10:32:52 ----D---- C:\ProgramData\Real
2010-01-20 10:32:42 ----D---- C:\Program Files\real
2010-01-20 10:32:38 ----D---- C:\Windows\system32\Adobe
2010-01-20 10:32:35 ----D---- C:\Program Files\OpenOffice.org 2.3
2010-01-20 10:32:34 ----SD---- C:\Users\Jeff Menard\AppData\Roaming\Microsoft
2010-01-20 10:32:34 ----D---- C:\Windows\servicing
2010-01-20 10:32:33 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Mael
2010-01-20 10:32:33 ----D---- C:\ProgramData\Apple Computer
2010-01-20 10:32:32 ----D---- C:\Windows\system32\Macromed
2010-01-20 10:32:32 ----D---- C:\Users\Jeff Menard\AppData\Roaming\Winamp
2010-01-20 10:32:32 ----D---- C:\ProgramData\kds_kodak
2010-01-20 10:32:32 ----D---- C:\Program Files\Common Files\Adobe
2010-01-20 10:32:32 ----D---- C:\Program Files\Acer Inc
2010-01-20 10:32:28 ----D---- C:\Program Files\ATI Technologies
2010-01-20 10:32:28 ----D---- C:\Program Files\ATI
2010-01-20 10:31:46 ----D---- C:\ProgramData\Apple
2010-01-20 10:31:45 ----D---- C:\Windows\WindowsMobile
2010-01-20 10:31:45 ----D---- C:\Windows\Web
2010-01-20 10:31:45 ----D---- C:\Windows\system32\XPSViewer
2010-01-20 10:31:45 ----D---- C:\Windows\system32\winrm
2010-01-20 10:31:45 ----D---- C:\Windows\system32\WCN
2010-01-20 10:31:45 ----D---- C:\Windows\system32\sysprep
2010-01-20 10:31:44 ----SD---- C:\Windows\system32\Microsoft
2010-01-20 10:31:44 ----D---- C:\Windows\system32\Speech
2010-01-20 10:31:44 ----D---- C:\Windows\system32\SMI
2010-01-20 10:31:44 ----D---- C:\Windows\system32\slmgr
2010-01-20 10:31:44 ----D---- C:\Windows\system32\RemInst
2010-01-20 10:31:44 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2010-01-20 10:31:44 ----D---- C:\Windows\system32\oobe
2010-01-20 10:31:44 ----D---- C:\Windows\system32\OEM
2010-01-20 10:31:44 ----D---- C:\Windows\system32\networklist
2010-01-20 10:31:44 ----D---- C:\Windows\system32\MUI
2010-01-20 10:31:44 ----D---- C:\Windows\system32\migwiz
2010-01-20 10:31:44 ----D---- C:\Windows\system32\LogFiles
2010-01-20 10:31:44 ----D---- C:\Windows\system32\licensing
2010-01-20 10:31:44 ----D---- C:\Windows\system32\IME
2010-01-20 10:31:40 ----D---- C:\Windows\system32\DriverStore
2010-01-20 10:31:40 ----D---- C:\Windows\system32\com
2010-01-20 10:31:40 ----D---- C:\Windows\system32\Boot
2010-01-20 10:31:40 ----D---- C:\Windows\Speech
2010-01-20 10:31:40 ----D---- C:\Windows\Setup
2010-01-20 10:31:40 ----D---- C:\Windows\ServiceProfiles
2010-01-20 10:31:40 ----D---- C:\Windows\security
2010-01-20 10:31:40 ----D---- C:\Windows\schemas
2010-01-20 10:31:40 ----D---- C:\Windows\Resources
2010-01-20 10:31:40 ----D---- C:\Windows\Provisioning
2010-01-20 10:31:40 ----D---- C:\Windows\PolicyDefinitions
2010-01-20 10:31:40 ----D---- C:\Windows\PLA
2010-01-20 10:31:39 ----D---- C:\Windows\Performance
2010-01-20 10:31:39 ----D---- C:\Windows\MSAgent
2010-01-20 10:31:39 ----D---- C:\Windows\Microsoft.NET
2010-01-20 10:31:38 ----D---- C:\Windows\IME
2010-01-20 10:31:38 ----D---- C:\Windows\Help
2010-01-20 10:31:38 ----D---- C:\Windows\DigitalLocker
2010-01-20 10:31:38 ----D---- C:\Windows\Branding
2010-01-20 10:31:36 ----RD---- C:\Users
2010-01-20 10:31:36 ----D---- C:\Program Files\REFN
2010-01-20 10:31:35 ----SD---- C:\ProgramData\Microsoft
2010-01-20 10:31:35 ----D---- C:\ProgramData\CyberLink
2010-01-20 10:31:35 ----D---- C:\Program Files\Windows Sidebar
2010-01-20 10:31:35 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-20 10:31:35 ----D---- C:\Program Files\Windows NT
2010-01-20 10:31:35 ----D---- C:\Program Files\Windows Media Player
2010-01-20 10:31:35 ----D---- C:\epson
2010-01-20 10:31:34 ----D---- C:\Program Files\Windows Journal
2010-01-20 10:31:34 ----D---- C:\Program Files\Windows Defender
2010-01-20 10:31:34 ----D---- C:\Program Files\Windows Collaboration
2010-01-20 10:31:34 ----D---- C:\Program Files\Windows Calendar
2010-01-20 10:31:34 ----D---- C:\Program Files\Reference Assemblies
2010-01-20 10:31:34 ----D---- C:\Program Files\Realtek
2010-01-20 10:31:34 ----D---- C:\Program Files\NewTech Infosystems
2010-01-20 10:31:34 ----D---- C:\Program Files\MSBuild
2010-01-20 10:31:34 ----D---- C:\Program Files\Movie Maker
2010-01-20 10:31:34 ----D---- C:\Program Files\Microsoft.NET
2010-01-20 10:31:34 ----D---- C:\Program Files\Microsoft Office
2010-01-20 10:31:33 ----D---- C:\Program Files\Microsoft Games
2010-01-20 10:31:33 ----D---- C:\Program Files\eSobi
2010-01-20 10:31:33 ----D---- C:\Program Files\CyberLink
2010-01-20 10:31:33 ----D---- C:\Program Files\Common Files\System
2010-01-20 10:31:33 ----D---- C:\Program Files\Adobe
2010-01-20 10:31:32 ----D---- C:\Program Files\Common Files\Java
2010-01-20 10:31:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-20 10:31:31 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-01-20 10:31:31 ----D---- C:\Program Files\Common Files\NewTech Infosystems
2010-01-20 10:31:31 ----D---- C:\Program Files\Common Files\muvee Technologies
2010-01-20 10:31:31 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-20 10:31:30 ----D---- C:\Program Files\Motorola
2010-01-20 10:31:30 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-20 10:31:30 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2010-01-20 10:31:30 ----D---- C:\Program Files\Acer Arcade Live
2010-01-20 10:31:28 ----RHD---- C:\MSOCache
2010-01-20 10:31:28 ----D---- C:\Windows\Downloaded Installations
2010-01-20 10:31:28 ----D---- C:\DRV
2010-01-20 10:31:28 ----D---- C:\Acer
2010-01-19 14:55:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; C:\Windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-09-01 118536]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 BDFM;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys [2010-02-09 153448]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-18 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-16 6144]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-02-02 982272]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-22 240128]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [2010-01-21 58624]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2010-02-09 14720]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2010-02-09 39808]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-14 569344]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-11 308552]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-09 143360]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-02-09 1612616]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-19 21504]

