Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Agent resident / Hiajck.nofolderoptions in Reg


  • This topic is locked This topic is locked
24 replies to this topic

#1 Wayne Broken

Wayne Broken

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 26 October 2010 - 09:53 AM

I have been lurking here for a while and I'm very impressed with how bespoke the advice can be. Every issue has its own uniqueness.

I have followed the guidelines and ran the three pieces of software (dfogger/dds/gmer) with the attached files hopefully being useful to diagnose my problem.

I have ran Malware Bytes and it keeps telling me that the file (xrspyg.sys) is 'deleted and quarantined successfully', however after a reboot (to continue with the uninstall) it appears again.

Thanks so much in advance for any advice

Now, the DDS file:
DDS (Ver_10-10-21.02) - NTFSx86  
Run by user at 14:49:19.02 on 26/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.44.1033.18.3000.2004 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Windows\System32\svchost.exe"
"C:\Windows\System32\svchost.exe"
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vb32&d=1008&m=aspire_7730
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Minoru 3D Webcam] "c:\program files\pdt\minoru 3d webcam\WebcamSetup.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://www.netvibes.com/
FF - component: C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: C:\Users\user\appdata\roaming\mozilla\firefox\profiles\034bq8c8.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-17 24576]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-6 374152]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-22 47640]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-6-24 91456]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-9-6 4497704]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-7-26 616816]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-9-6 113448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-3 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-17 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-9-6 16168]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-9-6 13480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a5861396cb5d;Google Update Service (gupdate1c9a5861396cb5d);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\drivers\avera310usb.sys [2008-4-17 25856]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-4-17 42880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-8-26 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-8-26 398720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2010-7-17 75776]

=============== Created Last 30 ================

2010-10-26 13:41:02	54016	----a-w-	c:\windows\system32\drivers\kctsxkjj.sys
2010-10-26 11:37:09	388096	----a-r-	C:\Users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-26 11:02:18	--------	d-----w-	c:\program files\CCleaner
2010-10-26 10:15:19	6146896	----a-w-	c:\progra~2\microsoft\windows defender\definition updates\{b9232074-1822-4507-8c46-393487bb67ec}\mpengine.dll
2010-10-25 14:11:06	--------	d-----w-	C:\Users\user\DoctorWeb
2010-10-25 13:57:49	--------	d-s---w-	C:\ComboFix
2010-10-25 08:55:37	1409	----a-w-	c:\windows\QTFont.for
2010-10-24 12:33:44	--------	d-sh--w-	C:\$RECYCLE.BIN
2010-10-24 12:33:41	--------	d-----w-	C:\Users\user\appdata\local\temp
2010-10-24 12:18:27	98816	----a-w-	c:\windows\sed.exe
2010-10-24 12:18:27	77312	----a-w-	c:\windows\MBR.exe
2010-10-24 12:18:27	256512	----a-w-	c:\windows\PEV.exe
2010-10-24 12:18:27	161792	----a-w-	c:\windows\SWREG.exe
2010-10-22 15:15:19	--------	d-----w-	c:\program files\Motorola
2010-10-22 15:15:15	--------	d-----w-	c:\program files\common files\MSSoap
2010-10-21 13:37:59	--------	d-----w-	C:\Users\user\{9aba2bff-d31d-41a3-9d6e-a29270fb983d}
2010-10-21 13:31:56	--------	d-----w-	c:\program files\common files\Motorola Shared
2010-10-14 14:53:51	--------	d-----w-	c:\windows\system32\MpEngineStore
2010-10-14 14:48:59	304128	----a-w-	c:\windows\system32\drivers\srv.sys
2010-10-14 14:48:59	145408	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-10-14 14:48:59	125952	----a-w-	c:\windows\system32\srvsvc.dll
2010-10-14 14:48:59	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:48:58	17920	----a-w-	c:\windows\system32\netevent.dll
2010-10-14 14:48:55	274944	----a-w-	c:\windows\system32\schannel.dll
2010-10-14 14:48:55	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-10-14 14:47:12	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-10-14 14:47:11	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-10-11 08:53:23	--------	d-----w-	C:\Users\user\appdata\roaming\Greyfirst
2010-10-11 08:53:23	--------	d-----w-	C:\Users\user\appdata\local\Greyfirst
2010-10-11 08:45:46	--------	d-----w-	c:\program files\common files\NSV
2010-10-11 08:21:38	0	----a-w-	C:\Users\user\appdata\local\Lnolukaseveg.bin
2010-09-30 19:33:50	--------	d-----w-	c:\program files\BeatHarness
2010-09-29 12:22:20	--------	d-----w-	C:\Users\user\appdata\local\Microsoft Help
2010-09-29 08:38:37	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-29 08:38:31	13312	----a-w-	c:\program files\internet explorer\iecompat.dll

