Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan

Started by honey315 , Jun 20 2009 10:45 AM

  • Please log in to reply

#1
honey315
Posted 20 June 2009 - 10:45 AM

honey315

    New Member

  • Member
  • Pip
  • 5 posts
my norton internet security 2009 has detected a trojan a few times now and has said it blocked it but now my computer keeps popping up these windows with error messeges.need to know how to get rid of it since norton won't please help it's driving me up a wall!I am running wi ndows vista and all I see is are answers for xp.

Jan

Edited by honey315, 20 June 2009 - 10:51 AM.

  • 0

Advertisements

#2
kahdah
Posted 20 June 2009 - 11:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello honey315

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
    (Note if this program causes a blue screen then try to run it again but in the right hand corner uncheck Devices then hit scan)

  • 0

#3
honey315
Posted 20 June 2009 - 06:18 PM

honey315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 6/20/2009 2:33:00 PM - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Users\mom\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.83% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 27.34 Gb Free Space | 39.19% Space Free | Partition Type: NTFS
Drive D: | 66.27 Gb Total Space | 66.18 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOM-PC
Current User Name: mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\lxdicoms.exe ( )
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Desktop Architect\datray.exe (Ken Foster)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Users\mom\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE (Acer Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE (Acer Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Acer\Acer VCM\VC.exe (Acer)
PRC - C:\Program Files\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - C:\Users\mom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (clr_optimization_v2.0.50727_32 [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service [Auto | Running]) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (eLockService [Auto | Running]) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eNet Service [Auto | Running]) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService [Auto | Running]) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c9f0202ce7c400 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (lxdiCATSCustConnectService [Auto | Stopped]) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe (Lexmark International, Inc.)
SRV - (lxdi_device [Auto | Running]) -- C:\Windows\System32\lxdicoms.exe ( )
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Norton Internet Security [Auto | Running]) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe (Symantec Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMIService [Auto | Running]) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (b57nd60x [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BHDrvx86 [System | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys (Symantec Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (ccHP [System | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys (Symantec Corporation)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IDSVix86 [System | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090618.002\IDSvix86.sys (Symantec Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.054\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (PSDNServ [Boot | Running]) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk [Boot | Running]) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (SRTSP [On_Demand | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\drivers\NIS\1005000.087\SRTSPX.SYS (Symantec Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SymEFA [Boot | Running]) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS (Symantec Corporation)
DRV - (SymIM [System | Running]) -- C:\Windows\System32\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV - (SYMNDISV [On_Demand | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI.SYS (Symantec Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (winbondcir [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/20 12:15:59 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [FaxCenterServer] File not found
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [sysldtray] c:\windows\ld08.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Architect] C:\Program Files\Desktop Architect\datray.exe (Ken Foster)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/DinerTown%20Tycoon/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Value error.)
O16 - DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} http://games.bigfish...Web.1.0.0.4.cab (CPlayFirstDiaperDashControl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245513447015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/DinerTown%20Tycoon/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} http://games.bigfish...eb.1.0.0.18.cab (CPlayFirstWanderingWControl Object)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540038} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540001} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540026} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse...opcaploader.cab (PopCapLoader Object)
O16 - DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} http://games.bigfish...Web.1.0.0.6.cab (CPlayFirstChocolatieControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/30 19:45:57 | 00,000,220 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0334721d-35b9-11de-bef7-a846ec3319cd}\Shell - "" = AutoRun
