ComboFix 09-07-26.01 - Bruno 27/07/2009 13:12.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.2385 [GMT 8:00] Running from: c:\users\Bruno\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 ))))))))))))))))))))))))))))))) . 2009-07-27 05:22 . 2009-07-27 05:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2009-07-27 04:29 . 2009-07-27 04:29 -------- d-----w- c:\program files\Trend Micro 2009-07-26 17:58 . 2009-07-26 17:58 -------- d-----w- c:\program files\Common Files\PCSuite 2009-07-26 17:58 . 2008-08-26 02:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-07-26 17:58 . 2009-07-26 17:58 -------- d-----w- c:\program files\PC Connectivity Solution 2009-07-26 17:19 . 2009-07-26 17:58 -------- d-----w- c:\program files\Common Files\Nokia 2009-07-26 11:31 . 2009-07-26 11:31 -------- d-----w- c:\program files\ESET 2009-07-26 07:53 . 2009-07-26 07:53 -------- d-----w- c:\users\Bruno\AppData\Local\Symantec 2009-07-25 18:13 . 2009-07-25 18:13 -------- d-----w- c:\program files\YouTube Downloader 2009-07-25 10:43 . 2009-07-25 10:43 -------- d-----w- c:\progra~2\U3 2009-07-25 06:41 . 2009-07-25 06:41 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters 2009-07-24 16:31 . 2009-07-24 16:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-07-24 16:20 . 2007-10-23 01:27 110592 ----a-w- c:\users\Bruno\AppData\Roaming\U3\temp\cleanup.exe 2009-07-24 16:15 . 2008-05-02 02:41 3493888 ---ha-w- c:\users\Bruno\AppData\Roaming\U3\temp\Launchpad Removal.exe 2009-07-24 16:14 . 2009-07-25 12:00 -------- d-----w- c:\users\Bruno\AppData\Roaming\U3 2009-07-24 07:28 . 2009-07-24 07:28 -------- d-----w- c:\progra~2\Raxco 2009-07-23 20:36 . 2009-07-23 20:36 171404 ---ha-w- c:\windows\system32\mlfcache.dat 2009-07-19 03:26 . 2009-07-19 03:26 86311 ----a-w- c:\windows\system32\Socks.exe 2009-07-17 03:10 . 2009-07-17 03:10 232200 ----a-w- c:\windows\system32\PDBoot.exe 2009-06-27 16:44 . 2009-07-23 20:35 -------- d-----w- c:\progra~2\Electronic Arts 2009-06-27 16:40 . 2009-06-27 16:40 10134 ----a-r- c:\users\Bruno\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-27 16:40 . 2009-06-27 16:40 -------- d-----w- c:\program files\Microsoft WSE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-27 05:12 . 2009-04-13 07:07 42559 ----a-w- c:\progra~2\nvModes.dat 2009-07-27 05:10 . 2009-04-13 08:17 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-27 04:32 . 2009-04-13 06:42 -------- d-----w- c:\program files\Launch Manager 2009-07-27 04:16 . 2009-04-27 10:18 -------- d-----w- c:\users\Bruno\AppData\Roaming\uTorrent 2009-07-26 17:59 . 2009-07-26 17:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-07-26 17:59 . 2009-04-13 08:18 -------- d-----w- c:\users\Bruno\AppData\Roaming\Nokia 2009-07-26 17:58 . 2009-04-13 08:16 -------- d-----w- c:\program files\Nokia 2009-07-26 17:58 . 2009-04-13 08:18 -------- d-----w- c:\program files\DIFX 2009-07-26 17:50 . 2009-04-13 08:15 -------- d-----w- c:\progra~2\Installations 2009-07-26 12:27 . 2009-04-13 06:56 -------- d-----w- c:\progra~2\NVIDIA 2009-07-26 11:16 . 2009-06-16 21:18 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-26 11:14 . 2009-06-16 21:18 -------- d-----w- c:\progra~2\Symantec 2009-07-26 03:11 . 2009-04-27 21:25 -------- d-----w- c:\users\Bruno\AppData\Roaming\App Launcher Gadget 2009-07-25 05:23 . 2009-06-15 04:32 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-07-25 05:23 . 2009-06-15 04:32 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-07-25 04:10 . 2008-07-22 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-24 07:28 . 2009-04-13 17:55 -------- d-----w- c:\program files\Raxco 2009-07-22 15:47 . 2009-04-27 16:01 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-22 15:18 . 2009-06-16 21:19 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-07-22 15:18 . 2009-06-16 21:19 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-07-22 15:12 . 2008-07-22 19:57 -------- d-----w- c:\progra~2\Microsoft Help 2009-06-27 20:50 . 2009-04-14 06:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-26 01:06 . 2009-04-13 06:31 101856 ----a-w- c:\users\Bruno\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-25 05:48 . 2009-06-25 05:46 -------- d-----w- c:\users\Bruno\AppData\Roaming\MahJong Suite 2009-06-25 05:46 . 2009-06-25 05:46 -------- d-----w- c:\progra~2\TreeCardGames 2009-06-22 10:35 . 2009-06-22 10:33 -------- d-----w- c:\users\Bruno\AppData\Roaming\smc 2009-06-20 19:13 . 