-----------------EOF-----------------

2ND LOG

info.txt logfile of random's system information tool 1.06 2010-04-06 12:57:43

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
BitDefender Total Security 2010-->MsiExec.exe /X{1895A08A-0DEC-4855-B1F4-1B95FB39901B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
FormViewer-->C:\Program Files\InstallShield Installation Information\{58E6A969-8215-4ABC-BD73-FCB25EA6F544}\setup.exe -runfromtemp -l0x0409
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HxD Hex Editor version 1.7.7.0-->"C:\Program Files\HxD\unins000.exe"
ImageMixer 3 SE Ver.5 Transfer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}\Setup.exe" -l0x9 UNINSTALL -removeonly
ImageMixer 3 SE Ver.5 Video Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B674F947-56D6-4793-B465-7D7C87E04D0C}\Setup.exe" -l0x9 UNINSTALL -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logo Design Shop-->"C:\Windows\Logo Design Shop\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Shop\Uninstall\uninstall.xml"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Transfer Utility Ver.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61128AC7-BD78-4D62-A114-2EF23856F558}\setup.exe" -l0x9 UNINSTALL -removeonly
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PlaySCDG-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78096839-952E-4FD2-ABC1-4AA5277FF434}\Setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Office-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 70855
Source Name: Microsoft-Windows-Servicing
Time Written: 20090816100959.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 70823
Source Name: Microsoft-Windows-Servicing
Time Written: 20090816100959.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 70818
Source Name: Microsoft-Windows-Servicing
Time Written: 20090816100959.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 70815
Source Name: Microsoft-Windows-Servicing
Time Written: 20090816100959.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 70811
Source Name: Microsoft-Windows-Servicing
Time Written: 20090816100959.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-665004260-2636849035-4262236860-1000_Classes:
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-665004260-2636849035-4262236860-1000_CLASSES