O33 - MountPoints2\{0334721d-35b9-11de-bef7-a846ec3319cd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[2009/06/20 12:10:15 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/06/20 12:10:15 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/06/20 12:10:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/06/20 12:10:13 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/06/20 12:10:12 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/06/20 12:10:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/06/20 12:10:09 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/06/20 12:10:05 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/06/19 09:36:11 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\BlamGames
[2009/06/19 09:35:35 | 00,001,552 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/06/18 10:24:27 | 00,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/06/18 10:22:14 | 00,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/16 21:13:37 | 00,000,000 | ---D | C] -- C:\Users\mom\Documents\HardyBoys
[2009/06/15 19:22:23 | 00,000,161 | ---- | C] () -- C:\Users\mom\Desktop\More SpinTop Games.url
[2009/06/15 19:22:14 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\SpinTop
[2009/06/09 14:52:16 | 00,001,876 | ---- | C] () -- C:\Users\mom\Desktop\Pahelika - Secret Legends.lnk
[2009/06/09 14:51:55 | 00,000,000 | ---D | C] -- C:\Windows\Pahelika - Secret Legends
[2009/06/09 14:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Pahelika - Secret Legends
[2009/06/08 18:17:03 | 00,000,000 | ---D | C] -- C:\ProgramData\IronCode
[2009/06/08 18:17:02 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\IronCode
[2009/06/08 18:01:19 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Hidden Island Data
[2009/06/08 17:52:02 | 00,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Play Hidden Island.lnk
[2009/06/08 17:51:52 | 00,000,000 | ---D | C] -- C:\Program Files\Hidden Island
[2009/06/07 04:14:54 | 00,001,188 | ---- | C] () -- C:\SYSDLL.bat
[2009/06/07 04:14:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\sysloc
[2009/06/07 04:13:10 | 00,212,992 | ---- | C] ( ) -- C:\Windows\System32\chsscs.exe
[2009/06/05 15:41:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Meridian93
[2009/06/05 15:40:54 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Meridian93
[2009/06/02 19:41:54 | 00,001,821 | ---- | C] () -- C:\Users\mom\Desktop\Supermarket Management.lnk
[2009/06/02 19:41:46 | 00,000,000 | ---D | C] -- C:\Program Files\Supermarket Management
[2009/06/02 19:39:17 | 00,000,000 | ---D | C] -- C:\Windows\Supermarket Management
[2009/06/02 19:25:26 | 00,000,000 | ---D | C] -- C:\Users\mom\Documents\My Games
[2009/06/02 19:25:24 | 00,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2009/06/02 19:25:13 | 00,000,000 | ---D | C] -- C:\Program Files\Supermarket Mania
[2009/06/02 00:07:18 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/06/01 23:09:31 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\PlayfulAge
[2009/06/01 23:09:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PlayfulAge
[2009/05/31 10:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[2009/05/31 10:10:26 | 00,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2009/05/30 21:27:04 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\CyberLink
[2009/05/30 21:27:04 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Local\Acer Arcade Deluxe
[2009/05/30 21:27:02 | 00,000,000 | ---D | C] -- C:\Users\mom\AppData\Local\PowerCinema
[2009/05/30 21:19:59 | 00,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2009/05/30 21:12:07 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2009/05/30 21:09:34 | 00,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/05/30 21:08:16 | 00,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2009/05/30 21:08:01 | 00,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2009/05/30 21:08:01 | 00,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2009/05/30 21:08:00 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2009/05/30 21:08:00 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2009/05/30 21:07:59 | 01,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2009/05/30 21:07:59 | 00,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2009/05/30 21:07:58 | 00,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2009/05/30 21:07:58 | 00,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2009/05/30 21:07:58 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2009/05/30 21:07:58 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2009/05/30 21:07:56 | 00,965,785 | ---- | C] () -- C:\Windows\System32\lxdihelp.chm
[2009/05/30 21:07:56 | 00,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2009/05/30 21:07:55 | 00,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2009/05/30 21:07:55 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2009/05/30 21:07:54 | 00,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdigf.dll
[2009/05/30 21:07:53 | 00,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2009/05/30 21:07:53 | 00,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2009/05/30 21:07:53 | 00,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2009/05/30 21:07:52 | 00,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[2009/05/30 21:07:52 | 00,001,900 | ---- | C] () -- C:\Windows\System32\lxdi.loc
[2009/05/30 21:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\Lexmark 3500-4500 Series
[2009/05/30 14:38:22 | 00,002,069 | ---- | C] () -- C:\Users\mom\Desktop\FJ.lnk
[2009/05/30 13:30:20 | 00,000,943 | ---- | C] () -- C:\Users\mom\Desktop\biscuits.lnk
[2009/05/29 20:40:24 | 00,000,000 | ---D | C] -- C:\Users\mom\Documents\Mr. Biscuits -The Case of the Ocean Pearl-
[2009/05/29 20:35:08 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/05/29 20:35:07 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/05/29 20:35:07 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/05/29 20:35:05 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/05/29 20:35:05 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/05/29 20:35:03 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/05/29 20:35:03 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/05/28 22:03:37 | 00,000,000 | ---D | C] -- C:\Users\mom\Documents\Oberon Media