==================== Find3M  ====================

2010-10-19 10:41:44	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-06 10:12:06	87424	----a-w-	c:\windows\system32\LMIinit.dll
2010-10-06 10:12:06	83360	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2010-10-06 10:12:06	53632	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-10-06 10:12:06	29568	----a-w-	c:\windows\system32\LMIport.dll
2010-09-13 13:56:41	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-09-08 06:01:28	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-08 05:57:18	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-09-08 05:56:53	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36	385024	----a-w-	c:\windows\system32\html.iec
2010-09-08 04:26:46	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-08-31 15:46:37	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-08-26 16:37:45	157184	----a-w-	c:\windows\system32\t2embed.dll
2010-08-17 14:11:37	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-14 19:01:11	65536	----a-w-	c:\windows\TADSUINS.EXE

============= FINISH: 14:51:48.01 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 04 November 2010 - 03:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 10 November 2010 - 03:14 PM

Working from two computers now (1 online & 1 offline) - to add to this, never received the email about topic reply until today...
back in a few minutes - thanks for your help myrti

#4 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 10 November 2010 - 03:43 PM

OTL text file:

OTL logfile created on: 10/11/2010 20:16:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\WAYNE\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 1.77 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 45.45 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive G: | 245.73 Mb Total Space | 55.59 Mb Free Space | 22.62% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 107.01 Gb Free Space | 35.90% Space Free | Partition Type: NTFS

Computer Name: FLY | User Name: WAYNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 20:10:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
PRC - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/08/20 19:45:26 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/13 13:26:12 | 004,302,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/06/24 19:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 19:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/11/23 14:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 14:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 14:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/04/11 06:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 06:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/16 15:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 14:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/09/02 10:06:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/07/21 00:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/21 00:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/07/02 02:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/23 22:58:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/18 03:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/07 02:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/03/05 06:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 06:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/10/23 17:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 20:10:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
MOD - [2010/10/06 10:12:06 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 06:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 06:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/11 06:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008/04/23 22:58:20 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/01/21 02:34:43 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2006/11/02 09:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/27 12:20:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/06 10:12:23 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/07/13 13:26:10 | 000,616,816 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/06/24 19:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 11:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/23 14:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 14:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/11 06:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/11 06:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 06:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/10/16 15:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 14:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/21 00:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/21 20:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/18 03:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/05 06:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 23:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/02 12:35:03 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\lwmcayza.sys -- (lwmcayza)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\fly23\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WAYNE\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/06 10:12:06 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/03/10 07:17:26 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/08/27 14:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/07/09 08:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/25 16:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/05/20 10:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 04:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/11/17 05:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/11/02 08:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/09/02 10:07:00 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/02 10:05:00 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/07/02 02:52:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2008/07/01 10:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/21 03:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/04/15 02:20:48 | 000,025,856 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avera310usb.sys -- (A310)
DRV - [2008/04/15 02:20:38 | 000,042,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2008/03/28 11:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/03/21 17:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/05 06:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/03/05 06:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/05 06:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/02/29 07:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/30 09:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 03:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/17 00:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/03/28 14:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/02/16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vb32&d=1008&m=aspire_7730


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/|http://www.netvibes.com/"
FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {71C54606-83ED-4ea6-9315-1AAB29466D33}:3.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.55
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {bfe3406c-6f31-4789-86d5-efa50e12c9eb}:3.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.6
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:4.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}:2.2
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.62

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/14 07:21:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 23:38:10 | 000,000,000 | ---D | M]