Record Number: 892
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080128231129.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-665004260-2636849035-4262236860-1000:
Process 944 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-665004260-2636849035-4262236860-1000

Record Number: 890
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080128231128.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-665004260-2636849035-4262236860-1000_Classes:
Process 1480 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-665004260-2636849035-4262236860-1000_CLASSES

Record Number: 838
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080128014647.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-665004260-2636849035-4262236860-1000:
Process 584 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-665004260-2636849035-4262236860-1000
Process 1480 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-665004260-2636849035-4262236860-1000

Record Number: 837
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080128014647.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Office-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 776
Source Name: Microsoft-Windows-Search
Time Written: 20080127233653.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Office-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1749499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100127013708.808548-000
Event Type: Audit Failure
User:

Computer Name: Office-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1749498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100127013658.304548-000
Event Type: Audit Failure
User:

Computer Name: Office-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1749497
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100127013647.796548-000
Event Type: Audit Failure
User:

Computer Name: Office-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1749496
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100127013637.233548-000
Event Type: Audit Failure
User:

Computer Name: Office-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1749495
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100127013626.783548-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


#4 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 April 2010 - 03:22 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/06 13:18
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8DF13000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8260D000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82033000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8E609000 Size: 294912 File Visible: - Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x87522000 Size: 65536 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82718000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82720000 Size: 122880 File Visible: - Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8D201000 Size: 7000064 File Visible: - Signed: -
Status: -

Name: AtiPcie.sys
Image Path: C:\Windows\system32\DRIVERS\AtiPcie.sys
Address: 0x877D6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bdfm.sys
Image Path: C:\Windows\system32\DRIVERS\bdfm.sys
Address: 0x8E7CB000 Size: 145792 File Visible: - Signed: -
Status: -

Name: BdfNdisf6.sys
Image Path: C:\Windows\system32\DRIVERS\BdfNdisf6.sys
Address: 0x8DB7F000 Size: 122880 File Visible: - Signed: -
Status: -

Name: bdfsfltr.sys
Image Path: C:\Windows\system32\DRIVERS\bdfsfltr.sys
Address: 0x82780000 Size: 279040 File Visible: - Signed: -
Status: -

Name: bdftdif.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
Address: 0x8DBB3000 Size: 111872 File Visible: - Signed: -
Status: -

Name: BDHV.SYS
Image Path: C:\Windows\system32\DRIVERS\BDHV.SYS
Address: 0x8DBE3000 Size: 102400 File Visible: - Signed: -
Status: -

Name: bdvedisk.sys
Image Path: C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys
Address: 0x9A4D5000 Size: 76544 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8E3DD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80623000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9935E000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x960E0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x993E1000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8D9E8000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x8066C000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x877B5000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8062B000 Size: 266240 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8E717000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x877DE000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8E700000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x877A4000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8DB0B000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E72F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E724000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8E786000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8D8AE000 Size: 659456 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8777D000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8DF21000 Size: 45056 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82770000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8273E000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E3CD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x874EB000 Size: 110592 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82000000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8D95B000 Size: 577536 File Visible: - Signed: -
Status: -

Name: HdAudio.sys
Image Path: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x8DA9F000 Size: 258048 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8E740000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8E200000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8E737000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x992D4000 Size: 446464 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8E3E4000 Size: 77824 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\Acer\Empowering Technology\eRecovery\int15.sys
Address: 0x9A4E8000 Size: 69632 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8DA12000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8E790000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8060B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8DA1F000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8720B000 Size: 462848 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: C:\Windows\system32\DRIVERS\Lbd.sys
Address: 0x827CE000 Size: 57600 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x992B1000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8E7A8000 Size: 110592 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8DEF6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\Windows\system32\drivers\MODEMCSA.sys
Address: 0x8DA95000 Size: 40960 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8E799000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8DF7B000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8E752000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82708000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x99377000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9938C000 Size: 135168 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x993AD000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9A408000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9A441000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8DB5D000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x8265C000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8DF86000 Size: 192512 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x87387000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8DA49000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8776E000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8727C000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x875E9000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x827DD000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8E3BC000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8E699000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8E651000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x873B2000 Size: 241664 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8DB68000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8E6F6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87602000 Size: 1114112 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\Windows\system32\DRIVERS\NTIDrvr.sys
Address: 0x87600000 Size: 6144 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82033000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8E3D6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8DF03000 Size: 62208 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8E683000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8DF50000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8268B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9A4CE000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x82664000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x826F3000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x826FA000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9A4F9000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82033000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8DADE000 Size: 184320 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\Windows\system32\DRIVERS\psdfilter.sys
Address: 0x827C5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: PSDNServ.sys
Image Path: C:\Windows\system32\drivers\PSDNServ.sys
Address: 0x87765000 Size: 36864 File Visible: - Signed: -
Status: -