[2009/05/28 08:45:33 | 00,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2009/05/28 08:45:25 | 00,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2009/05/27 21:52:09 | 00,002,034 | ---- | C] () -- C:\Users\mom\Desktop\Treasure Seekers - The Enchanted Canvases.lnk
[2009/05/27 21:51:59 | 00,000,000 | ---D | C] -- C:\Windows\Treasure Seekers - The Enchanted Canvases
[2009/05/27 21:51:59 | 00,000,000 | ---D | C] -- C:\Program Files\Treasure Seekers - The Enchanted Canvases
[2009/05/21 20:22:09 | 00,001,941 | ---- | C] () -- C:\Users\mom\Desktop\Youda Marina.lnk
[2009/05/21 20:22:03 | 00,000,000 | ---D | C] -- C:\Program Files\kellygame games
[2009/03/30 18:31:23 | 00,000,057 | ---- | C] () -- C:\Windows\Nemo.ini
[2009/02/12 13:17:34 | 00,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/02/12 13:17:34 | 00,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/02/12 13:17:14 | 00,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/02/12 13:17:14 | 00,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/02/07 18:53:24 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2009/02/07 18:52:58 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009/02/07 17:58:09 | 00,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/02/07 17:58:09 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2009/02/07 17:57:06 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/02/07 17:16:04 | 00,001,300 | ---- | C] () -- C:\Windows\System32\cool.dll
[2007/08/21 11:05:53 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/21 10:14:44 | 00,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/21 10:14:44 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/21 10:14:06 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/21 10:09:13 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/21 10:09:09 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/21 09:17:38 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/21 08:52:16 | 00,000,137 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/08/21 08:52:09 | 00,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/21 08:52:09 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/21 08:52:09 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/21 08:52:09 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/08/21 08:52:03 | 01,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/21 08:52:03 | 00,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007/08/21 08:50:27 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/25 19:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 19:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 19:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 19:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 19:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/03/23 15:44:45 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/12/25 18:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 01:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll
[2001/12/26 19:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[2009/06/20 13:59:18 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/20 13:59:18 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/20 12:06:07 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/20 12:06:07 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/20 12:06:07 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/20 12:01:14 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/20 12:01:13 | 00,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2009/06/20 11:59:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/20 11:59:16 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/20 11:59:12 | 32,111,90272 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/20 11:58:10 | 03,911,847 | -H-- | M] () -- C:\Users\mom\AppData\Local\IconCache.db
[2009/06/19 19:59:59 | 00,000,484 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - mom.job
[2009/06/19 09:35:35 | 00,001,552 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2009/06/18 10:24:27 | 00,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009/06/15 19:22:24 | 00,000,161 | ---- | M] () -- C:\Users\mom\Desktop\More SpinTop Games.url
[2009/06/09 14:52:16 | 00,001,876 | ---- | M] () -- C:\Users\mom\Desktop\Pahelika - Secret Legends.lnk
[2009/06/08 17:52:02 | 00,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Play Hidden Island.lnk
[2009/06/07 04:14:54 | 00,001,188 | ---- | M] () -- C:\SYSDLL.bat
[2009/06/07 04:13:16 | 00,212,992 | ---- | M] ( ) -- C:\Windows\System32\chsscs.exe
[2009/06/02 19:41:54 | 00,001,821 | ---- | M] () -- C:\Users\mom\Desktop\Supermarket Management.lnk
[2009/06/02 19:25:24 | 00,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Supermarket Mania.lnk
[2009/06/01 22:45:20 | 00,001,698 | ---- | M] () -- C:\Users\Public\Desktop\Play My Games.lnk
[2009/05/30 21:39:17 | 00,000,102 | ---- | M] () -- C:\ProgramData\lxdi
[2009/05/30 21:13:55 | 00,089,072 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2009/05/30 21:09:34 | 00,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3500-4500 Series.LNK
[2009/05/30 14:38:22 | 00,002,069 | ---- | M] () -- C:\Users\mom\Desktop\FJ.lnk
[2009/05/30 13:30:20 | 00,000,943 | ---- | M] () -- C:\Users\mom\Desktop\biscuits.lnk
[2009/05/29 19:49:12 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/28 08:45:26 | 00,000,133 | ---- | M] () -- C:\Users\mom\Desktop\IObit Freeware.url
[2009/05/28 08:45:25 | 00,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2009/05/27 21:52:09 | 00,002,034 | ---- | M] () -- C:\Users\mom\Desktop\Treasure Seekers - The Enchanted Canvases.lnk
[2009/05/21 20:22:09 | 00,001,941 | ---- | M] () -- C:\Users\mom\Desktop\Youda Marina.lnk