[2010/10/11 08:53:29 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Extensions
[2010/10/11 08:53:29 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2010/08/11 11:15:59 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/11/01 10:13:56 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions
[2010/07/18 13:19:33 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/18 13:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{049952B3-A745-43bd-8D26-D1349B1ED944}
[2010/09/19 20:48:17 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/18 13:19:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 19:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2010/07/18 13:19:37 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/09/20 10:43:00 | 000,000,000 | ---D | M] (Dust-Me Selectors) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
[2010/09/06 15:29:48 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/07/19 19:22:19 | 000,000,000 | ---D | M] (Grab and Drag) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}
[2010/07/18 13:19:39 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/07/18 13:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2010/09/13 08:21:33 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/07/18 13:19:37 | 000,000,000 | ---D | M] (IE View) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/07/18 13:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2010/07/18 13:19:33 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010/07/18 13:19:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/09/06 15:30:01 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/07/18 13:19:42 | 000,000,000 | ---D | M] (Full Fullscreen) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{bfe3406c-6f31-4789-86d5-efa50e12c9eb}
[2010/07/18 13:19:42 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/18 13:19:32 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/09/06 15:29:51 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/07/18 13:19:30 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2010/07/18 13:19:43 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2010/09/06 15:29:48 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/18 13:19:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\CHU\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/06 15:29:53 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/07/18 13:19:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/19 20:48:17 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/09/06 15:30:00 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2010/07/18 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\exif_viewer@mozilla.doslash.org
[2010/07/18 13:19:42 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\firebug@software.joehewitt.com
[2010/09/06 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\foxmarks@kei.com
[2010/07/18 13:19:43 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\locationbar2@design-noir.de
[2010/07/18 13:27:55 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\LogMeInClient@logmein.com
[2010/09/06 15:29:48 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\piclens@cooliris.com
[2010/07/19 19:19:08 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/07/18 13:19:42 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com
[2010/07/18 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\extensions
[2010/07/18 13:17:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/18 13:17:58 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\32na2g1e.CHU\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2008/06/03 08:25:14 | 000,001,340 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\bbc-news.xml
[2007/06/14 08:52:24 | 000,000,953 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\businesscom.xml
[2009/06/16 12:54:02 | 000,002,013 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\crack-spider.xml
[2010/06/07 13:42:26 | 000,003,224 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\ebay-uk.xml
[2010/03/05 02:01:30 | 000,002,125 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\flickr-tags.xml
[2010/03/05 02:01:30 | 000,001,582 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\netvibes-ecosystem-search.xml
[2008/06/03 08:25:16 | 000,001,961 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\technorati.xml
[2008/03/22 13:47:52 | 000,001,993 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\torrentspy.xml
[2008/06/26 00:50:38 | 000,001,108 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\wikipedia-en.xml
[2010/03/05 02:01:30 | 000,002,205 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\searchplugins\youtorrent.xml
[2010/11/01 10:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/25 23:02:14 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2010/06/04 13:45:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/25 15:01:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/08/25 23:02:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2010/06/22 03:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 16:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 16:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 16:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 16:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/27 13:11:41 | 000,000,533 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-818337878-3525668155-2889324976-1002..\Run: [Minoru 3D Webcam] C:\Program Files\PDT\Minoru 3D Webcam\WebcamSetup.exe ()
O4 - HKU\S-1-5-21-818337878-3525668155-2889324976-1002..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.152.1.58 158.152.1.43
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/08 17:48:02 | 000,000,365 | -HS- | M] () - G:\AutoRun.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk - - File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 20:15:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
[2010/10/27 20:43:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 20:43:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/27 20:43:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 13:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software
[2010/10/27 13:31:49 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\Documents\Adobe
[2010/10/27 12:30:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/10/27 12:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/10/27 07:30:59 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\Documents\Adobe Premiere Pro CS4
[2010/10/26 11:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\HIJACKTHIS
[2010/10/26 11:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/25 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\DoctorWeb
[2010/10/25 13:57:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/24 12:33:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/24 12:33:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/24 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\AppData\Local\temp
[2010/10/24 12:18:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/24 12:18:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/24 12:18:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/24 12:18:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/24 12:14:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/22 15:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/10/22 15:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/10/21 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\WAYNE\{9aba2bff-d31d-41a3-9d6e-a29270fb983d}