Name: psdvdisk.sys
Image Path: C:\Windows\system32\drivers\psdvdisk.sys
Address: 0x87753000 Size: 73728 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80612000 Size: 69632 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8DB76000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x875D2000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x873ED000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x807D5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x807E9000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82033000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8E6BA000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8E207000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8E3F7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8E7EF000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x992C1000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8E20F000 Size: 1756032 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9A5D7000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8DF46000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8DF2C000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8DBCF000 Size: 81920 File Visible: - Signed: -
Status: -

Name: smserial.sys
Image Path: C:\Windows\system32\DRIVERS\smserial.sys
Address: 0x8DE06000 Size: 982272 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8774B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x99201000 Size: 720896 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9A480000 Size: 319488 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9A459000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x99341000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8DFB5000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8DA1D000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x87401000 Size: 958464 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9A5E1000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x875C7000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8DB9D000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8DA02000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x960C0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x87519000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8750E000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8DA53000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8E75A000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8E750000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x875B8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8DA60000 Size: 217088 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x87570000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8757A000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8E771000 Size: 86016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8DB30000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8DB3C000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8269A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x826A9000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87712000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8E6A7000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8D94F000 Size: 49152 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8074C000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x807C8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x95EA0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x95EA0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x82653000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82033000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9A5ED000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x993CC000 Size: 83328 File Visible: - Signed: -
Status: -

Name: yk60x86.sys
Image Path: C:\Windows\system32\DRIVERS\yk60x86.sys
Address: 0x87532000 Size: 253952 File Visible: - Signed: -
Status: -


#5 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 06 April 2010 - 08:08 PM

Who asked you to run ComboFix? This tool should never be ran unless someone trained in its use is assisting you. I would like to see the log from the last scan. It can be found here: C:\ComboFix.txt Please post the contents of this text file in your reply.


Please also try to keep your replies a little more timely since infections are very difficult to remove when there are several days or weeks between replies.

Proud Member of ASAP

Proud Member of UNITE


#6 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 07 April 2010 - 06:39 PM

Here is that log. I had a friend who said he could fix computers look at it. I have no idea what he tried to do but it did not fix anything. I am guessing this is something from him. Let me know if that has messed up anything that we have tried so far and I will re-run the old scans.

Thanks so much.