========== LOP Check ==========

[2009/06/19 09:36:11 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming
[2009/02/07 16:54:26 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Acer
[2009/03/14 11:25:58 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Anabel
[2009/05/27 21:52:30 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Artogon
[2009/06/19 09:36:11 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\BlamGames
[2009/02/22 10:53:00 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\blg
[2009/03/13 18:52:51 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Boolat Games
[2009/03/02 16:16:06 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\BrandX Games
[2009/03/09 21:45:50 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\CrystalSpace
[2009/05/30 21:27:04 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\CyberLink
[2009/03/01 12:26:40 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\EleFun Games
[2009/02/12 21:46:02 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Fabulous Finds
[2009/04/06 17:59:09 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\FaxCtr
[2009/02/07 18:01:56 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Gamelab
[2009/06/08 18:02:36 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Hidden Island Data
[2009/03/29 12:10:36 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\IObit
[2009/06/08 18:17:02 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\IronCode
[2009/02/07 16:53:22 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Leadertech
[2009/05/30 21:15:16 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Lexmark Productivity Studio
[2009/03/15 09:17:23 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Lost in the City
[2009/05/10 20:50:51 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Ludia
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Media Center Programs
[2009/06/05 15:40:54 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Meridian93
[2009/06/15 19:22:49 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\PlayFirst
[2009/04/16 21:09:30 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Skunk Studios
[2009/06/15 19:22:14 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\SpinTop
[2009/03/16 17:34:17 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\SpinTop Games
[2009/03/31 08:34:05 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Ubisoft
[2009/06/14 16:03:54 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\uTorrent
[2009/02/11 15:04:35 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\ViquaSoft
[2009/05/20 18:19:52 | 00,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\YoudaGames
[2009/06/20 12:01:13 | 00,000,366 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2009/06/20 12:01:14 | 00,000,876 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachine.job
[2009/06/19 19:59:59 | 00,000,484 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - mom.job
[2009/06/20 11:59:20 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/20 11:58:29 | 00,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:52E3B819
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C826C73
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:87B05421
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2F6462DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:99862B77
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F8435088
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6E86D926
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57CA0BA5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BF07EA98
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BF2E2F0E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D28A4F5D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:FC8FFA4E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:02B823FE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:88B61AC3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3807D082
< End of report >
  • 0

#4
honey315
Posted 20 June 2009 - 06:19 PM

honey315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL Extras logfile created on: 6/20/2009 2:28:48 PM - Run 1
OTL by OldTimer - Version 3.0.2.0 Folder = C:\Users\mom\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.11% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 27.34 Gb Free Space | 39.19% Space Free | Partition Type: NTFS
Drive D: | 66.27 Gb Total Space | 66.18 Gb Free Space | 99.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOM-PC
Current User Name: mom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0CD90C98-9F59-40B9-9801-9229DBC8FF31}_is1" = Undiscovered World - The Incan Sun
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F5E7060-D8BF-11D2-B0AC-00104BDE59ED}" = Desktop Architect
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D83B195-5BDE-4073-9514-CD58B7BFC4BC}_is1" = The Price Is Right
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{877E390C-1EFB-44CB-BBBE-6A0B0D553620}" = Adventure Anniversary Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{E56AF20E-4FD7-4DBD-A308-858566EDCA59}_is1" = Supermarket Mania
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger
"ATT-PRT22" = ATT-PRT22
"BFGC" = Big Fish Games Client
"BFG-Hidden Island" = Hidden Island
"BFG-Top Chef" = Top Chef
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Desktop Architect" = Desktop Architect
"Echo - Secret of the Lost Cavern 1.00" = Echo - Secret of the Lost Cavern 1.00
"Elizabeth Find MD - Diagnosis Mystery 1.00" = Elizabeth Find MD - Diagnosis Mystery 1.00
"Escape Rosecliff Island 1.00" = Escape Rosecliff Island 1.00
"Fabulous Finds 1.00" = Fabulous Finds 1.00
"Flux Family Secrets - The Ripple Effect1.0" = Flux Family Secrets - The Ripple Effect
"Game Booster_is1" = Game Booster
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LManager" = Launch Manager
"Lost in the City 1.00" = Lost in the City 1.00
"Mae Q West and the Sign of the Stars1.0" = Mae Q West and the Sign of the Stars
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NiBiRu_is1" = NiBiRu
"Nick Chase A Detective Story1.0" = Nick Chase A Detective Story
"NIS" = Norton Internet Security
"Pahelika - Secret Legends1.0.0.2" = Pahelika - Secret Legends
"Supermarket Management1.1.6" = Supermarket Management
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Treasure Seekers - The Enchanted Canvases1.0" = Treasure Seekers - The Enchanted Canvases
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Youda Marina 1.00" = Youda Marina 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/2/2009 12:10:02 AM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/2/2009 12:10:02 AM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/2/2009 12:10:03 AM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/2/2009 12:10:03 AM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/2/2009 12:14:25 AM | Computer Name = mom-PC | Source = ESENT | ID = 447
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
A bad page link (error -338) has been detected in a B-Tree (ObjectId: 93, PgnoRoot:
383) of database C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(383 => 458, 0).

Error - 6/5/2009 11:12:25 PM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/5/2009 11:12:25 PM | Computer Name = mom-PC | Source = ESENT | ID = 448
Description = wlcomm (7452) C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\:
Data inconsistency detected in table PresenceData-v081111-0856-1203 of database
C:\Users\mom\AppData\Local\Microsoft\Windows Live Contacts\{855665e0-37fd-4699-b88e-7d8ac7b11967}\DBStore\contacts.edb
(0,393).