[2010/10/21 13:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/10/19 10:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/14 14:53:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/10/14 14:49:20 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/14 14:49:07 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/14 14:49:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/14 14:49:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/14 14:49:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/14 14:49:06 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/14 14:49:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/14 14:49:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/14 14:49:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/14 14:49:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/14 14:49:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/14 14:49:05 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/14 14:49:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/14 14:49:05 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/14 14:49:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/14 14:49:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/14 14:49:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/14 14:49:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/14 14:49:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/14 14:49:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/14 14:49:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/14 14:49:02 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/14 14:48:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/14 14:48:55 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/14 14:47:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2008/07/22 08:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\WAYNE\*.tmp files -> C:\Users\WAYNE\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 20:18:16 | 000,840,704 | ---- | M] () -- C:\Windows\System32\drivers\xrspyg.sys
[2010/11/10 20:13:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B8E17E91-2940-444B-A55F-84A66DF94182}.job
[2010/11/10 20:10:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WAYNE\Desktop\OTL.exe
[2010/11/10 19:56:05 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/10 18:47:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 18:47:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/10 18:14:37 | 000,177,152 | ---- | M] () -- C:\Users\WAYNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/10 16:51:27 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for fly23.job
[2010/11/10 15:37:13 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010/11/10 15:37:13 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2010/11/10 15:37:13 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010/11/10 15:37:13 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2010/11/10 15:37:13 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010/11/10 13:56:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 13:38:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/10 13:18:50 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/11/10 13:18:50 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2010/11/10 12:32:05 | 000,640,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/10 12:32:05 | 000,116,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/10 10:47:49 | 002,750,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/10 10:47:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/11/10 10:46:54 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 23:48:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/03 21:27:58 | 000,006,648 | ---- | M] () -- C:\Users\WAYNE\AppData\Local\d3d9caps.dat
[2010/10/27 20:23:49 | 381,647,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/27 16:03:10 | 000,002,649 | ---- | M] () -- C:\Users\WAYNE\Desktop\HiJackThis.lnk
[2010/10/27 13:33:00 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2010/10/27 13:33:00 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2010/10/27 13:33:00 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2010/10/27 13:33:00 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2010/10/27 13:11:41 | 000,000,533 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/26 13:48:53 | 000,000,000 | ---- | M] () -- C:\Users\WAYNE\defogger_reenable
[2010/10/22 20:54:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2010/10/22 16:18:06 | 000,116,601 | ---- | M] () -- C:\Users\WAYNE\Documents\contacts_HTCphone.CSV
[2010/10/22 16:17:59 | 000,038,436 | ---- | M] () -- C:\Users\WAYNE\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/19 10:21:39 | 002,323,915 | ---- | M] () -- C:\Users\WAYNE\Documents\TG585-v7_CLI_guide_R74.pdf
[2010/10/19 08:39:30 | 000,115,971 | ---- | M] () -- C:\Users\WAYNE\Documents\spamzombies.pdf
[2010/10/14 14:53:51 | 000,000,184 | ---- | M] () -- C:\Windows\System32\MRT.INI
[1 C:\Users\WAYNE\*.tmp files -> C:\Users\WAYNE\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 02:19:12 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010/11/09 02:19:12 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010/11/08 12:14:57 | 381,647,704 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/27 13:33:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2010/10/27 13:33:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/10/27 13:33:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/10/27 13:33:00 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/10/27 13:33:00 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2010/10/27 13:33:00 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010/10/27 13:33:00 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2010/10/27 13:33:00 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/10/27 13:33:00 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010/10/26 13:48:53 | 000,000,000 | ---- | C] () -- C:\Users\WAYNE\defogger_reenable
[2010/10/26 11:37:08 | 000,002,649 | ---- | C] () -- C:\Users\WAYNE\Desktop\HiJackThis.lnk
[2010/10/24 12:18:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/24 12:18:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/24 12:18:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/24 12:18:27 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/24 12:18:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/22 20:54:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2010/10/22 16:18:00 | 000,116,601 | ---- | C] () -- C:\Users\WAYNE\Documents\contacts_HTCphone.CSV
[2010/10/22 16:17:59 | 000,038,436 | ---- | C] () -- C:\Users\WAYNE\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/19 10:21:37 | 002,323,915 | ---- | C] () -- C:\Users\WAYNE\Documents\TG585-v7_CLI_guide_R74.pdf
[2010/10/19 08:39:30 | 000,115,971 | ---- | C] () -- C:\Users\WAYNE\Documents\spamzombies.pdf
[2010/10/14 14:53:51 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/10/11 08:21:38 | 000,000,120 | ---- | C] () -- C:\Users\WAYNE\AppData\Local\Hlixafawinaqafot.dat
[2010/10/11 08:21:38 | 000,000,000 | ---- | C] () -- C:\Users\WAYNE\AppData\Local\Lnolukaseveg.bin
[2010/10/11 08:20:39 | 000,840,704 | ---- | C] () -- C:\Windows\System32\drivers\xrspyg.sys
[2010/07/22 21:52:40 | 000,006,648 | ---- | C] () -- C:\Users\WAYNE\AppData\Local\d3d9caps.dat
[2010/07/22 12:21:55 | 000,000,908 | ---- | C] () -- C:\Windows\bgasci.ini
[2010/07/21 11:48:56 | 000,177,152 | ---- | C] () -- C:\Users\WAYNE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/08/25 23:01:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/07/06 09:40:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/06 14:23:54 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2008/10/14 18:03:51 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/10/14 18:03:51 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/09/03 08:28:46 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/09/03 08:28:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/06/04 09:23:14 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp7ml3.dll
[2008/04/17 16:09:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/17 16:09:32 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/17 16:08:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/17 15:38:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/04/17 15:34:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2007/04/23 19:53:56 | 000,880,640 | ---- | C] () -- C:\Windows\System32\pano12.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 23:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 06:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 23:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 05:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/21 02:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/21 02:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 02:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/11/10 20:23:54 | 000,840,704 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\xrspyg.sys