ComboFix 10-03-25.09 - Jeff Menard 03/26/2010 13:29:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.910 [GMT -7:00]
Running from: c:\users\Jeff Menard\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-665004260-2636849035-4262236860-500
c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 20:42 . 2010-03-26 20:43 -------- d-----w- c:\users\Jeff Menard\AppData\Local\temp
2010-03-26 20:42 . 2010-03-26 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-26 19:45 . 2010-03-26 19:45 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Malwarebytes
2010-03-26 19:44 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 19:44 . 2010-03-26 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-26 19:44 . 2010-03-26 19:44 -------- d-----w- c:\programdata\Malwarebytes
2010-03-26 19:44 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 21:41 . 2010-03-24 21:44 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\QuickScan
2010-03-22 22:29 . 2010-03-22 22:30 -------- d-----w- c:\windows\BDOSCAN8
2010-03-22 14:57 . 2010-03-22 14:59 20846064 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-11 10:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 10:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 10:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 16:05 . 2010-03-09 16:05 -------- d-----w- c:\users\Jeff Menard\AppData\Local\Yahoo
2010-03-08 20:00 . 2010-03-08 20:00 -------- d-----w- c:\program files\Trend Micro
2010-03-06 23:19 . 2010-03-06 23:19 8405312 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-06 23:18 . 2010-03-06 23:18 149000 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-06 23:18 . 2010-03-06 23:18 10309448 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-06 23:18 . 2010-03-06 23:18 283280 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-06 23:18 . 2010-03-06 23:18 181768 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-06 23:18 . 2010-03-06 23:18 79368 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-06 23:18 . 2010-03-06 23:18 64000 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-06 23:18 . 2010-03-06 23:18 52288 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-06 23:18 . 2010-03-06 23:18 50688 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-06 23:18 . 2010-03-06 23:18 49152 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-06 23:18 . 2010-03-06 23:18 118784 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-05 19:16 . 2010-03-24 19:16 439816 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-02 18:45 . 2010-03-02 18:45 -------- d-----w- c:\programdata\Yahoo!
2010-02-25 00:45 . 2010-02-25 01:01 -------- d-----w- C:\rip
2010-02-25 00:41 . 2010-02-25 00:41 -------- d-----w- c:\program files\KJAMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 20:23 . 2008-02-20 02:14 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2
2010-03-26 19:43 . 2009-05-27 01:54 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Azureus
2010-03-25 17:07 . 2008-03-08 04:25 1 ----a-w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-25 01:08 . 2009-10-26 16:21 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\RoxBox
2010-03-11 10:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 17:21 . 2010-02-07 20:14 144160 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\uninstall.exe
2010-03-10 17:21 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-03-10 17:21 . 2009-04-11 19:16 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Move Networks
2010-03-02 18:45 . 2008-05-09 22:11 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Yahoo!
2010-03-02 18:45 . 2008-02-13 01:16 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-02 18:45 . 2008-01-28 00:49 -------- d-----w- c:\program files\Yahoo!
2010-02-24 16:29 . 2008-01-28 00:49 117880 ----a-w- c:\users\Jeff Menard\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-17 20:01 . 2009-11-24 00:27 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\ImTOO
2010-02-17 20:00 . 2009-02-21 03:52 -------- d-----w- c:\programdata\EPSON
2010-02-11 19:38 . 2009-10-26 16:21 -------- d-----w- c:\program files\RoxBox
2010-02-10 01:29 . 2009-12-08 01:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-10 01:29 . 2009-12-08 01:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-10 00:39 . 2010-02-10 00:39 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-10 00:39 . 2010-02-10 00:39 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-10 00:14 . 2010-02-10 00:04 -------- d-----w- c:\programdata\BitDefender
2010-02-10 00:05 . 2010-02-10 00:05 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\BitDefender
2010-02-10 00:04 . 2010-02-10 00:04 -------- d-----w- c:\program files\BitDefender
2010-02-10 00:04 . 2010-02-09 23:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-03 18:24 . 2010-02-03 18:24 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\IObit
2010-02-03 18:24 . 2010-02-03 18:24 -------- d-----w- c:\program files\IObit
2010-02-02 00:50 . 2010-02-02 00:46 -------- d-----w- c:\programdata\SecTaskMan
2010-01-28 22:09 . 2010-02-01 18:29 38848 ----a-w- c:\windows\system32\ava290C.tmp
2010-01-28 22:09 . 2010-02-01 18:03 38848 ----a-w- c:\windows\system32\ava9120.tmp
2010-01-28 22:09 . 2010-02-01 18:29 152672 ----a-w- c:\windows\system32\asw286B.tmp
2010-01-28 22:09 . 2010-02-01 18:03 152672 ----a-w- c:\windows\system32\asw9070.tmp
2010-01-27 15:59 . 2010-01-27 15:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 15:59 . 2009-12-04 17:33 -------- d-----w- c:\program files\Alwil Software
2010-01-25 12:00 . 2010-02-23 20:52 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 20:52 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 20:52 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 20:52 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 20:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 20:52 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 20:52 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 20:52 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 20:52 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 20:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 11:57 . 2010-01-27 16:00 38848 ----a-w- c:\windows\system32\ava5EA.tmp
2010-01-19 11:57 . 2010-01-27 16:00 152672 ----a-w- c:\windows\system32\asw4FF.tmp
2010-01-14 18:12 . 2009-10-03 09:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 15:39 . 2010-02-23 20:52 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 20:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 20:52 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 20:52 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 20:52 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 20:52 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-23 20:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-21 20:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-18 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

c:\users\Jeff Menard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-12 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-16 528384]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-11-21 253952]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-16 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:4b,80,d7,7f,a9,60,ca,01

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-10 153448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-03 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 13:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-03-26 13:50:25
ComboFix-quarantined-files.txt 2010-03-26 20:50

Pre-Run: 168,883,159,040 bytes free
Post-Run: 168,814,534,656 bytes free

- - End Of File - - C85F5D6E82F6B3A1AB7AC91E49B8E01B


#7 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 07 April 2010 - 06:45 PM

If ComboFix is still on your desktop please delete it. Next download a fresh copy from one of these two links:

Link 1
Link 2
For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click the file and post the log it produces. The log will also be found here: C:\ComboFix.txt

Proud Member of ASAP

Proud Member of UNITE


#8 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 April 2010 - 02:31 AM

Here you go.

Thanks.



ComboFix 10-04-07.01 - Jeff Menard 04/08/2010 0:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.1063 [GMT -7:00]
Running from: c:\users\Jeff Menard\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-665004260-2636849035-4262236860-500
c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 07:20 . 2010-04-08 07:21 -------- d-----w- c:\users\Jeff Menard\AppData\Local\temp
2010-04-08 07:20 . 2010-04-08 07:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-08 07:20 . 2010-04-08 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-06 19:57 . 2010-04-06 19:57 -------- d-----w- C:\rsit
2010-04-06 19:25 . 2010-04-06 19:25 439816 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 17:16 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-03 17:09 . 2010-04-03 17:09 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-03 17:09 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-03 17:08 . 2010-04-03 17:08 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-03 17:08 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-03 17:08 . 2010-04-03 17:09 -------- d-----w- c:\programdata\Lavasoft
2010-04-03 17:08 . 2010-04-03 17:08 -------- d-----w- c:\program files\Lavasoft
2010-03-26 20:50 . 2010-03-30 19:12 -------- d-----w- c:\users\Jeff Menard\AppData\Local\Temp(512)
2010-03-26 19:45 . 2010-03-26 19:45 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Malwarebytes
2010-03-26 19:44 . 2010-03-26 19:44 -------- d-----w- c:\programdata\Malwarebytes
2010-03-24 21:41 . 2010-03-24 21:44 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\QuickScan
2010-03-22 22:29 . 2010-03-26 23:56 -------- d-----w- c:\windows\BDOSCAN8
2010-03-09 16:05 . 2010-03-09 16:05 -------- d-----w- c:\users\Jeff Menard\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 19:25 . 2008-02-20 02:14 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2
2010-03-30 19:19 . 2008-01-28 00:49 117312 ----a-w- c:\users\Jeff Menard\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 19:18 . 2008-01-28 00:49 -------- d-----w- c:\program files\Yahoo!
2010-03-30 19:18 . 2007-04-17 00:59 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-08 20:00 . 2010-03-08 20:00 -------- d-----w- c:\program files\Trend Micro
2010-03-02 18:45 . 2008-05-09 22:11 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Yahoo!
2010-03-02 18:45 . 2010-03-02 18:45 -------- d-----w- c:\programdata\Yahoo!
2010-02-25 00:41 . 2010-02-25 00:41 -------- d-----w- c:\program files\KJAMP
2010-02-17 20:01 . 2009-11-24 00:27 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\ImTOO
2010-02-17 20:00 . 2009-02-21 03:52 -------- d-----w- c:\programdata\EPSON
2010-02-14 23:31 . 2008-03-08 04:25 1 ----a-w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-11 19:38 . 2009-10-26 16:21 -------- d-----w- c:\program files\RoxBox
2010-02-11 15:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 01:29 . 2009-12-08 01:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-10 01:29 . 2009-12-08 01:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-10 00:39 . 2010-02-10 00:39 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-10 00:39 . 2010-02-10 00:39 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-10 00:14 . 2010-02-10 00:04 -------- d-----w- c:\programdata\BitDefender
2010-02-10 00:05 . 2010-02-10 00:05 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\BitDefender
2010-02-10 00:04 . 2010-02-10 00:04 -------- d-----w- c:\program files\BitDefender
2010-02-10 00:04 . 2010-02-09 23:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-07 20:14 . 2010-02-07 20:14 144160 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\uninstall.exe
2010-02-07 20:14 . 2009-12-07 01:22 5603776 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
2010-01-28 22:09 . 2010-02-01 18:29 38848 ----a-w- c:\windows\system32\ava290C.tmp
2010-01-28 22:09 . 2010-02-01 18:03 38848 ----a-w- c:\windows\system32\ava9120.tmp
2010-01-28 22:09 . 2010-02-01 18:29 152672 ----a-w- c:\windows\system32\asw286B.tmp
2010-01-28 22:09 . 2010-02-01 18:03 152672 ----a-w- c:\windows\system32\asw9070.tmp
2010-01-19 11:57 . 2010-01-27 16:00 38848 ----a-w- c:\windows\system32\ava5EA.tmp
2010-01-19 11:57 . 2010-01-27 16:00 152672 ----a-w- c:\windows\system32\asw4FF.tmp
2010-01-14 18:12 . 2009-10-03 09:12 181120 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Acer Tour"="" [BU]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"eRecoveryService"="" [BU]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-18 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]
"Apanel"="c:\acersw\config\NewSetApanel.cmd" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

c:\users\Jeff Menard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-12 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-16 528384]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-11-21 253952]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-16 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:4b,80,d7,7f,a9,60,ca,01

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-10 153448]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-03 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\users\Jeff Menard\AppData\Roaming\Mozilla\Firefox\Profiles\liziijsi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-]http://armls.flexmls.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 00:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-04-08 00:24:42
ComboFix-quarantined-files.txt 2010-04-08 07:24
ComboFix2.txt 2010-03-26 20:50

Pre-Run: 166,181,249,024 bytes free
Post-Run: 166,189,522,944 bytes free

- - End Of File - - CFACA80312D97E47750B52D071E4E94D


#9 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 08 April 2010 - 05:39 PM

I see you have P2P software (Vuze) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.



1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad and copy/paste the text in the codebox below into it:

CODE
DirLook::
c:\users\Jeff Menard\AppData\Local\Temp(512)

RegLockDel::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall




Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 19 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 19 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please provide the following logs with your next post:

C:\ComboFix.txt
Kaspersky Report


Also include an update on how your system is running

Proud Member of ASAP

Proud Member of UNITE


#10 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 April 2010 - 07:14 PM

I believe that my bitdefender program is disabled but when I run the combofix program the bitdefender page keeps popping up. Not with any warnings, but just as it would if I clicked on it to open. Would this change the log results?

I have removed Vuse. A friend suggested it but it sounds like too much trouble.

Thanks,




ComboFix 10-04-07.04 - Jeff Menard 04/08/2010 16:53:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.993 [GMT -7:00]
Running from: c:\users\Jeff Menard\Desktop\ComboFix.exe
Command switches used :: c:\users\Jeff Menard\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 00:00 . 2010-04-09 00:00 -------- d-----w- c:\users\Jeff Menard\AppData\Local\temp
2010-04-09 00:00 . 2010-04-09 00:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-09 00:00 . 2010-04-09 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-08 23:41 . 2010-04-08 23:41 -------- d-----w- c:\windows\Sun
2010-04-06 19:57 . 2010-04-06 19:57 -------- d-----w- C:\rsit
2010-04-06 19:25 . 2010-04-06 19:25 439816 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 17:16 . 2010-02-04 15:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-03 17:09 . 2010-04-03 17:09 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-03 17:09 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-03 17:08 . 2010-04-03 17:08 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-03 17:08 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-03 17:08 . 2010-04-03 17:09 -------- d-----w- c:\programdata\Lavasoft
2010-04-03 17:08 . 2010-04-03 17:08 -------- d-----w- c:\program files\Lavasoft
2010-03-26 20:50 . 2010-03-30 19:12 -------- d-----w- c:\users\Jeff Menard\AppData\Local\Temp(512)
2010-03-26 19:45 . 2010-03-26 19:45 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Malwarebytes
2010-03-26 19:44 . 2010-03-26 19:44 -------- d-----w- c:\programdata\Malwarebytes
2010-03-24 21:41 . 2010-03-24 21:44 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\QuickScan
2010-03-22 22:29 . 2010-03-26 23:56 -------- d-----w- c:\windows\BDOSCAN8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 23:46 . 2009-05-27 01:54 -------- d-----w- c:\program files\Vuze
2010-04-06 19:25 . 2008-02-20 02:14 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2
2010-03-30 19:19 . 2008-01-28 00:49 117312 ----a-w- c:\users\Jeff Menard\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 19:18 . 2008-01-28 00:49 -------- d-----w- c:\program files\Yahoo!
2010-03-30 19:18 . 2007-04-17 00:59 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-08 20:00 . 2010-03-08 20:00 -------- d-----w- c:\program files\Trend Micro
2010-03-02 18:45 . 2008-05-09 22:11 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\Yahoo!
2010-03-02 18:45 . 2010-03-02 18:45 -------- d-----w- c:\programdata\Yahoo!
2010-02-25 00:41 . 2010-02-25 00:41 -------- d-----w- c:\program files\KJAMP
2010-02-17 20:01 . 2009-11-24 00:27 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\ImTOO
2010-02-17 20:00 . 2009-02-21 03:52 -------- d-----w- c:\programdata\EPSON
2010-02-14 23:31 . 2008-03-08 04:25 1 ----a-w- c:\users\Jeff Menard\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-02-11 19:38 . 2009-10-26 16:21 -------- d-----w- c:\program files\RoxBox
2010-02-11 15:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 01:29 . 2009-12-08 01:46 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-10 01:29 . 2009-12-08 01:49 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-10 00:39 . 2010-02-10 00:39 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-10 00:39 . 2010-02-10 00:39 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-10 00:14 . 2010-02-10 00:04 -------- d-----w- c:\programdata\BitDefender
2010-02-10 00:05 . 2010-02-10 00:05 -------- d-----w- c:\users\Jeff Menard\AppData\Roaming\BitDefender
2010-02-10 00:04 . 2010-02-10 00:04 -------- d-----w- c:\program files\BitDefender
2010-02-10 00:04 . 2010-02-09 23:58 -------- d-----w- c:\program files\Common Files\BitDefender
2010-02-07 20:14 . 2010-02-07 20:14 144160 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\uninstall.exe
2010-02-07 20:14 . 2009-12-07 01:22 5603776 ----a-w- c:\users\Jeff Menard\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
2010-01-28 22:09 . 2010-02-01 18:29 38848 ----a-w- c:\windows\system32\ava290C.tmp
2010-01-28 22:09 . 2010-02-01 18:03 38848 ----a-w- c:\windows\system32\ava9120.tmp
2010-01-28 22:09 . 2010-02-01 18:29 152672 ----a-w- c:\windows\system32\asw286B.tmp
2010-01-28 22:09 . 2010-02-01 18:03 152672 ----a-w- c:\windows\system32\asw9070.tmp
2010-01-19 11:57 . 2010-01-27 16:00 38848 ----a-w- c:\windows\system32\ava5EA.tmp
2010-01-19 11:57 . 2010-01-27 16:00 152672 ----a-w- c:\windows\system32\asw4FF.tmp
2010-01-14 18:12 . 2009-10-03 09:12 181120 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Jeff Menard\AppData\Local\Temp(512) ----

2010-03-30 19:00 . 2010-03-30 19:00 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DF523F.tmp
2010-03-30 19:00 . 2010-03-30 19:00 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DF4B13.tmp
2010-03-30 18:08 . 2010-03-30 18:08 9003 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\au-descriptor-1.6.0_19-b04.xml
2010-03-30 17:49 . 2010-03-30 17:49 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DF32B9.tmp
2010-03-30 17:39 . 2010-03-30 17:39 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DFA0DF.tmp
2010-03-30 17:36 . 2010-03-30 17:36 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DF7014.tmp
2010-03-30 05:33 . 2010-03-30 05:33 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DF23D9.tmp
2010-03-27 16:13 . 2010-03-29 16:43 2370 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\java_install_reg.log
2010-03-27 16:13 . 2010-03-27 16:13 291 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\java_install_reg.log
2010-03-26 23:50 . 2010-03-30 18:08 5203 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\jusched.log
2010-03-26 23:47 . 2010-03-26 23:47 16384 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Low\~DFC89E.tmp
2010-03-26 23:40 . 2010-03-26 23:40 1658 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\wmplog00.sqm
2010-03-26 20:51 . 2010-03-26 20:51 311296 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\~DFA222.tmp
2010-03-26 20:50 . 2010-03-30 15:13 31832 ----a-w- c:\users\Jeff Menard\AppData\Local\Temp(512)\Jeff Menard.bmp


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 4423680]
"Acer Tour"="" [BU]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"eRecoveryService"="" [BU]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-18 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-01-20 1120704]
"Apanel"="c:\acersw\config\NewSetApanel.cmd" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

c:\users\Jeff Menard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-12 113664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-16 528384]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-11-21 253952]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-4-16 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:4b,80,d7,7f,a9,60,ca,01

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-10-19 72200]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-05 266343]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-09-22 83208]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-10 153448]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\users\Jeff Menard\AppData\Roaming\Mozilla\Firefox\Profiles\liziijsi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fptb-]http://armls.flexmls.com/
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 17:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5924)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2010-04-08 17:04:21
ComboFix-quarantined-files.txt 2010-04-09 00:04
ComboFix2.txt 2010-04-08 07:24
ComboFix3.txt 2010-03-26 20:50

Pre-Run: 172,558,180,352 bytes free
Post-Run: 172,025,856,000 bytes free

- - End Of File - - C53BDC61F414D0F41D0081892E684C1D


#11 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 08 April 2010 - 07:47 PM

Not sure why BitDefender is popping up. Will have to look into that.

Please do not forget to run Kaspersky Scan and also update me on how the system is running.

Proud Member of ASAP

Proud Member of UNITE


#12 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 April 2010 - 07:52 PM

As far as the Kaspersky scanner goes, it will not allow an update connection to be established just like all the rest of the programs I have tried.

Still redirecting.

What a pain.

Edited by azlumberking, 08 April 2010 - 07:54 PM.


#13 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 08 April 2010 - 07:56 PM

Do you have access to another computer or is the one we are working on the only one you have access to right now?

Proud Member of ASAP

Proud Member of UNITE


#14 azlumberking

azlumberking
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 08 April 2010 - 08:28 PM

I have a notebook but it has the same virus and needs to be fixed as soon as this one is handled. Should I try something on that one anyway just to see if it works?

#15 Clark76

Clark76

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 PM

Posted 08 April 2010 - 08:34 PM

I would much rather work on the same computer then so we do not get confused. Lets see if we have better luck with this tool:

Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Proud Member of ASAP

Proud Member of UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users