Error - 6/7/2009 4:14:43 AM | Computer Name = mom-PC | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc000001e, fault offset 0x01a202b1, process id 0xfb4, application start time
0x01c9e747fea583e6.

Error - 6/7/2009 4:19:20 AM | Computer Name = mom-PC | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 6.0.130.3, time stamp 0x49b4f3e7,
faulting module msvcrt.dll!_except_handler4_common, version 6.0.6001.18000, time
stamp 0x4791a7a6, exception code 0xc0000139, fault offset 0x00009cac, process id
0x14b4, application start time 0x01c9e7482d77f726.

Error - 6/7/2009 4:27:34 AM | Computer Name = mom-PC | Source = Application Error | ID = 1000
Description = Faulting application sidebar.exe, version 6.0.6001.18000, time stamp
0x4791952a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0000527c, process id 0x128c, application start time
0x01c9e749b135a6a9.

[ System Events ]
Error - 3/31/2009 8:28:42 AM | Computer Name = mom-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/31/2009 8:29:03 AM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 8:29:07 AM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 8:30:46 AM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 4:05:42 PM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 5:55:48 PM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 5:57:46 PM | Computer Name = mom-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 3/31/2009 6:18:02 PM | Computer Name = mom-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/31/2009 6:18:02 PM | Computer Name = mom-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/31/2009 6:18:02 PM | Computer Name = mom-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#5
honey315
Posted 20 June 2009 - 06:21 PM

honey315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-20 20:14:14
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 915D4048 ZwAlertResumeThread
SSDT 89DFE048 ZwAlertThread
SSDT 91DF8D28 ZwAllocateVirtualMemory
SSDT 88007F40 ZwAlpcConnectPort
SSDT 91FC3048 ZwAssignProcessToJobObject
SSDT 91DFECC0 ZwCreateMutant
SSDT 91FC5050 ZwCreateSymbolicLinkObject
SSDT 915D7660 ZwCreateThread
SSDT 91DFF048 ZwDebugActiveProcess
SSDT 91DF8F40 ZwDuplicateObject
SSDT 91DF86C8 ZwFreeVirtualMemory
SSDT 91DF8050 ZwImpersonateAnonymousToken
SSDT 915DC048 ZwImpersonateThread
SSDT 8801FAF8 ZwLoadDriver
SSDT 91DF8568 ZwMapViewOfSection
SSDT 91BFF048 ZwOpenEvent
SSDT 919FF1B8 ZwOpenProcess
SSDT 8839B068 ZwOpenProcessToken
SSDT 91DFF2C8 ZwOpenSection
SSDT 919FF068 ZwOpenThread
SSDT 91FC5D40 ZwProtectVirtualMemory
SSDT 919DB800 ZwResumeThread
SSDT 8835D0B0 ZwSetContextThread
SSDT 91DF82D0 ZwSetInformationProcess
SSDT 91DFF080 ZwSetSystemInformation
SSDT 91DFA048 ZwSuspendProcess
SSDT 8835EDD8 ZwSuspendThread
SSDT 91D83198 ZwTerminateProcess
SSDT 89DFF048 ZwTerminateThread
SSDT 8812A068 ZwUnmapViewOfSection
SSDT 91DF89D8 ZwWriteVirtualMemory
SSDT 91FC5520 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CCA914 8 Bytes [48, 40, 5D, 91, 48, E0, DF, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 81CCA928 4 Bytes [28, 8D, DF, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81CCA934 4 Bytes [40, 7F, 00, 88]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 81CCA988 4 Bytes [48, 30, FC, 91] {DEC EAX; XOR AH, BH; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CCA9EC 4 Bytes [C0, EC, DF, 91] {SHR AH, 0xdf; XCHG ECX, EAX}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74797BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747D98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7479D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7478F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74797599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7478E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747CB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7479D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7479012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74790095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747871F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7481D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747B75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7478DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7478668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747866BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3828] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74791E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61118AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61118AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61118BEF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61118C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[6140] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\SKYNETqypbxeix.sys (*** hidden *** ) [SYSTEM] SKYNETxewctpcw <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw@imagepath \systemroot\system32\drivers\SKYNETqypbxeix.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main@aid 10020
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\drivers\SKYNETqypbxeix.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETidypwuqv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETixqfmqpj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETdwxtrqki.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETysoxppfr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw@imagepath \systemroot\system32\drivers\SKYNETqypbxeix.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main@aid 10020
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\modules
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\drivers\SKYNETqypbxeix.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETidypwuqv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETixqfmqpj.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETdwxtrqki.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETxewctpcw\[email protected] \systemroot\system32\SKYNETysoxppfr.dat