< %systemroot%\System32\config\*.sav >
[2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/06 13:45:38 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/09/06 13:45:22 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/09/06 13:45:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/11/10 20:23:54 | 000,840,704 | ---- | M] () -- C:\Windows\System32\drivers\xrspyg.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >

EXTRAS text file:

OTL Extras logfile created on: 10/11/2010 20:16:02 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\WAYNE\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 1.77 Gb Free Space | 2.55% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 45.45 Gb Free Space | 65.38% Space Free | Partition Type: NTFS
Drive G: | 245.73 Mb Total Space | 55.59 Mb Free Space | 22.62% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 107.01 Gb Free Space | 35.90% Space Free | Partition Type: NTFS

Computer Name: FLY | User Name: WAYNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-818337878-3525668155-2889324976-1002]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EED5DE1-76E6-4A79-876B-FE79AAA5B1CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{103C8330-FB24-4F89-A93A-19BC28900FCF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1E3549CC-84B6-4C58-A43D-B36015C5FED8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{29D3C23D-7B46-488A-A945-8B134A665A5A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D2173EE-D7AD-418B-B9DE-29C5A6538D21}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C31E1D5-21D4-4169-AF6A-91C1E7A490CB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3E7F220D-CF0A-4C05-ACC0-82EA68F78179}" = lport=139 | protocol=6 | dir=in | app=system |
"{43D64D5D-84C5-449D-9000-057496B90E5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{523ABB21-DA08-4511-B63F-FAFA381028A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{728601F9-627B-4322-84A6-9A0B08F36A43}" = rport=138 | protocol=17 | dir=out | app=system |
"{77961ADA-9CC6-4A1B-A4D6-8D318648FE16}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7A5DF957-2871-43D0-B3B9-D84F2551B31A}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E3D6B57-FD7B-4888-A92B-D9EBC0698702}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8D17FF69-14DE-4765-8289-4C4519376990}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{919A7D02-C78D-4364-BB1D-90020847D693}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5BA46BD-C15C-41C7-9CAC-8FFB68DAE848}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6EB06C8-7FB5-46BD-8983-DCFC959AE42C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BCF9786E-7F88-4634-B628-D0BEBC224FD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEE185C0-494E-4FC7-8A7B-7C0FFCD70477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7DE29EF-8595-4B12-8F8C-8A6AB320F38E}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5927562-FDCA-4BBA-A974-2ED71D3D88E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{DCDBE83B-680E-4F46-B6C5-F91307B8D07C}" = rport=445 | protocol=6 | dir=out | app=system |
"{E14846F2-A2FB-4810-B1BF-9C98DD1E3358}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E50655B8-56B4-4847-ACB2-3C6D68F3E3A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF4356A7-759B-4FAC-B68F-62375DDED000}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08254AC6-B764-48ED-B804-D89A36B81266}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CD5C847-E563-47C7-866E-1C7FA7C1B07D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{169B38EB-D002-47DE-BCFD-F60DF124FC2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C1074DF-9FEA-4D78-8A24-352EE10ADBED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1DD6BD40-1FB2-4EBC-AC41-5A5803996D9E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2DAFE78B-3C2E-4E20-8147-7331E113A64C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{2FFCDD85-2D1D-4196-80B0-E6E5F0C0E899}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33A55525-839D-453C-8945-EFB2AA79FA9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A845D30-CED3-42B7-88CA-CDACA97E09C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3EAF97C8-AC2A-48DF-9434-C0163E72C4A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41A399E9-CE68-45E6-A905-E251D1A9BE11}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{46351429-AADD-4264-AF86-AA9F4D4AD3BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{466D0E53-512E-4D2F-BCFF-11CB5D151D45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46B6F47B-7C20-4CC2-8C9C-B2DEC6FAE32A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46DD810C-6ACF-4ED1-ABBB-C7F6D1799F34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{540CF872-36E8-4D9B-B16F-7F47D8F64688}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5BFF3F9F-CDC9-4D31-ABED-6A9032F7957B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5E6DF81B-9982-486B-B105-3B78B39E9C7A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{5F2C3DE3-8EED-4660-99BB-04ABE5CDDBC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F34504C-D896-4535-B80E-F7EFE330371B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{639AFEDF-AC06-4A56-AEC5-0F0F069B53C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65A1F014-842E-4B9A-9D5D-33ACE5A8E52E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6D5F1EDF-4DBC-4404-BEFA-95DD6E8BC4A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{701E5E0F-3CE2-43C9-90E7-D670A63F89DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74B15388-E10F-48C3-A14E-041EA29ADC27}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{76864BE6-5E83-45B6-B456-931A56E4F997}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{781EF966-2A52-4A0C-908F-74B692A0B5E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{804CD80D-896D-4A9F-8C97-1A67EBD6A0EF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{85351FF3-4A4A-48BD-A098-69E24F447B20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{854C5BB6-61E8-4133-9755-0AF7D6354A27}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{8CCE44D8-28C5-4ABF-88FB-D7AB7ED414AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{918250E6-B314-4464-8AF6-C9776363F997}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97472FE0-E6CB-413C-8607-ABE922462C1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB435A0-6197-4C9E-AD43-5D6032FA0910}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA701428-0F7D-4E85-BE93-DFD39F190CEC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B1179ACD-91C7-4ADC-A311-7CA2AC32D459}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B68E4C07-2B3B-4E0E-B60A-F2C96CB6F46F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA14EB59-AB72-44D7-BEA1-26CFE9C2A6A7}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{DE2BA056-5048-4244-A870-A795CE6EE128}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0454AFE-943D-4829-AF9F-8B4616B0DB7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2B3E1EE-AD3E-4556-B131-1E002F93EE7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3F1C7DB-0D0A-441F-85B1-639E72AD608B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E90441C6-7CD3-42B7-8446-CD5ACF9238A8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E99D7FBE-C3BB-48DC-B9CF-9A1D4E03A7B6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F743BA97-F451-44B2-893B-BE91BF6B4B67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9B2CC37-DE50-4B0D-AC5C-2DDC31EA0BC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1EA69CE8-53E7-4CF2-920F-7D01C385D3D7}C:\program files\iomega\discovery tool home\discovery home.exe" = protocol=6 | dir=in | app=c:\program files\iomega\discovery tool home\discovery home.exe |
"TCP Query User{3F7EE6B2-4544-4231-8879-86C21330F64E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{45048C68-B873-4F49-8249-76B9B3558169}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6A6C6264-EF8C-4BDE-A21F-9AC38FE8429A}C:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe |
"TCP Query User{6E9CE58D-E739-4D81-95D7-F55D674069A1}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{9F1B0803-0832-4646-8512-85AE1385AADB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AAA84903-EC72-4F66-9F23-2BEEA0B57C4E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C7C59632-63E9-4D5B-80F3-662597FFF069}C:\program files\iomega\discovery tool home\discovery home.exe" = protocol=6 | dir=in | app=c:\program files\iomega\discovery tool home\discovery home.exe |
"TCP Query User{EABFAE5E-0B31-4276-8A63-E5CE933C8F19}C:\users\fly23\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\fly23\appdata\roaming\wuala\wuala.exe |
"TCP Query User{FE992970-9F2C-4E5B-93A9-12E8A5FF3332}C:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{002F7E0C-C2FE-4E49-ABA4-28EE2B2C6A2C}C:\program files\iomega\discovery tool home\discovery home.exe" = protocol=17 | dir=in | app=c:\program files\iomega\discovery tool home\discovery home.exe |
"UDP Query User{13687F27-3159-4224-9EFC-823BD0C0EFE4}C:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{2C173F72-3800-42A5-8854-10C162D5A85E}C:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\wayne\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{5E5B4434-928E-4AB9-A796-45CF8037F6B0}C:\users\fly23\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\fly23\appdata\roaming\wuala\wuala.exe |
"UDP Query User{5FCA3867-C005-4CDA-8F6D-42B57112EB10}C:\program files\iomega\discovery tool home\discovery home.exe" = protocol=17 | dir=in | app=c:\program files\iomega\discovery tool home\discovery home.exe |
"UDP Query User{8F034FA6-6378-4484-B8A7-B029C3DFEC27}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{941AA5AF-C2AF-4BEF-81F3-7AF69D2726EE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A1982B12-15DB-4802-926C-248789DCF6A2}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{A50EB753-3709-48C9-A620-3CE95E23AD3C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F89E5BAE-632F-42ED-9668-AE6DB994FEB4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{088348F9-1E7B-4269-A6A2-621FEC00DBB7}" = Iomega Discovery Tool Home
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84251462-99AE-47DB-B4BA-5C6FCCA87B47}" = Minoru 3D Webcam
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5F4DEBD-284B-40F6-830F-D708E3C7F58E}" = Panorama Tools
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Autopano Pro" = Autopano Pro
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"camcodec" = CamStudio Lossless Codec
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"Celtx (2.0.2)" = Celtx (2.0.2)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EOS Utility" = Canon Utilities EOS Utility
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"FLIQLO" = FLIQLO Screen Saver
"gBurner" = gBurner
"Google Calendar Sync" = Google Calendar Sync
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageMagick 6.6.3 Q16_is1" = ImageMagick 6.6.3-0 Q16 (2010-07-15)
"ImTOO DVD Ripper Ultimate" = ImTOO DVD Ripper Ultimate 6
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate 6
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{84251462-99AE-47DB-B4BA-5C6FCCA87B47}" = Minoru 3D Webcam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoConnect" = MotoConnect 1.1.31
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NSS" = Norton Security Scan
"Pen Tablet Driver" = Pen Tablet
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1" = RocketDock 1.3.5
"Stellarium_is1" = Stellarium 0.10.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-818337878-3525668155-2889324976-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gallery Remote" = Gallery Remote

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/06/2010 06:12:00 | Computer Name = fly23-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/06/2010 20:25:06 | Computer Name = fly23-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/06/2010 05:06:30 | Computer Name = fly23-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/06/2010 05:36:00 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/06/2010 05:36:00 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1342

Error - 04/06/2010 05:36:00 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1342

Error - 04/06/2010 06:52:59 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/06/2010 06:52:59 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4619783

Error - 04/06/2010 06:52:59 | Computer Name = fly23-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4619783

Error - 04/06/2010 08:58:18 | Computer Name = fly23-PC | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 10/02/2009 05:26:19 | Computer Name = fly23-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 45481
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 05/05/2009 15:09:54 | Computer Name = fly23-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4034
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/11/2010 09:49:50 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 09:56:31 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:03:41 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:10:41 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:17:31 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:24:12 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:31:25 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:38:58 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 04/11/2010 10:45:43 | Computer Name = FLY | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 62.49.167.122
with the system having network hardware address 00-19-D2-11-38-96. Network operations
on this system may be disrupted as a result.

Error - 08/11/2010 08:15:20 | Computer Name = FLY | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:10:16 on 08/11/2010 was unexpected.


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 11 November 2010 - 06:06 AM

Hi,
please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 06:49 AM

Combofix log file:

ComboFix 10-11-10.03 - WAYNE 11/11/2010 11:32:54.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.2015 [GMT 0:00]
Running from: c:\users\WAYNE\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 11:39 . 2010-11-11 11:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-11 11:39 . 2010-11-11 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 20:43 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 20:43 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 20:43 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-10-27 13:33 . 2010-10-27 13:33 -------- d-----w- c:\programdata\Minnetonka Audio Software
2010-10-27 12:30 . 2010-10-27 12:30 -------- d-----w- c:\program files\Adobe Media Player
2010-10-27 12:30 . 2010-10-27 12:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-26 11:37 . 2010-10-26 11:37 388096 ----a-r- c:\users\WAYNE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 11:02 . 2010-10-26 11:02 -------- d-----w- c:\program files\CCleaner
2010-10-26 10:15 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9232074-1822-4507-8C46-393487BB67EC}\mpengine.dll
2010-10-25 14:11 . 2010-10-25 14:11 -------- d-----w- c:\users\WAYNE\DoctorWeb
2010-10-24 12:33 . 2010-11-11 11:39 -------- d-----w- c:\users\WAYNE\AppData\Local\temp
2010-10-22 15:15 . 2010-10-22 15:15 -------- d-----w- c:\program files\Motorola
2010-10-21 13:37 . 2010-10-21 13:37 -------- d-----w- c:\users\WAYNE\{9aba2bff-d31d-41a3-9d6e-a29270fb983d}
2010-10-21 13:31 . 2010-10-22 15:15 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-10-19 10:29 . 2010-10-19 10:29 -------- d-----w- c:\programdata\WindowsSearch
2010-10-14 14:53 . 2010-10-14 17:07 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 14:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:48 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 14:48 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 14:47 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 14:47 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2009-10-07 22:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 08:21 . 2010-10-11 08:21 0 ----a-w- c:\users\WAYNE\AppData\Local\Lnolukaseveg.bin
2010-10-06 10:12 . 2009-01-22 15:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-10-06 10:12 . 2009-01-22 15:11 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-10-06 10:12 . 2009-01-22 15:11 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-10-06 10:12 . 2009-01-22 15:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-26 16:33 . 2010-10-27 20:43 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 20:43 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 20:43 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 20:43 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 22:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:01 . 2010-08-14 19:01 65536 ----a-w- c:\windows\TADSUINS.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Minoru 3D Webcam"="c:\program files\PDT\Minoru 3D Webcam\WebcamSetup.exe" [2009-11-23 11207680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-21 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2009-07-29 13:52 1024512 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-818337878-3525668155-2889324976-1002]
"EnableNotificationsRef"=dword:00000003

R1 lwmcayza;lwmcayza;c:\windows\system32\drivers\lwmcayza.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a5861396cb5d;Google Update Service (gupdate1c9a5861396cb5d);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 133104]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-04-15 42880]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-12-17 75776]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-02 112128]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


--- Other Services/Drivers In Memory ---

*Deregistered* - xrspyg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 04:54]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 15:52]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 15:52]

2010-11-10 c:\windows\Tasks\Norton Security Scan for fly23.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-04 07:48]

2010-11-11 c:\windows\Tasks\User_Feed_Synchronization-{B8E17E91-2940-444B-A55F-84A66DF94182}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vb32&d=1008&m=aspire_7730
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://www.netvibes.com/
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 11:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xrspyg]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-11 11:41:08
ComboFix-quarantined-files.txt 2010-11-11 11:40
ComboFix2.txt 2010-10-24 12:33

Pre-Run: 3,326,070,784 bytes free
Post-Run: 3,783,315,456 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 2B12F2383C0C801678F419E392421521

#7 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 06:50 AM

Does this shed any light on my darkness myrti?
Can't thank you enough for helping me out

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 11 November 2010 - 07:09 AM

Hi,

it does. You have been infected with a spambot called Bubnix. The following script should disable it:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

driver::
lwmcayza
xrspyg
file::
c:\users\WAYNE\AppData\Local\Lnolukaseveg.bin


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 07:49 AM

i did that, and now the laptop is shutting down...