2009-04-27 18:56 -------- d-----w- c:\program files\Vista Manager 2009-06-19 20:35 . 2009-04-15 11:21 -------- d-----w- c:\program files\Nero 2009-06-17 09:09 . 2009-06-17 09:08 -------- d-----w- c:\program files\Registry Cleaner Expert v4.7.1.0 2009-06-16 22:02 . 2009-06-16 22:02 -------- d-----w- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-06-16 21:52 . 2009-06-16 21:23 -------- d-----w- c:\users\Bruno\AppData\Roaming\Symantec 2009-06-16 21:13 . 2009-06-15 19:50 -------- d-----w- c:\progra~2\Kaspersky Lab 2009-06-16 18:37 . 2008-07-22 19:24 -------- d-----w- c:\program files\Acer 2009-06-15 19:46 . 2009-04-13 18:25 -------- d-----w- c:\progra~2\Spybot - Search & Destroy 2009-06-15 19:45 . 2009-06-15 19:45 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files 2009-06-15 18:22 . 2009-04-13 06:31 1356 ----a-w- c:\users\Bruno\AppData\Local\d3d9caps.dat 2009-06-15 05:57 . 2009-04-28 19:35 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-06-15 03:59 . 2009-06-15 03:59 -------- d-----w- c:\program files\Google 2009-06-14 08:41 . 2009-06-14 08:41 -------- d-----w- c:\users\Bruno\AppData\Roaming\Nero 2009-06-14 08:40 . 2009-06-14 08:39 -------- d-----w- c:\program files\Common Files\Nero 2009-06-14 08:39 . 2009-06-14 08:39 -------- d-----w- c:\progra~2\Nero 2009-06-14 04:14 . 2009-04-15 11:21 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-12 16:28 . 2008-07-22 19:59 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 02:00 . 2009-06-08 02:00 71696 ----a-w- c:\windows\system32\drivers\DefragFs.sys 2009-06-03 13:16 . 2009-06-03 13:15 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-06-03 12:58 . 2009-04-13 06:47 -------- d-----w- c:\progra~2\CyberLink 2009-05-19 22:02 . 2009-05-19 22:02 48640 ----a-w- c:\windows\system32\drivers\L1E60x86.sys 2009-05-11 04:47 . 2009-05-11 04:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll 2009-05-03 15:43 . 2008-07-22 19:13 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-30 20:02 . 2009-04-30 20:02 102280 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-04-30 20:01 . 2009-04-30 20:01 8224 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-07-27_04.58.20 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-07-27 05:13 68628 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2006-11-02 13:05 . 2009-07-27 04:47 97362 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-07-27 05:13 97362 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-04-13 06:32 . 2009-07-27 05:09 16112 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-34966509-2953000490-542168643-1000_UserData.bin + 2009-04-13 06:27 . 2009-07-27 05:11 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-04-13 06:27 . 2009-07-27 04:45 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-04-13 06:27 . 2009-07-27 05:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-04-13 06:27 . 2009-07-27 04:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-04-13 06:27 . 2009-07-27 04:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-04-13 06:27 . 2009-07-27 05:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2006-11-02 10:33 . 2009-07-27 05:17 603282 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-07-27 05:17 106696 c:\windows\System32\perfc009.dat + 2009-07-25 13:33 . 2009-07-27 05:11 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-25 13:33 . 2009-07-27 04:45 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-30 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "WinsysMon"="c:\windows\System32\Socks.exe" [2009-07-19 86311] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-04-13 06:46 3115520 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2008-03-25 11:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] backup=c:\windows\pss\Acer VCM.lnkCommon Startup [HKLM\~\startupfolder\C:^Users^Bruno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AutoUpdateDisableNotify"=dword:00000001 "UACDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-34966509-2953000490-542168643-1000] "EnableNotificationsRef"=dword:00000005 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3C2AA577-9965-49F6-A8C6-4E1FD5378496}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{2D661247-DD91-4CD9-AB99-FF1183F4EF3D}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{66C88145-21A6-472B-9BD6-FF6A88A9FD88}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{17FF3781-7609-487A-B78F-A5C81F7C592C}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{17314C55-E281-4A52-BDE2-CDF47F9DF9B3}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM "{96015555-DF75-499C-905C-AE6DB5924040}"= UDP:d:\games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{22277A01-AD4F-4E7D-B8CC-809A99D9AB32}"= TCP:d:\games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{F48F558E-DA59-4156-BD7A-5CD4DBF1FC63}"= UDP:d:\games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{54C91FFC-6EAC-4393-A207-B1C1A6FD96E8}"= TCP:d:\games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{07C27BD8-AA7F-4ED1-88C0-ECA6FCC6C8FC}"= UDP:d:\games\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{E6E3D81D-29A2-4130-AB6E-4101284090B5}"= TCP:d:\games\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM) "{21E250AB-3BB5-4879-BCF7-F523BA79C756}"= UDP:d:\games\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{07B1D165-08BD-4FA6-9C9F-7AEF3BAD7102}"= TCP:d:\games\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM) "{C3B23744-5EC1-44FF-9545-E37E0C945C85}"= UDP:d:\games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{7CB8C6C0-86FA-48EA-8438-320DD9848B1C}"= TCP:d:\games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™ "{C996B8FF-5CB9-4D90-9E83-14C8D39234EC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B8FFB773-7061-48B6-8CD5-8ABC94A12EE3}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8471E6C2-6E75-44AD-8DA4-F650B22BE9C3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6571565B-2CB3-43F5-9E6C-3CA66C3E6B64}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{849901DF-B9FA-490B-B57E-C267DE52CF20}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5A3C6BCD-2C13-4BE9-837A-AFEFB1C5FB16}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{034DD7D6-1E39-4D9D-A8C3-860468454038}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{C74C4C2D-E63F-421C-AE51-D453BC5D4C3F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{5CBFBF90-8A56-4C51-AA7B-D4C51D4B91FB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [13/04/2009 14:45 43184] R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [13/04/2009 14:49 61424] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [13/04/2009 14:51 81504] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840] R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [23/07/2008 03:24 24576] R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [13/04/2009 14:45 3521024] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [13/04/2009 14:51 122368] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [17/06/2009 02:37 233472] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [15/06/2009 12:32 604416] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [20/05/2009 06:02 48640] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 07:40 3668480] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [25/06/2008 13:05 44064] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28/03/2007 22:51 43008] S3 aw32bus;ASUS Device W32 Driver driver (WDM);c:\windows\System32\drivers\aw32bus.sys [27/04/2009 14:13 83456] S3 aw32mdfl;ASUS Device W32 USB WMC Modem Filter;c:\windows\System32\drivers\aw32mdfl.sys [27/04/2009 14:13 14848] S3 aw32mdm;ASUS Device W32 USB WMC Modem Driver;c:\windows\System32\drivers\aw32mdm.sys [27/04/2009 14:13 109696] S3 aw32mgmt;ASUS Device W32 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\aw32mgmt.sys [27/04/2009 14:14 102912] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14:48 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14:48 8320] S3 U6000ALL;U6000 TV Box(ALL);c:\windows\System32\drivers\U6000ALL.sys [25/04/2009 13:02 230784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.sg/ mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ IE: >> Download This Youtube Video - UnlockForUs - d:\torrents\Completed\YoutubeFile\lawrence.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab . ************************************************************************** driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-27 13:22 Windows 6.0.6002 Service Pack 2, v.286 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . Completion time: 2009-07-27 13:25 ComboFix-quarantined-files.txt 2009-07-27 05:25 ComboFix2.txt 2009-07-27 05:03 Pre-Run: 30,890,881,024 bytes free Post-Run: 30,866,710,528 bytes free 251 --- E O F --- 2009-07-24 02:45