---- EOF - GMER 1.0.15 ----
  • 0

#6
kahdah
Posted 20 June 2009 - 09:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
One or more of the identified infections is a backdoor trojan or a rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

======================================

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#7
honey315
Posted 21 June 2009 - 11:11 AM

honey315

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 09-06-20.04 - mom 06/21/2009 12:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1846 [GMT -4:00]
Running from: c:\users\mom\Downloads\combo1.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3360396510-2118966659-1939059888-1001
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\windows\system32\chsscs.exe
c:\windows\system32\sysloc
D:\resycled
c:\$recycle.bin\S-1-5-21-3360396510-2118966659-1939059888-1001\desktop.ini
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\drivers\SKYNETqypbxeix.sys
c:\windows\system32\SKYNETdwxtrqki.dll
c:\windows\system32\SKYNETidypwuqv.dll
c:\windows\system32\SKYNETixqfmqpj.dat
c:\windows\system32\SKYNETysoxppfr.dat
c:\windows\system32\sysloc\sysloc.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETxewctpcw


((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-21 17:00 . 2009-06-21 17:00 -------- d-----w- c:\users\mom\AppData\Local\temp
2009-06-21 16:32 . 2009-02-25 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\EECTRL.SYS
2009-06-21 16:32 . 2009-02-25 09:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\CCERASER.DLL
2009-06-21 16:32 . 2009-02-25 09:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\ERASER.SYS
2009-06-21 16:32 . 2009-02-22 01:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\ECMSVR32.DLL
2009-06-21 16:32 . 2009-02-21 09:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG.SYS
2009-06-21 16:32 . 2009-02-21 09:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX15.SYS
2009-06-21 16:32 . 2009-02-21 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG32.DLL
2009-06-21 16:32 . 2009-02-21 09:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX32A.DLL
2009-06-20 16:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-20 16:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-20 16:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-20 16:10 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-20 16:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-20 16:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-20 16:10 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-19 23:30 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-19 23:30 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 23:30 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 23:30 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 23:30 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-15 23:22 . 2009-06-15 23:22 -------- d-----w- c:\users\mom\AppData\Roaming\SpinTop
2009-06-12 20:04 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-12 20:04 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-12 20:04 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-12 20:04 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-12 20:04 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-09 18:51 . 2009-06-09 18:52 -------- d-----w- c:\program files\Pahelika - Secret Legends
2009-06-09 18:51 . 2009-06-09 18:51 -------- d-----w- c:\windows\Pahelika - Secret Legends
2009-06-08 22:17 . 2009-06-08 22:17 -------- d-----w- c:\programdata\IronCode
2009-06-08 22:17 . 2009-06-08 22:17 -------- d-----w- c:\users\mom\AppData\Roaming\IronCode
2009-06-08 22:01 . 2009-06-08 22:02 -------- d-----w- c:\users\mom\AppData\Roaming\Hidden Island Data
2009-06-08 21:51 . 2009-06-08 21:52 -------- d-----w- c:\program files\Hidden Island
2009-06-08 15:54 . 2009-06-08 15:54 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAF3E.tmp.exe
2009-06-07 08:14 . 2009-06-07 08:14 1188 ----a-w- C:\SYSDLL.bat
2009-06-05 19:41 . 2009-06-05 19:41 -------- d-----w- c:\programdata\Meridian93
2009-06-05 19:40 . 2009-06-05 19:40 -------- d-----w- c:\users\mom\AppData\Roaming\Meridian93
2009-06-02 23:41 . 2009-06-02 23:41 -------- d-----w- c:\program files\Supermarket Management
2009-06-02 23:39 . 2009-06-02 23:39 -------- d-----w- c:\windows\Supermarket Management
2009-06-02 23:25 . 2009-06-02 23:25 -------- d-----w- c:\program files\Supermarket Mania
2009-06-02 04:07 . 2009-06-02 04:07 -------- d-----w- c:\windows\PCHEALTH
2009-06-02 03:09 . 2009-06-02 03:09 -------- d-----w- c:\programdata\PlayfulAge
2009-05-31 01:27 . 2009-05-31 01:27 -------- d-----w- c:\users\mom\AppData\Local\Acer Arcade Deluxe
2009-05-31 01:27 . 2009-05-31 01:27 -------- d-----w- c:\users\mom\AppData\Roaming\CyberLink
2009-05-31 01:27 . 2009-05-31 01:27 -------- d-----w- c:\users\mom\AppData\Local\PowerCinema
2009-05-31 01:19 . 2009-05-31 01:32 -------- d-----w- c:\programdata\App4rTemp
2009-05-31 01:12 . 2007-03-30 14:13 344064 ----a-w- c:\windows\system32\lxdicoin.dll
2009-05-31 01:08 . 2007-05-17 15:00 311296 ----a-w- c:\windows\system32\lxdihcp.dll
2009-05-31 01:08 . 2007-05-17 14:59 294912 ----a-w- c:\windows\system32\lxdiinst.dll
2009-05-31 01:08 . 2007-05-22 07:04 503808 ----a-w- c:\windows\system32\lxdiutil.dll
2009-05-31 01:08 . 2007-05-17 14:55 339968 ----a-w- c:\windows\system32\lxdiiesc.dll
2009-05-31 01:08 . 2007-05-17 14:55 356352 ----a-w- c:\windows\system32\lxdiinpa.dll
2009-05-30 00:35 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-30 00:35 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-30 00:35 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-30 00:35 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-30 00:35 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-30 00:35 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-30 00:35 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-28 01:51 . 2009-05-28 01:52 -------- d-----w- c:\program files\Treasure Seekers - The Enchanted Canvases
2009-05-28 01:51 . 2009-05-28 01:51 -------- d-----w- c:\windows\Treasure Seekers - The Enchanted Canvases