...by itself

#10 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 07:50 AM

oh, it's now preparing the report

#11 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 07:58 AM

ComboFix 10-11-10.03 - WAYNE 11/11/2010 12:44:14.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1880 [GMT 0:00]
Running from: c:\users\WAYNE\Desktop\ComboFix.exe
Command switches used :: c:\users\WAYNE\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\WAYNE\AppData\Local\Lnolukaseveg.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XRSPYG
-------\Service_lwmcayza
-------\Service_xrspyg


((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 12:48 . 2010-11-11 12:50 -------- d-----w- c:\users\WAYNE\AppData\Local\temp
2010-11-11 12:48 . 2010-11-11 12:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-11 12:48 . 2010-11-11 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 20:43 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 20:43 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 20:43 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\clauth2.dll
2010-10-27 13:33 . 2010-10-27 13:33 1025 ----a-w- c:\windows\system32\clauth1.dll
2010-10-27 13:33 . 2010-10-27 13:33 -------- d-----w- c:\programdata\Minnetonka Audio Software
2010-10-27 12:30 . 2010-10-27 12:30 -------- d-----w- c:\program files\Adobe Media Player
2010-10-27 12:30 . 2010-10-27 12:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-10-26 11:37 . 2010-10-26 11:37 388096 ----a-r- c:\users\WAYNE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 11:02 . 2010-10-26 11:02 -------- d-----w- c:\program files\CCleaner
2010-10-26 10:15 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9232074-1822-4507-8C46-393487BB67EC}\mpengine.dll
2010-10-25 14:11 . 2010-10-25 14:11 -------- d-----w- c:\users\WAYNE\DoctorWeb
2010-10-22 15:15 . 2010-10-22 15:15 -------- d-----w- c:\program files\Motorola
2010-10-21 13:37 . 2010-10-21 13:37 -------- d-----w- c:\users\WAYNE\{9aba2bff-d31d-41a3-9d6e-a29270fb983d}
2010-10-21 13:31 . 2010-10-22 15:15 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-10-19 10:29 . 2010-10-19 10:29 -------- d-----w- c:\programdata\WindowsSearch
2010-10-14 14:53 . 2010-10-14 17:07 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 14:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:48 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 14:48 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 14:47 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 14:47 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 12:48 . 2010-10-11 08:20 840704 ----a-w- c:\windows\system32\drivers\xrspyg.sys
2010-10-19 10:41 . 2009-10-07 22:08 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 08:21 . 2010-10-11 08:21 0 ----a-w- c:\users\WAYNE\AppData\Local\Lnolukaseveg.bin
2010-10-06 10:12 . 2009-01-22 15:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-10-06 10:12 . 2009-01-22 15:11 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-10-06 10:12 . 2009-01-22 15:11 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-10-06 10:12 . 2009-01-22 15:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-08-26 16:33 . 2010-10-27 20:43 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 20:43 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 20:43 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 20:43 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 22:02 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:01 . 2010-08-14 19:01 65536 ----a-w- c:\windows\TADSUINS.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Minoru 3D Webcam"="c:\program files\PDT\Minoru 3D Webcam\WebcamSetup.exe" [2009-11-23 11207680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-02 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-02 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-07-21 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

c:\users\WAYNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2009-07-29 13:52 1024512 ----a-w- c:\program files\pdfforge Toolbar\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-818337878-3525668155-2889324976-1002]
"EnableNotificationsRef"=dword:00000003

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a5861396cb5d;Google Update Service (gupdate1c9a5861396cb5d);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 133104]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-04-15 42880]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-12-17 75776]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-02 112128]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 04:54]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 15:52]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 15:52]

2010-11-10 c:\windows\Tasks\Norton Security Scan for fly23.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-04 07:48]

2010-11-11 c:\windows\Tasks\User_Feed_Synchronization-{B8E17E91-2940-444B-A55F-84A66DF94182}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vb32&d=1008&m=aspire_7730
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://www.netvibes.com/
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\users\WAYNE\AppData\Roaming\Mozilla\Firefox\Profiles\034bq8c8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4756)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-11 12:55:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-11 12:55
ComboFix2.txt 2010-11-11 11:41
ComboFix3.txt 2010-10-24 12:33

Pre-Run: 3,816,087,552 bytes free
Post-Run: 3,462,295,552 bytes free

- - End Of File - - 940D49671852FD49E734E0B78F314EA3

#12 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 09:18 AM

Does this mean its gone?

Whats my next step Myrti?

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 11 November 2010 - 09:42 AM

Hi,

yes I would think that you shuold no longer be sending out spam. There are a couple of files from this infection I would like to collect:

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic356520.htm

Collect::

c:\windows\system32\drivers\xrspyg.sys
c:\users\WAYNE\AppData\Local\Lnolukaseveg.bin

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Wayne Broken

Wayne Broken
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 11 November 2010 - 10:06 AM

Thanks so much thus far Myrti, the infected laptop is not connected to the internet (until i know its not destroying my tarrif with my provider with spam zombie action) so I wont be able to 'click ok' as instructed above.

I'll collect the log from your instruction, there is one thing though-
When I click a text file on the infected laptop, it throws this warning up:
"Illegal operation attempted on a registry key that has been marked for deletion"

Do i collect the new log before or after a restart, and why the warning above?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 11 November 2010 - 11:46 AM

Hi,

you can upload the file manually if the upload fails (eg because internet connection is down):
In that case please go to C:\qoobox\quarantine and locate the file [4]Submit_<date and time>.zip, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

The message sometimes occurs on Vista after running ComboFix, please reboot and it should be gone.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users