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 23:34 . 2009-02-12 17:26 -------- d-----w- c:\programdata\Lx_cats
2009-06-19 18:07 . 2009-06-19 18:07 1416152 ----a-w- c:\programdata\SPLB5FF.tmp
2009-06-18 14:23 . 2009-02-07 21:17 -------- d-----w- c:\program files\Google
2009-06-15 23:22 . 2009-03-24 13:39 -------- d-----w- c:\programdata\PlayFirst
2009-06-14 20:03 . 2009-02-07 21:16 -------- d-----w- c:\users\mom\AppData\Roaming\uTorrent
2009-06-07 08:12 . 2009-02-12 17:16 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-06-02 04:07 . 2009-02-08 03:30 -------- d-----w- c:\program files\Windows Live
2009-06-02 02:45 . 2009-02-07 21:31 -------- d-----w- c:\program files\bfgclient
2009-05-31 01:15 . 2009-02-14 23:58 -------- d-----w- c:\users\mom\AppData\Roaming\Lexmark Productivity Studio
2009-05-31 01:11 . 2009-05-31 01:07 -------- d-----w- c:\program files\Lexmark 3500-4500 Series
2009-05-30 00:15 . 2009-02-13 03:05 -------- d-----w- c:\program files\Games
2009-05-28 01:52 . 2009-02-09 00:35 -------- d-----w- c:\users\mom\AppData\Roaming\Artogon
2009-05-22 00:22 . 2009-05-22 00:22 -------- d-----w- c:\program files\kellygame games
2009-05-20 22:19 . 2009-05-20 22:19 -------- d-----w- c:\users\mom\AppData\Roaming\YoudaGames
2009-05-14 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-11 00:50 . 2009-05-11 00:50 -------- d-----w- c:\users\mom\AppData\Roaming\Ludia
2009-05-11 00:50 . 2009-05-11 00:50 -------- d-----w- c:\programdata\Ludia
2009-05-11 00:50 . 2009-05-11 00:49 -------- d-----w- c:\program files\The Price Is Right
2009-05-09 00:05 . 2009-03-04 14:27 -------- d-----w- c:\programdata\Gogii
2009-05-05 01:01 . 2009-05-05 01:01 6150205 ----a-w- c:\programdata\SPLFDB9.tmp
2009-05-01 13:01 . 2009-02-23 01:49 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-05-01 13:01 . 2009-02-07 19:11 -------- d-----w- c:\program files\Acer Inc
2009-04-12 16:23 . 2009-04-12 16:23 12759010 ----a-w- c:\programdata\SPLA811.tmp
2009-04-12 16:22 . 2009-04-12 16:22 12759010 ----a-w- c:\programdata\SPL2E4F.tmp
2009-04-01 00:23 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-01 00:11 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-04-01 00:11 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-03-31 23:43 . 2009-04-01 00:04 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-03-31 23:43 . 2009-04-01 00:04 152576 ----a-w- c:\windows\system32\SPWizUI.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Desktop Architect"="c:\program files\Desktop Architect\datray.exe" [2001-05-07 53248]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-20 4347120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-10 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-10 137752]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-07 1862144]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-04 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-09-04 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-7 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-21 535336]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\pmremind.exe [2009-2-22 331776]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-9 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{715A5EE9-0809-43D8-8FA8-887A4C74A40D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{94B6512A-7BC0-4122-9437-0A9D21D013C4}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{77AE33C6-AEF8-47EF-863C-0BC45878CAEA}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{C23D4F21-70ED-49A8-A2C2-9EEE259EDCE4}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{2A331B65-4C91-4CC1-9030-9CF05985069A}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{2F21A6C9-A9DB-480B-B40C-8CDE31702D9D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{04F78EB4-1E02-4388-8C8E-E5A2D091445C}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{07455D67-273C-4C6F-89AD-9ECD807D0682}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{81331F93-6A9E-4628-A6A6-6A9975E3BAAE}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0F36FB7D-73B5-40E0-99C9-858F03B43A8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{39614621-48F9-4F29-954B-12C3361E3DAE}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AB5C960D-FE11-4B95-B3D2-EC9116C73641}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{372572E7-92E4-4A5C-825D-691879096E1F}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{8F76C128-1338-4BF2-8C29-696584EAF34D}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{71EB147A-0D0D-4885-BD11-19FC2EF3DBF6}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{02AD3C2D-8AA8-4E5D-B541-3C49D4617AF7}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{5D421AD4-DF7E-42CB-AE5F-DC8E66E11BFF}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{25A2B0F6-8FB1-45CE-8B14-4C09EAA0B8F3}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{0A5190C2-1A77-43F7-9082-23281842AB04}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{AE661047-03EA-4403-BE53-8BC2F8701A20}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{505C0FDD-47D3-4715-81E0-502269BCE56A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{1EE38A16-C236-4CA1-B1B9-0A30F21217BD}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{73DD984C-CB52-4C4C-AEA4-31DE18B1FF44}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A63E00DA-F7C2-468B-8B66-CB7A773A588B}"= UDP:c:\users\mom\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{6AA458E4-1645-433D-9EFB-C8F1C4949376}"= TCP:c:\users\mom\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{1312F482-C2BD-47AE-B497-770D9D99F62C}"= UDP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{287A53E8-4961-4D59-B182-5F1F464789F8}"= TCP:c:\windows\System32\lxdicfg.exe:Printer Communication System
"{6B09639F-AAA5-4901-A826-AE193E6B0125}"= UDP:c:\program files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:
"{FC325186-A75A-4AED-852D-527FCFCBAEA4}"= TCP:c:\program files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:
"{654CB7F4-C923-4E9D-982F-E62D97EDAEB2}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{FCB1AE43-D067-40CA-ABA0-640A18389FD7}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{B19EF38E-08B1-4D8F-B57F-9BA9AAA3E657}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{22BDED02-06DD-4A36-8892-A00FFC0DF88C}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{51643220-4304-4D98-9D33-EA55D04BE8FC}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{C9467DA8-2E3B-415A-9BC5-3E45D714B854}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{EFCA9BDE-B3F6-45ED-9FB0-615BCA778E04}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{E54A50E2-6844-4B4C-8785-7B3CB97355A5}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{1E7BB02E-7EC9-4139-B0BA-806BB43F29F5}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{4AC0006A-B479-471F-8EF6-901E01150F42}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{E5B5B538-D26F-4951-816C-3185B750EBD7}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{942C8A82-4238-4654-AEC1-F8216A6577D3}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{480D1BEF-A2E8-4A21-B5D6-9C1B63555FE6}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{DA417579-D48E-4266-8E63-1FEE536D8698}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:Printer Status Window Interface
"{4DE4F328-B783-4E52-AD21-891610C13C95}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{2CFC3853-DCD5-4C65-BB73-AB4859914449}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{11039430-8AB5-4385-98F4-BFD9C0EF4928}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{1043B4B6-AC5B-4956-A36A-E84CE9A17A63}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [3/21/2009 1:12 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [3/21/2009 1:12 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [3/21/2009 1:11 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys [6/19/2009 7:30 PM 292912]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2/7/2009 4:15 PM 13560]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/21/2009 1:12 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2009 3:02 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [3/21/2009 1:12 AM 39984]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [8/21/2007 8:52 AM 43008]
S2 gupdate1c9f0202ce7c400;Google Update Service (gupdate1c9f0202ce7c400);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2009 10:22 AM 133104]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdiserv.exe [6/11/2007 10:14 AM 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [8/21/2007 8:52 AM 179712]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2/21/2009 12:59 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-06-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-05-28 01:22]

2009-06-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:21]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://games.bigfishgames.com/en_diaper-dash/online/DiaperDashWeb.1.0.0.4.cab
DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} - hxxp://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://games.bigfishgames.com/en_chocolatier-3-decadence-by-design/online/Chocolatier3Web.1.0.0.6.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 13:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-21 13:02
ComboFix-quarantined-files.txt 2009-06-21 17:02

Pre-Run: 28,808,605,696 bytes free
Post-Run: 28,934,545,408 bytes free

305 --- E O F --- 2009-06-20 16:17
  • 0

#8
kahdah
Posted 21 June 2009 - 11:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks better.
Please go to Start>My Computer then C:\
Open the C:\ Drive then delete this file:
C:\SYSDLL.bat after that do the following:
================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP