Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

search engine redirecting virus,,babylon toolbar and all games home to

Started by livtheflip , Sep 15 2011 02:50 AM

This topic is locked

#1
livtheflip

Posted 15 September 2011 - 02:50 AM

Member

Member
21 posts

hi,

i have been having this search engine problem since i downloaded games from allgameshome.com and installed it to my laptop. it say that it include the allgameshome toolbar and making their site my homepage and if i untick the box to not include those it wont install the game so i install it anyway thinking that i can uninstall the toolbar after i installed the game and change back my homepage to google but thats not the case because after i uninstall the allgameshome toolbar its still there at the top of my firefox and allgameshome is still my homepage even after i change it to google everytime i restart my firefox it comes back to that site..i googled it and found out that its called search engine redirecting virus and some blog said that a malware is causing it. many search result suggested SPYBOT and ive tried it but it cant detect or cure my laptop. so i reformat my system thinking that it will be gone but no because its still here although i can now set my homepage to google and it wont redirect me when im searching in google, but when i open a new tab it goes to a site called search.babylon.com which i did not type at the address bar, another is when im searching at isohunt.com for torrent file it redirect me to this site again sometimes at yahoo.com..so it says to me that after i reformat my laptop i still have the virus and im out of my wits already..ive search google again and it brought me to your site geekstogo.com ..ive perform a removal steps from user rorschach112 posted last feb 2, 2010 using a TDSSKiller but it still cant remove or even detect an infection..can someone please help me?,,i have this computer with me for a long time now and i dont get viruses like this very complicated!

heres the OTL.Txt by the way:

OTL logfile created on: 9/15/2011 4:11:43 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\LivthefLip\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.67% Memory free
4.21 Gb Paging File | 2.67 Gb Available in Paging File | 63.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 36.15 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive D: | 66.27 Gb Total Space | 53.48 Gb Free Space | 80.70% Space Free | Partition Type: NTFS
Drive E: | 3.24 Gb Total Space | 3.20 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
Drive H: | 149.01 Gb Total Space | 29.50 Gb Free Space | 19.80% Space Free | Partition Type: FAT32

Computer Name: LIVTHEFLIP-PC | User Name: LivthefLip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 16:10:42 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\LivthefLip\Downloads\OTL.exe
PRC - [2011/09/15 15:33:53 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\LivthefLip\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/09/11 15:22:37 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/03 14:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/07 20:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\Mcafee\MNA\McNASvc.exe
PRC - [2008/02/25 16:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/25 16:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/02/06 01:47:12 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/24 10:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/24 10:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/10 10:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/02 21:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/12/21 03:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/21 03:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 10:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 10:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 22:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/02 08:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/21 05:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/11 21:40:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011/09/11 21:40:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011/09/11 21:40:13 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011/09/11 21:39:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011/09/11 21:39:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011/09/11 21:39:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011/09/11 21:38:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011/09/11 21:38:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011/09/11 21:38:35 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011/09/11 21:38:20 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2011/09/11 16:08:12 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/11 15:11:04 | 000,077,312 | ---- | M] () -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MOD - [2011/09/03 14:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/04 16:55:54 | 000,274,432 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100sd.dll
MOD - [2010/03/04 16:55:46 | 002,306,048 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hp1100su.dll
MOD - [2010/03/04 16:55:12 | 000,794,624 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\HP1100GC.DLL
MOD - [2008/01/10 10:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/10 10:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 18:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/21 05:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/21 03:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/20 10:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/20 10:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/20 10:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/20 10:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/10 22:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/21 06:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/12 01:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/03/29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/11 11:32:50 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/04/07 20:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\Mcafee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/02/25 16:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/21 03:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 10:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 10:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/02 08:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/21 05:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 20:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 07:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV - [2079/07/19 15:18:48 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110914.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2079/07/19 15:18:48 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2079/07/19 15:18:48 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110908.001\IDSvix86.sys -- (IDSvix86)
DRV - [2079/07/19 15:18:48 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2079/07/19 15:18:48 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110914.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/11 11:41:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/06 07:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/30 18:34:00 | 007,629,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/24 10:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/24 10:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 10:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/31 10:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/08 23:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/08/08 10:37:00 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/31 03:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/31 02:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ph.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ph.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.ph/"
FF - prefs.js..keyword.URL: "http://search.babylo...0&affID=100489"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/11 14:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/11 15:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/11 15:22:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/11 15:29:23 | 000,000,000 | ---D | M]

[2011/09/11 11:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Extensions
[2011/09/15 08:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions
[2011/09/15 08:02:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/11 15:11:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/11 15:06:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]
[2011/09/11 15:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 15:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/11 15:22:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/09/03 14:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/11 15:29:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 15:06:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/03 07:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/15 15:26:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F3C52C-A6EC-4234-A130-3D92BE289CF4}: DhcpNameServer = 192.168.254.1 192.168.254.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/10/20 12:04:08 | 000,038,912 | ---- | M] () - D:\AUTOBACK.EXE -- [ NTFS ]
O32 - AutoRun File - [2008/06/04 08:17:50 | 000,000,000 | -HSD | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0bcb0a32-dc29-11e0-bd1a-001e6835b0aa}\Shell - "" = AutoRun
O33 - MountPoints2\{0bcb0a32-dc29-11e0-bd1a-001e6835b0aa}\Shell\AutoRun\command - "" = H:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/15 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Desktop\GooredFix Backups
[2011/09/15 15:35:33 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\LivthefLip\Desktop\GooredFix.exe
[2011/09/15 15:26:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/15 15:23:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\LivthefLip\Desktop\OTM.exe
[2011/09/13 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Acer Arcade Deluxe
[2011/09/13 16:38:11 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\CyberLink
[2011/09/13 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\PowerCinema
[2011/09/13 15:56:28 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LivthefLip\Desktop\TDSSKiller.exe
[2011/09/12 01:12:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/12 01:12:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/09/12 01:12:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/09/12 01:07:19 | 017,730,504 | ---- | C] (Acer Incorporated) -- C:\Windows\eRy.exe
[2011/09/12 01:07:04 | 000,065,536 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SetSpkDefault.exe
[2011/09/11 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Yahoo!
[2011/09/11 22:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/09/11 22:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/09/11 21:32:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Roaming
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Intel
[2011/09/11 20:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2011/09/11 20:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/09/11 20:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011/09/11 20:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/09/11 18:40:55 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Apple Computer
[2011/09/11 15:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/11 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/11 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/11 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/09/11 15:22:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/11 15:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/09/11 15:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/09/11 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/09/11 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Real
[2011/09/11 15:11:06 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Google
[2011/09/11 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Conduit
[2011/09/11 15:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/09/11 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\uTorrent
[2011/09/11 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\uTorrent
[2011/09/11 15:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/11 15:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/11 15:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/11 15:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/11 15:07:11 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Apple
[2011/09/11 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/11 15:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/11 15:06:30 | 000,000,000 | ---D | C] -- C:\MPEGSUIT
[2011/09/11 15:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPEG Suite 2001
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Babylon
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Babylon
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/09/11 15:04:32 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\flv to avi converter
[2011/09/11 15:03:40 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\WinZip
[2011/09/11 15:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/09/11 15:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/09/11 15:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/09/11 14:51:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\DivX
[2011/09/11 14:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/09/11 14:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/11 14:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/11 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/09/11 14:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/09/11 14:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/11 14:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/11 13:32:36 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/09/11 13:28:25 | 000,017,408 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\System32\drivers\mvusbews.sys
[2011/09/11 13:26:28 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\My Scans
[2011/09/11 13:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/09/11 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\HP
[2011/09/11 13:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2011/09/11 13:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/09/11 13:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/09/11 13:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/09/11 13:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/09/11 13:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/09/11 13:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/09/11 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/09/11 12:17:52 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Adobe
[2011/09/11 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/09/11 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Mozilla
[2011/09/11 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Mozilla
[2011/09/11 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/09/11 11:10:21 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Adobe
[2011/09/11 11:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/11 11:05:13 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Roaming\.#
[2011/09/11 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Bluetooth Software
[2011/09/11 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\Bluetooth Exchange Folder
[2011/09/11 10:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011/09/11 10:42:32 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2011/09/11 10:42:32 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2011/09/11 10:42:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2011/09/11 10:39:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2011/09/11 10:39:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2011/09/11 10:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/09/11 10:37:40 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/09/11 10:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/09/11 10:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/11 10:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/11 10:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/09/11 10:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011/09/11 10:31:51 | 000,000,000 | -H-D | C] -- C:\Users\LivthefLip\AppData\Local\acer eNM
[2011/09/11 10:31:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Symantec
[2011/09/11 10:30:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Searches
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/11 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Identities
[2011/09/11 10:30:15 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Contacts
[2011/09/11 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\VirtualStore
[2011/09/11 10:29:54 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Macromedia
[2011/09/11 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2011/09/11 10:29:29 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\Temporary Internet Files
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Templates
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Start Menu
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\SendTo
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Recent
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\PrintHood
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\NetHood
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Videos
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Pictures
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Music
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\My Documents
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Local Settings
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\History
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Cookies
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Application Data
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\Application Data
[2011/09/11 10:28:47 | 000,000,000 | --SD | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Videos
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Saved Games
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Pictures
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Music
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Links
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Favorites
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Downloads
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Documents
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Desktop
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/11 10:28:47 | 000,000,000 | -H-D | C] -- C:\Users\LivthefLip\AppData
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Temp
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Microsoft
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Media Center Programs
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Acer GameZone Console
[2008/02/15 02:34:08 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

========== Files - Modified Within 30 Days ==========

[2011/09/15 15:38:01 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/15 15:38:01 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/15 15:36:31 | 001,388,161 | ---- | M] () -- C:\Users\LivthefLip\Desktop\tdsskiller.zip
[2011/09/15 15:35:36 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\LivthefLip\Desktop\GooredFix.exe
[2011/09/15 15:31:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 15:31:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/15 15:31:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/15 15:31:34 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/15 15:30:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/15 15:26:47 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/15 15:24:02 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\LivthefLip\Desktop\OTM.exe
[2011/09/14 22:00:49 | 000,012,800 | ---- | M] () -- C:\Users\LivthefLip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/13 15:56:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LivthefLip\Desktop\TDSSKiller.exe
[2011/09/12 21:23:19 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - LivthefLip.job
[2011/09/12 03:55:31 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/12 01:19:40 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/09/12 01:07:20 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd
[2011/09/11 22:57:03 | 000,000,970 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/11 16:02:37 | 000,000,572 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\MPEG Suite.lnk
[2011/09/11 16:02:30 | 000,001,073 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/09/11 15:22:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/11 15:12:18 | 000,000,780 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/11 14:54:43 | 000,000,939 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Plus Player.lnk
[2011/09/11 13:31:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/09/11 13:22:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/09/11 13:19:28 | 000,001,976 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/11 13:17:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/11 11:41:28 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/11 11:41:28 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/11 11:41:28 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/11 11:32:02 | 000,000,874 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/11 11:05:58 | 000,002,069 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Arcade Deluxe.lnk
[2011/09/11 11:05:55 | 000,000,950 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer GameZone Console.lnk
[2011/09/11 11:01:55 | 000,000,942 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/11 10:47:06 | 000,000,144 | ---- | M] () -- C:\Windows\Alaunch.ini
[2011/09/11 10:47:00 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2011/09/11 10:39:52 | 000,000,743 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/11 10:33:00 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2011/09/11 10:30:29 | 000,000,947 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/11 10:29:11 | 000,001,976 | ---- | M] () -- C:\Windows\CLEANUP.CMD
[2011/09/11 10:29:09 | 000,016,068 | ---- | M] () -- C:\Windows\System32\results.xml

========== Files Created - No Company Name ==========

[2011/09/15 15:35:42 | 001,388,161 | ---- | C] () -- C:\Users\LivthefLip\Desktop\tdsskiller.zip
[2011/09/12 03:10:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/12 03:10:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/12 03:10:44 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/09/12 01:17:41 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/12 01:07:20 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd
[2011/09/12 01:07:15 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2011/09/12 01:07:08 | 000,000,294 | ---- | C] () -- C:\Windows\offline.reg
[2011/09/12 01:07:04 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE
[2011/09/12 01:07:04 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE
[2011/09/12 01:06:52 | 000,001,976 | ---- | C] () -- C:\Windows\CLEANUP.CMD
[2011/09/12 01:06:52 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011/09/11 22:57:03 | 000,000,970 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/11 20:12:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/09/11 20:12:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/09/11 20:12:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/09/11 17:26:06 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/09/11 16:16:36 | 000,012,800 | ---- | C] () -- C:\Users\LivthefLip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 16:02:37 | 000,000,572 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\MPEG Suite.lnk
[2011/09/11 16:02:30 | 000,001,073 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/09/11 15:09:37 | 000,000,780 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/11 15:07:09 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/11 14:54:43 | 000,000,939 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Plus Player.lnk
[2011/09/11 14:25:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/11 13:31:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/09/11 13:28:44 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/09/11 13:28:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/09/11 13:28:27 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2011/09/11 13:28:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/09/11 13:28:23 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/09/11 13:21:17 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/09/11 13:19:28 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/11 13:17:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/11 13:13:14 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/09/11 13:13:01 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/09/11 11:32:02 | 000,000,874 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/11 11:32:02 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/11 11:05:58 | 000,002,069 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Arcade Deluxe.lnk
[2011/09/11 11:05:55 | 000,000,950 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer GameZone Console.lnk
[2011/09/11 11:01:55 | 000,000,942 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/11 10:48:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/09/11 10:48:07 | 000,000,556 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - LivthefLip.job
[2011/09/11 10:47:00 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2011/09/11 10:42:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011/09/11 10:42:32 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2011/09/11 10:39:52 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/11 10:33:00 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2011/09/11 10:30:29 | 000,000,953 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/11 10:30:27 | 000,000,948 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/11 10:30:15 | 000,000,919 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/11 10:29:54 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2011/09/11 10:29:11 | 000,000,947 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/11 10:29:09 | 000,016,068 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/09/11 10:28:47 | 000,000,258 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/11 10:28:47 | 000,000,240 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/02/15 04:56:34 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/15 04:55:51 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/15 04:54:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/15 04:03:21 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/15 04:03:21 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/15 02:34:23 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/02/15 02:34:15 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/15 02:34:15 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/15 02:34:15 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/15 02:34:15 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/15 02:34:09 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/15 02:33:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 08:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 15:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 08:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 14:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/09/11 16:57:01 | 000,000,000 | -HSD | M] -- C:\Users\LivthefLip\AppData\Roaming\.#
[2008/02/15 04:28:28 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\Acer GameZone Console
[2011/09/11 15:06:00 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\Babylon
[2011/09/15 16:11:39 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\uTorrent
[2011/09/15 15:30:26 | 000,011,284 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.Txt

OTL Extras logfile created on: 9/15/2011 4:11:43 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\LivthefLip\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 29.67% Memory free
4.21 Gb Paging File | 2.67 Gb Available in Paging File | 63.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 36.15 Gb Free Space | 51.80% Space Free | Partition Type: NTFS
Drive D: | 66.27 Gb Total Space | 53.48 Gb Free Space | 80.70% Space Free | Partition Type: NTFS
Drive E: | 3.24 Gb Total Space | 3.20 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
Drive H: | 149.01 Gb Total Space | 29.50 Gb Free Space | 19.80% Space Free | Partition Type: FAT32

Computer Name: LIVTHEFLIP-PC | User Name: LivthefLip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35062CC4-73FD-46EE-8E42-6AEBE62BBF54}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{61E674AC-F5B3-4E89-9CF0-641E585F978A}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{64596F79-DEF8-4F83-914A-E6A143458835}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{93EB4AFA-BEB9-4641-8127-C2F163A771C6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9608F9D3-D83C-4DE9-994E-A2985A5B752A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB8B328F-21EB-4984-B7EF-0A8921A2EE41}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D6494002-B585-498A-B367-013AEB762DA7}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{EDE61138-950A-41C0-AC9D-33DECDD5B2CC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FB680866-9EE4-423C-BC0C-E2D4E83C5956}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DD470FD-E204-4D45-AE86-A4CB9954ECBC}" = Symantec Real Time Storage Protection Component
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DAD1B242-2138-450D-A46D-DBE6ECC0571A}" = SymNet
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup" = DivX Setup
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MPEG Suite 2001" = MPEG Suite 2001
"ProInst" = Intel PROSet Wireless
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 12.0" = RealPlayer
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2011 2:31:37 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application utorrent.exe, version 1.8.4.16150, time stamp
0x4a837c9b, faulting module utorrent.exe, version 1.8.4.16150, time stamp 0x4a837c9b,
exception code 0xc0000005, fault offset 0x000aec66, process id 0x1714, application
start time 0x01cc704c75499144.

Error - 9/11/2011 2:53:05 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application MPEGSuite.exe, version 0.0.0.0, time stamp 0x42e25dc0,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x6a904859, process id 0x11e0, application start time 0x01cc704f74bd10f4.

Error - 9/11/2011 9:36:35 AM | Computer Name = LivthefLip-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/11/2011 10:10:48 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0xcb0,
application start time 0x01cc708c79160157.

Error - 9/11/2011 10:12:09 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0x16a0,
application start time 0x01cc708ca57c6e07.

Error - 9/11/2011 10:13:06 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0xedc,
application start time 0x01cc708cd8b16877.

Error - 9/11/2011 10:14:27 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0xc34,
application start time 0x01cc708d0ccaa867.

Error - 9/11/2011 10:19:17 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0xc94,
application start time 0x01cc708db19063d7.

Error - 9/11/2011 10:20:48 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0xc38,
application start time 0x01cc708df3a726f7.

Error - 9/11/2011 10:22:50 AM | Computer Name = LivthefLip-PC | Source = Application Error | ID = 1000
Description = Faulting application setup.exe_Bluetooth Software, version 6.0.1.4900,
time stamp 0x460c12ad, faulting module setup.exe, version 6.0.1.4900, time stamp
0x460c12ad, exception code 0xc0000005, fault offset 0x0001f825, process id 0x1190,
application start time 0x01cc708e3a2923d7.

[ System Events ]
Error - 9/10/2011 11:50:08 PM | Computer Name = LivthefLip-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 9/10/2011 11:51:01 PM | Computer Name = LivthefLip-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2011 1:31:40 AM | Computer Name = LivthefLip-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/11/2011 9:31:03 AM | Computer Name = LivthefLip-PC | Source = DCOM | ID = 10010
Description =

Error - 9/11/2011 9:31:48 AM | Computer Name = LivthefLip-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 9/11/2011 9:35:55 AM | Computer Name = LivthefLip-PC | Source = HTTP | ID = 15016
Description =

Error - 9/11/2011 9:36:35 AM | Computer Name = LivthefLip-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/11/2011 9:41:36 AM | Computer Name = LivthefLip-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/11/2011 10:25:26 AM | Computer Name = LivthefLip-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 9/11/2011 10:25:32 AM | Computer Name = LivthefLip-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

< End of report >

#2
Render

Posted 15 September 2011 - 08:54 AM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Please the following:

Step 1

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please right click on on your desktop and click on Run as administrator.

Under the Custom Scans/Fixes box copy and paste this in:

:OTL
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=144b73bf000000000000001f3aeafadd&tlver=1.4.35.10&affID=100489"
[2011/09/11 15:06:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]
O32 - AutoRun File - [2005/10/20 12:04:08 | 000,038,912 | ---- | M] () - D:\AUTOBACK.EXE -- [ NTFS ]
O32 - AutoRun File - [2008/06/04 08:17:50 | 000,000,000 | -HSD | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{0bcb0a32-dc29-11e0-bd1a-001e6835b0aa}\Shell\AutoRun\command - "" = H:\SISetup.exe
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Click on Check for Updates button.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:

OTL fix log
MBAM log
OTL scan log

#3
livtheflip

Posted 16 September 2011 - 01:30 AM

Member

Topic Starter
Member
21 posts

hi and thanks for helping, ive perform your steps to remove the malware..although after running the quick scan of malwarebytes' anti-malware it immediately open the log in notepad it didnt show any results and i wasn't prompted to restart.i read the report and it says no malicious items were detected...i think my computer is ok now..tell me if it is?...so here's the logs that you asked for:

OTL fix log

All processes killed
========== OTL ==========
Prefs.js: "http://search.babylo...0&affID=100489" removed from keyword.URL
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\content folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected]\components folder moved successfully.
C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\[email protected] folder moved successfully.
D:\AUTOBACK.EXE moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bcb0a32-dc29-11e0-bd1a-001e6835b0aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bcb0a32-dc29-11e0-bd1a-001e6835b0aa}\ not found.
File H:\SISetup.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\LivthefLip\Downloads\cmd.bat deleted successfully.
C:\Users\LivthefLip\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Journal

User: LivthefLip
->Temp folder emptied: 443595 bytes
->Temporary Internet Files folder emptied: 74175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50217552 bytes
->Flash cache emptied: 828 bytes

User: Public

User: RegBack

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2233951 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Journal

User: LivthefLip
->Flash cache emptied: 0 bytes

User: Public

User: RegBack

User: systemprofile

User: TxR

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.28.0 log created on 09162011_145533

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET5CDE.tmp not found!

Registry entries deleted on Reboot...

MBAM log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7725

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

9/16/2011 3:18:19 PM
mbam-log-2011-09-16 (15-18-19).txt

Scan type: Quick scan
Objects scanned: 179375
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL scan log

OTL logfile created on: 9/16/2011 3:00:35 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\LivthefLip\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.65% Memory free
4.21 Gb Paging File | 2.91 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 36.08 Gb Free Space | 51.70% Space Free | Partition Type: NTFS
Drive D: | 66.27 Gb Total Space | 53.48 Gb Free Space | 80.70% Space Free | Partition Type: NTFS
Drive E: | 3.24 Gb Total Space | 3.20 Gb Free Space | 98.62% Space Free | Partition Type: NTFS
Drive H: | 149.01 Gb Total Space | 29.50 Gb Free Space | 19.80% Space Free | Partition Type: FAT32

Computer Name: LIVTHEFLIP-PC | User Name: LivthefLip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 14:57:40 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\LivthefLip\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/09/15 16:10:42 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\LivthefLip\Downloads\OTL.exe
PRC - [2011/09/11 15:22:37 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/11 15:12:18 | 000,640,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/07 20:57:42 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/03/20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\Mcafee\MNA\McNASvc.exe
PRC - [2008/02/25 16:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/25 16:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/02/06 01:47:12 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/24 10:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/24 10:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/21 10:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/10 10:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/02 21:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2007/12/21 03:33:14 | 000,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/21 03:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 10:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 10:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/10 22:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/02 08:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/21 05:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/11 21:40:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011/09/11 21:40:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011/09/11 21:40:13 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011/09/11 21:39:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011/09/11 21:39:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011/09/11 21:39:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011/09/11 21:38:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011/09/11 21:38:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011/09/11 21:38:35 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011/09/11 21:38:20 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/01/10 10:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/10 10:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 18:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/21 05:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/21 03:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/20 10:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/20 10:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/20 10:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/20 10:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/10 22:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/21 06:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/12 01:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/03/29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/11 11:32:50 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/04/07 20:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/20 07:03:48 | 002,376,992 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\Mcafee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/02/25 16:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/21 03:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 10:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 10:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/02 08:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/21 05:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 20:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/22 07:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

========== Driver Services (SafeList) ==========

DRV - [2079/07/19 15:18:48 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110914.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2079/07/19 15:18:48 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2079/07/19 15:18:48 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110908.001\IDSvix86.sys -- (IDSvix86)
DRV - [2079/07/19 15:18:48 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2079/07/19 15:18:48 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110914.025\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/11 11:41:28 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/06 07:40:57 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/03/17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/30 18:34:00 | 007,629,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/24 10:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/24 10:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 10:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/31 10:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/08 23:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/08/08 10:37:00 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/31 03:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/31 02:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ph.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ph.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: No CLSID value found. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.ph/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/11 14:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/11 15:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/11 15:22:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/11 15:29:23 | 000,000,000 | ---D | M]

[2011/09/11 11:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Extensions
[2011/09/15 08:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions
[2011/09/15 08:02:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/11 15:11:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/11 15:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 15:29:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/11 15:22:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\LIVTHEFLIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YHZZHQM6.DEFAULT\EXTENSIONS\[email protected]
[2011/09/03 14:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/11 15:29:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 15:06:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/03 07:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/16 14:55:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F3C52C-A6EC-4234-A130-3D92BE289CF4}: DhcpNameServer = 192.168.254.1 192.168.254.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/04 08:17:50 | 000,000,000 | -HSD | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 14:55:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/15 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Desktop\GooredFix Backups
[2011/09/15 15:35:33 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\LivthefLip\Desktop\GooredFix.exe
[2011/09/15 15:26:36 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/09/15 15:23:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\LivthefLip\Desktop\OTM.exe
[2011/09/13 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Acer Arcade Deluxe
[2011/09/13 16:38:11 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\CyberLink
[2011/09/13 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\PowerCinema
[2011/09/13 15:56:28 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LivthefLip\Desktop\TDSSKiller.exe
[2011/09/12 01:12:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/12 01:12:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/09/12 01:12:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/09/12 01:07:19 | 017,730,504 | ---- | C] (Acer Incorporated) -- C:\Windows\eRy.exe
[2011/09/12 01:07:04 | 000,065,536 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SetSpkDefault.exe
[2011/09/11 22:58:43 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Yahoo!
[2011/09/11 22:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/09/11 22:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/09/11 21:32:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Roaming
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2011/09/11 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Intel
[2011/09/11 20:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2011/09/11 20:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/09/11 20:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011/09/11 20:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011/09/11 18:40:55 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Apple Computer
[2011/09/11 15:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/11 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/11 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/11 15:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/09/11 15:22:40 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/11 15:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/09/11 15:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/09/11 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/09/11 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Real
[2011/09/11 15:11:06 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Google
[2011/09/11 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Conduit
[2011/09/11 15:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/09/11 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\uTorrent
[2011/09/11 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\uTorrent
[2011/09/11 15:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/11 15:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/11 15:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/11 15:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/09/11 15:07:11 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Apple
[2011/09/11 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/09/11 15:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/09/11 15:06:30 | 000,000,000 | ---D | C] -- C:\MPEGSUIT
[2011/09/11 15:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPEG Suite 2001
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Babylon
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Babylon
[2011/09/11 15:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/09/11 15:04:32 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\flv to avi converter
[2011/09/11 15:03:40 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\WinZip
[2011/09/11 15:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/09/11 15:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/09/11 15:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/09/11 14:51:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\DivX
[2011/09/11 14:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/09/11 14:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/09/11 14:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/11 14:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/09/11 14:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/09/11 14:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/11 14:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/11 13:32:36 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/09/11 13:28:25 | 000,017,408 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\System32\drivers\mvusbews.sys
[2011/09/11 13:26:28 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\My Scans
[2011/09/11 13:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/09/11 13:22:21 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\HP
[2011/09/11 13:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2011/09/11 13:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/09/11 13:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/09/11 13:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/09/11 13:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/09/11 13:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/09/11 13:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/09/11 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/09/11 12:17:52 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Adobe
[2011/09/11 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2011/09/11 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Mozilla
[2011/09/11 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Mozilla
[2011/09/11 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/09/11 11:10:21 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Adobe
[2011/09/11 11:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/11 11:05:13 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Roaming\.#
[2011/09/11 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Bluetooth Software
[2011/09/11 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\Documents\Bluetooth Exchange Folder
[2011/09/11 10:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista
[2011/09/11 10:42:32 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe
[2011/09/11 10:42:32 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe
[2011/09/11 10:42:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2011/09/11 10:39:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2011/09/11 10:39:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2011/09/11 10:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/09/11 10:37:40 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2011/09/11 10:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/09/11 10:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/11 10:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/09/11 10:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011/09/11 10:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011/09/11 10:31:51 | 000,000,000 | -H-D | C] -- C:\Users\LivthefLip\AppData\Local\acer eNM
[2011/09/11 10:31:00 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Symantec
[2011/09/11 10:30:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Searches
[2011/09/11 10:30:27 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/11 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Identities
[2011/09/11 10:30:15 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Contacts
[2011/09/11 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\VirtualStore
[2011/09/11 10:29:54 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Macromedia
[2011/09/11 10:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2011/09/11 10:29:29 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\Temporary Internet Files
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Templates
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Start Menu
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\SendTo
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Recent
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\PrintHood
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\NetHood
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Videos
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Pictures
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Documents\My Music
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\My Documents
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Local Settings
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\History
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Cookies
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\Application Data
[2011/09/11 10:28:48 | 000,000,000 | -HSD | C] -- C:\Users\LivthefLip\AppData\Local\Application Data
[2011/09/11 10:28:47 | 000,000,000 | --SD | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Videos
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Saved Games
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Pictures
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Music
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Links
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Favorites
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Downloads
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Documents
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\Desktop
[2011/09/11 10:28:47 | 000,000,000 | R--D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/11 10:28:47 | 000,000,000 | -H-D | C] -- C:\Users\LivthefLip\AppData
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Temp
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Local\Microsoft
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Media Center Programs
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer
[2011/09/11 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\LivthefLip\AppData\Roaming\Acer GameZone Console
[2008/02/15 02:34:08 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

========== Files - Modified Within 30 Days ==========

[2011/09/16 15:04:43 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/16 15:04:43 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/16 14:57:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/16 14:57:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/16 14:56:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/16 14:56:51 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/16 14:56:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/16 14:55:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/09/15 22:18:28 | 000,013,312 | ---- | M] () -- C:\Users\LivthefLip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 15:36:31 | 001,388,161 | ---- | M] () -- C:\Users\LivthefLip\Desktop\tdsskiller.zip
[2011/09/15 15:35:36 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\LivthefLip\Desktop\GooredFix.exe
[2011/09/15 15:24:02 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\LivthefLip\Desktop\OTM.exe
[2011/09/13 15:56:28 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LivthefLip\Desktop\TDSSKiller.exe
[2011/09/12 21:23:19 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - LivthefLip.job
[2011/09/12 03:55:31 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/12 01:19:40 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/09/12 01:07:20 | 000,000,003 | ---- | M] () -- C:\Windows\AFirst.cmd
[2011/09/11 22:57:03 | 000,000,970 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/11 16:02:37 | 000,000,572 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\MPEG Suite.lnk
[2011/09/11 16:02:30 | 000,001,073 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/09/11 15:22:40 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011/09/11 15:12:18 | 000,000,780 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/11 14:54:43 | 000,000,939 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Plus Player.lnk
[2011/09/11 13:31:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/09/11 13:22:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2011/09/11 13:19:28 | 000,001,976 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/11 13:17:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/11 11:41:28 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/09/11 11:41:28 | 000,010,635 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/09/11 11:41:28 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/09/11 11:32:02 | 000,000,874 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/11 11:05:58 | 000,002,069 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Arcade Deluxe.lnk
[2011/09/11 11:05:55 | 000,000,950 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer GameZone Console.lnk
[2011/09/11 11:01:55 | 000,000,942 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/11 10:47:06 | 000,000,144 | ---- | M] () -- C:\Windows\Alaunch.ini
[2011/09/11 10:47:00 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2011/09/11 10:39:52 | 000,000,743 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/11 10:33:00 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2011/09/11 10:30:29 | 000,000,947 | ---- | M] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/11 10:29:11 | 000,001,976 | ---- | M] () -- C:\Windows\CLEANUP.CMD
[2011/09/11 10:29:09 | 000,016,068 | ---- | M] () -- C:\Windows\System32\results.xml

========== Files Created - No Company Name ==========

[2011/09/15 15:35:42 | 001,388,161 | ---- | C] () -- C:\Users\LivthefLip\Desktop\tdsskiller.zip
[2011/09/12 03:10:49 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/12 03:10:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/12 03:10:44 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/09/12 01:17:41 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/12 01:07:20 | 000,000,003 | ---- | C] () -- C:\Windows\AFirst.cmd
[2011/09/12 01:07:15 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2011/09/12 01:07:08 | 000,000,294 | ---- | C] () -- C:\Windows\offline.reg
[2011/09/12 01:07:04 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE
[2011/09/12 01:07:04 | 000,020,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE
[2011/09/12 01:06:52 | 000,001,976 | ---- | C] () -- C:\Windows\CLEANUP.CMD
[2011/09/12 01:06:52 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2011/09/11 22:57:03 | 000,000,970 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/11 20:12:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/09/11 20:12:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/09/11 20:12:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/09/11 17:26:06 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/09/11 16:16:36 | 000,013,312 | ---- | C] () -- C:\Users\LivthefLip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 16:02:37 | 000,000,572 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\MPEG Suite.lnk
[2011/09/11 16:02:30 | 000,001,073 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/09/11 15:09:37 | 000,000,780 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/09/11 15:07:09 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/11 14:54:43 | 000,000,939 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Plus Player.lnk
[2011/09/11 14:25:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/11 13:31:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2011/09/11 13:28:44 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/09/11 13:28:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/09/11 13:28:27 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2011/09/11 13:28:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/09/11 13:28:23 | 000,047,104 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/09/11 13:21:17 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/09/11 13:19:28 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/11 13:17:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/09/11 13:13:14 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011/09/11 13:13:01 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011/09/11 11:32:02 | 000,000,874 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/11 11:32:02 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/11 11:05:58 | 000,002,069 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Arcade Deluxe.lnk
[2011/09/11 11:05:55 | 000,000,950 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer GameZone Console.lnk
[2011/09/11 11:01:55 | 000,000,942 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/11 10:48:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/09/11 10:48:07 | 000,000,556 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - LivthefLip.job
[2011/09/11 10:47:00 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2011/09/11 10:42:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2011/09/11 10:42:32 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss
[2011/09/11 10:39:52 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/11 10:33:00 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2011/09/11 10:30:29 | 000,000,953 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/11 10:30:27 | 000,000,948 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/09/11 10:30:15 | 000,000,919 | ---- | C] () -- C:\Users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/11 10:29:54 | 083,554,304 | ---- | C] () -- C:\Windows\System32\acer.scr
[2011/09/11 10:29:11 | 000,000,947 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/11 10:29:09 | 000,016,068 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/09/11 10:28:47 | 000,000,258 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/11 10:28:47 | 000,000,240 | ---- | C] () -- C:\Users\LivthefLip\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/02/15 04:56:34 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/15 04:55:51 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/15 04:54:26 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/15 04:03:21 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/15 04:03:21 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/15 02:34:23 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/02/15 02:34:15 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/15 02:34:15 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/15 02:34:15 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/15 02:34:15 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/15 02:34:09 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/15 02:33:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/03/29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/27 08:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 15:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 08:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 14:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/09/11 16:57:01 | 000,000,000 | -HSD | M] -- C:\Users\LivthefLip\AppData\Roaming\.#
[2008/02/15 04:28:28 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\Acer GameZone Console
[2011/09/11 15:06:00 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\Babylon
[2011/09/16 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\LivthefLip\AppData\Roaming\uTorrent
[2011/09/16 14:56:04 | 000,012,038 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#4
Render

Posted 16 September 2011 - 07:05 AM

Trusted Helper

Malware Removal
4,195 posts

Hi,

i think my computer is ok now..tell me if it is?

Redirects are gone? Anyway we should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#5
livtheflip

Posted 18 September 2011 - 05:09 AM

Member

Topic Starter
Member
21 posts

hi,

i thought the redirects are gone because when i open a new tab theres no "search.babylon.com" typed in the address bar anymore but i was wrong cause i tried to search in isohunt.com and there it is again, im just curious cause it seems like its happening only when i search at isohunt.com. i've perform the scan and during scan sometime a message will prompt that a file or folder is password protected. then when the scan go through to my external harddisk beacause i included it, theres tons of a "win32.sality?" virus half of it i think i only selected disinfect because i forgot that you instructed that all infections found be deleted it was only later that i rememberd that.is it ok?

btw,how can i attached the zip file you asked?

#6
Render

Posted 18 September 2011 - 05:12 AM

Trusted Helper

Malware Removal
4,195 posts

How to add an attachment to a new topic or reply

#7
livtheflip

Posted 18 September 2011 - 05:43 AM

Member

Topic Starter
Member
21 posts

render,

i think we have a problem because the virus seems to return..after the scan i open my firefox and my homepage is again search.babylon.com then i add a tab and search.babylon.com is typed in my adress bar..i open my control panel and programs and feature the babylon toolbar on IE(ie for internet explorer?) is installed..i open the internet explorer and there it is as my homepage and a toolbar is installed..what is happening?

#8
Render

Posted 18 September 2011 - 06:05 AM

Trusted Helper

Malware Removal
4,195 posts

I don't know what happens. Let's try with Combofix now.

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#9
livtheflip

Posted 18 September 2011 - 06:20 AM

Member

Topic Starter
Member
21 posts

heres detected threads:

Status: Disinfected (events: 51)
9/18/2011 5:22:59 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A4F2571D-F13F-40B8-93C8-2F87F6624AF2}\RP6\A0000327.exe High
9/18/2011 5:22:57 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A4F2571D-F13F-40B8-93C8-2F87F6624AF2}\RP6\A0000326.exe High
9/18/2011 5:22:59 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A4F2571D-F13F-40B8-93C8-2F87F6624AF2}\RP6\A0000336.exe High
9/18/2011 5:23:22 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A28D93CE-9429-4E7E-862E-21AC4DD48C21}\RP11\A0000642.exe High
9/18/2011 5:23:39 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A28D93CE-9429-4E7E-862E-21AC4DD48C21}\RP11\A0000641.exe High
9/18/2011 5:23:27 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A28D93CE-9429-4E7E-862E-21AC4DD48C21}\RP11\A0000651.exe High
9/18/2011 5:23:44 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A28D93CE-9429-4E7E-862E-21AC4DD48C21}\RP23\A0165639.exe High
9/18/2011 5:23:55 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{A28D93CE-9429-4E7E-862E-21AC4DD48C21}\RP23\A0165640.exe High
9/18/2011 5:24:03 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000431.exe High
9/18/2011 5:24:18 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000432.exe High
9/18/2011 5:24:26 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000451.exe High
9/18/2011 5:24:23 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000452.exe High
9/18/2011 5:24:39 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000453.exe High
9/18/2011 5:24:48 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000454.exe High
9/18/2011 5:24:50 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000455.exe High
9/18/2011 5:24:55 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000456.exe High
9/18/2011 5:25:00 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000457.exe High
9/18/2011 5:25:04 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000458.exe High
9/18/2011 5:25:07 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP7\A0000459.exe High
9/18/2011 5:25:37 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP17\A0030295.exe High
9/18/2011 5:25:29 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP17\A0030294.exe High
9/18/2011 5:25:34 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{9985D820-039A-4A21-BEBE-BAD003D0C0F3}\RP17\A0030304.exe High
9/18/2011 5:25:55 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP11\A0002096.exe High
9/18/2011 5:26:32 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP11\A0002094.exe High
9/18/2011 5:26:50 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP11\A0002095.exe High
9/18/2011 5:26:50 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP11\A0002097.exe High
9/18/2011 5:27:08 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP34\A0032995.exe High
9/18/2011 5:28:18 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP36\A0033051.exe High
9/18/2011 5:28:24 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033071.exe High
9/18/2011 5:28:46 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033123.EXE High
9/18/2011 5:28:45 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033108.exe High
9/18/2011 5:29:15 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033129.exe High
9/18/2011 5:29:35 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033143.exe High
9/18/2011 5:29:42 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033144.exe High
9/18/2011 5:29:59 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033145.exe High
9/18/2011 5:30:15 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033146.exe High
9/18/2011 5:30:30 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033147.exe High
9/18/2011 5:30:57 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033150.exe High
9/18/2011 5:31:26 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033151.exe High
9/18/2011 5:31:31 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033152.exe High
9/18/2011 5:31:55 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033153.exe High
9/18/2011 5:32:05 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033154.exe High
9/18/2011 5:32:25 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033174.exe High
9/18/2011 5:32:30 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033185.exe High
9/18/2011 5:33:07 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033186.exe High
9/18/2011 5:35:42 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033187.exe High
9/18/2011 5:39:24 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033188.exe High
9/18/2011 5:39:17 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033189.exe High
9/18/2011 5:39:25 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033190.exe High
9/18/2011 5:40:37 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033191.exe High
9/18/2011 5:40:51 PM Disinfected virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033192.exe High
Status: Deleted (events: 148)
9/18/2011 5:27:52 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP34\A0033001.exe High
9/18/2011 5:27:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP34\A0033002.exe High
9/18/2011 5:41:49 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033193.exe High
9/18/2011 5:42:01 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033194.exe High
9/18/2011 5:42:32 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033196.exe High
9/18/2011 5:42:52 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033197.exe High
9/18/2011 5:43:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033198.exe High
9/18/2011 5:43:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033205.exe High
9/18/2011 5:43:53 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033208.exe High
9/18/2011 5:43:54 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033211.exe High
9/18/2011 5:44:09 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033213.exe High
9/18/2011 5:44:35 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033214.exe High
9/18/2011 5:44:36 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033215.exe High
9/18/2011 5:46:40 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033216.exe High
9/18/2011 5:46:40 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033218.exe High
9/18/2011 5:46:49 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033217.exe High
9/18/2011 5:47:11 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033219.exe High
9/18/2011 5:48:05 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033220.exe High
9/18/2011 5:48:16 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033221.exe High
9/18/2011 5:48:48 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033225.exe High
9/18/2011 5:48:45 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033226.exe High
9/18/2011 5:48:46 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033227.exe High
9/18/2011 5:49:02 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033228.exe High
9/18/2011 5:49:03 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033234.exe High
9/18/2011 5:49:03 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033237.exe High
9/18/2011 5:49:05 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033240.exe High
9/18/2011 5:49:20 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033242.exe High
9/18/2011 5:49:25 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033243.exe High
9/18/2011 5:49:26 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033244.exe High
9/18/2011 5:49:30 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033245.exe High
9/18/2011 5:49:32 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033248.exe High
9/18/2011 5:49:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033246.exe High
9/18/2011 5:49:58 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033249.exe High
9/18/2011 5:50:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033250.exe High
9/18/2011 5:50:36 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033251.exe High
9/18/2011 5:50:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033252.exe High
9/18/2011 5:51:03 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033253.exe High
9/18/2011 5:51:19 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033263.exe High
9/18/2011 5:51:20 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033264.exe High
9/18/2011 5:51:27 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033265.exe High
9/18/2011 5:51:31 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033266.exe High
9/18/2011 5:51:31 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033267.exe High
9/18/2011 5:52:00 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033268.exe High
9/18/2011 5:52:16 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033269.exe High
9/18/2011 5:52:17 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033270.exe High
9/18/2011 5:52:27 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033271.exe High
9/18/2011 5:52:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033273.exe High
9/18/2011 5:54:12 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033272.exe High
9/18/2011 5:54:50 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033274.exe High
9/18/2011 5:55:06 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033275.exe High
9/18/2011 5:55:22 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033276.exe High
9/18/2011 5:55:41 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033277.exe High
9/18/2011 5:55:57 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033278.exe High
9/18/2011 5:56:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033279.exe High
9/18/2011 5:56:57 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033280.exe High
9/18/2011 5:56:58 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033281.exe High
9/18/2011 5:58:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0033282.exe High
9/18/2011 5:58:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034444.exe High
9/18/2011 5:58:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034445.exe High
9/18/2011 6:00:03 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034446.exe High
9/18/2011 6:00:24 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034447.exe High
9/18/2011 6:00:22 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034448.exe High
9/18/2011 6:00:41 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034449.exe High
9/18/2011 6:00:41 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034451.exe High
9/18/2011 6:00:46 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034450.exe High
9/18/2011 6:00:53 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034452.exe High
9/18/2011 6:01:04 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034453.exe High
9/18/2011 6:01:02 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034454.exe High
9/18/2011 6:01:37 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034455.exe High
9/18/2011 6:01:37 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034464.exe High
9/18/2011 6:01:38 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034456.exe High
9/18/2011 6:01:41 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034467.exe High
9/18/2011 6:01:42 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034470.exe High
9/18/2011 6:01:55 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034472.exe High
9/18/2011 6:02:02 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034473.exe High
9/18/2011 6:02:11 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034474.exe High
9/18/2011 6:02:12 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034475.exe High
9/18/2011 6:02:33 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034476.exe High
9/18/2011 6:02:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034477.exe High
9/18/2011 6:02:35 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034478.exe High
9/18/2011 6:03:12 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034479.exe High
9/18/2011 6:03:27 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034480.exe High
9/18/2011 6:03:29 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034484.exe High
9/18/2011 6:03:51 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034485.exe High
9/18/2011 6:03:53 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034486.exe High
9/18/2011 6:04:15 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034487.exe High
9/18/2011 6:04:20 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034493.exe High
9/18/2011 6:04:55 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034496.exe High
9/18/2011 6:04:57 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034499.exe High
9/18/2011 6:05:23 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034501.exe High
9/18/2011 6:05:43 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034502.exe High
9/18/2011 6:05:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034503.exe High
9/18/2011 6:05:46 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034504.exe High
9/18/2011 6:06:22 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034505.exe High
9/18/2011 6:06:22 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034506.exe High
9/18/2011 6:06:23 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034507.exe High
9/18/2011 6:06:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034510.exe High
9/18/2011 6:07:56 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034509.exe High
9/18/2011 6:08:14 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034508.exe High
9/18/2011 6:08:45 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034511.exe High
9/18/2011 6:08:50 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034521.exe High
9/18/2011 6:08:49 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034522.exe High
9/18/2011 6:08:55 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034523.exe High
9/18/2011 6:09:07 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034524.exe High
9/18/2011 6:09:07 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034525.exe High
9/18/2011 6:09:23 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034526.exe High
9/18/2011 6:09:33 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034527.exe High
9/18/2011 6:09:32 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034528.exe High
9/18/2011 6:09:45 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034529.exe High
9/18/2011 6:10:05 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034531.exe High
9/18/2011 6:10:05 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034530.exe High
9/18/2011 6:10:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034532.exe High
9/18/2011 6:10:39 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034533.exe High
9/18/2011 6:10:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034534.exe High
9/18/2011 6:11:00 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034535.exe High
9/18/2011 6:11:14 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034536.exe High
9/18/2011 6:11:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034537.exe High
9/18/2011 6:11:50 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034538.exe High
9/18/2011 6:12:43 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034539.exe High
9/18/2011 6:13:03 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034540.exe High
9/18/2011 6:13:03 PM Deleted Trojan program Trojan.Win32.Small.aljd H:\System Volume Information\_restore{4F97C207-94D6-480B-8D97-14B292DE4776}\RP38\A0034542.pif High
9/18/2011 6:14:08 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{83A4538F-5542-4DFC-9AB6-5589A87A4306}\RP7\A0008197.exe High
9/18/2011 6:14:49 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005952.exe High
9/18/2011 6:14:50 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005956.exe High
9/18/2011 6:15:24 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005961.exe High
9/18/2011 6:15:31 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005958.exe High
9/18/2011 6:15:33 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005964.exe High
9/18/2011 6:15:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0005968.exe High
9/18/2011 6:16:13 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006010.exe High
9/18/2011 6:16:41 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006001.exe High
9/18/2011 6:16:46 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006015.exe High
9/18/2011 6:16:49 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006016.exe High
9/18/2011 6:17:39 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006017.exe High
9/18/2011 6:18:14 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006023.exe High
9/18/2011 6:18:16 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006024.exe High
9/18/2011 6:18:34 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006035.exe High
9/18/2011 6:18:44 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006036.exe High
9/18/2011 6:18:50 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006037.exe High
9/18/2011 6:18:53 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006040.exe High
9/18/2011 6:19:04 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006043.exe High
9/18/2011 6:19:38 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006052.exe High
9/18/2011 6:19:45 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006054.exe High
9/18/2011 6:19:55 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006061.exe High
9/18/2011 6:20:31 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006144.exe High
9/18/2011 6:20:54 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0006143.exe High
9/18/2011 6:22:16 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0007367.exe High
9/18/2011 6:22:19 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0007366.exe High
9/18/2011 6:22:24 PM Deleted virus Virus.Win32.Sality.bh H:\System Volume Information\_restore{5B9E3AFC-C9BD-45DA-BC90-A4E61B00834C}\RP16\A0007368.exe High

Attached Files

avptool_sysinfo.zip 14.89KB 123 downloads

#10
livtheflip

Posted 18 September 2011 - 06:27 AM

Member

Topic Starter
Member
21 posts

btw, i kinda closed the VRT after i replied to you because i thought i can manually find the zip file but i did not and i run the VRT to select the link but you have to gather system info again to get the collected info so i run again..so the one i attached is the second zip file will it matter? i mean is there going to be difference from the first zip file? (do i make sense?sorry about this)

#11
Render

Posted 18 September 2011 - 07:03 AM

Trusted Helper

Malware Removal
4,195 posts

Unfortunately your computer is infected with Sality file infector.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Where to draw the line? When to recommend a format and reinstall?

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

#12
livtheflip

Posted 18 September 2011 - 07:30 AM

Member

Topic Starter
Member
21 posts

heres the combo-fix report:

ComboFix 11-09-17.04 - LivthefLip 09/18/2011 21:11:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.2038.926 [GMT 8:00]
Running from: c:\users\LivthefLip\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\LivthefLip\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 13:24 . 2011-09-18 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-18 13:02 . 2011-09-18 13:09 -------- d-----w- C:\Combo-Fix
2011-09-18 03:05 . 2011-09-18 03:05 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-18 03:04 . 2011-09-17 09:08 133208 ----a-w- c:\windows\system32\drivers\10953016.sys
2011-09-18 01:47 . 2011-09-18 01:47 -------- d-----w- c:\programdata\Xilisoft
2011-09-18 01:47 . 2011-09-18 01:47 -------- d-----w- c:\program files\Xilisoft
2011-09-18 01:05 . 2011-09-18 01:05 -------- d-----w- c:\program files\FoxTabAVIConverter
2011-09-18 01:04 . 2011-09-18 01:04 -------- d-----w- c:\program files\BabylonToolbar
2011-09-16 07:18 . 2011-08-16 00:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40044FEB-8A7A-4124-9A37-730A95A0248C}\mpengine.dll
2011-09-16 07:11 . 2011-09-16 07:11 -------- d-----w- c:\programdata\Malwarebytes
2011-09-16 07:11 . 2011-09-16 07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-16 07:11 . 2011-08-31 09:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 06:55 . 2011-09-16 06:55 -------- d-----w- C:\_OTL
2011-09-15 07:26 . 2011-09-15 07:26 -------- d-----w- C:\_OTM
2011-09-11 19:07 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-09-11 19:07 . 2008-04-23 04:41 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-09-11 19:07 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-09-11 19:07 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-09-11 19:01 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-09-11 17:19 . 2011-05-24 11:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-11 17:12 . 2011-09-11 17:12 -------- d-----w- c:\windows\system32\x64
2011-09-11 17:12 . 2011-09-11 17:12 -------- d-----w- c:\windows\system32\Lang
2011-09-11 17:12 . 2008-01-24 02:25 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-09-11 17:12 . 2008-01-24 02:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-09-11 17:07 . 2011-09-11 17:07 3 ----a-w- c:\windows\AFirst.cmd
2011-09-11 17:07 . 2008-02-10 11:53 17730504 ----a-w- c:\windows\eRy.exe
2011-09-11 17:07 . 2007-04-26 15:02 294 ----a-w- c:\windows\offline.reg
2011-09-11 17:07 . 2008-04-04 02:38 20480 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE
2011-09-11 17:07 . 2008-04-04 02:37 20480 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE
2011-09-11 17:07 . 2008-01-24 02:29 65536 ----a-w- c:\windows\SetSpkDefault.exe
2011-09-11 17:06 . 2011-09-11 02:29 1976 ----a-w- c:\windows\CLEANUP.CMD
2011-09-11 17:06 . 2002-11-14 14:32 55808 ----a-w- c:\windows\devcon.exe
2011-09-11 14:57 . 2011-09-11 14:57 -------- d-----w- c:\programdata\Yahoo!
2011-09-11 12:29 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-09-11 12:29 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-09-11 12:29 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-09-11 12:29 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-09-11 12:29 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-09-11 12:29 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-09-11 12:29 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-09-11 12:29 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-11 12:22 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2011-09-11 12:22 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2011-09-11 12:22 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2011-09-11 12:22 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-09-11 12:22 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-09-11 12:19 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-09-11 12:19 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-09-11 12:19 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-09-11 12:17 . 2011-09-11 12:17 -------- d-----w- c:\users\Public\Roaming
2011-09-11 12:17 . 2011-09-11 12:17 -------- d-----w- c:\users\Default\Roaming
2011-09-11 12:15 . 2011-09-11 12:15 -------- d-----w- c:\program files\Cisco
2011-09-11 12:15 . 2011-09-11 12:15 -------- d-----w- c:\programdata\Intel
2011-09-11 12:15 . 2011-09-11 12:15 -------- d-----w- c:\program files\Common Files\Intel
2011-09-11 12:13 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-09-11 10:08 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-09-11 10:08 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-09-11 10:08 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2011-09-11 09:35 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-09-11 09:35 . 2009-03-03 04:39 551424 ----a-w- c:\windows\system32\rpcss.dll
2011-09-11 09:35 . 2009-03-03 04:36 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-09-11 09:35 . 2009-03-03 02:16 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-09-11 09:35 . 2009-03-03 04:40 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-09-11 09:35 . 2009-03-03 04:39 183296 ----a-w- c:\windows\system32\sdohlp.dll
2011-09-11 09:35 . 2009-03-03 04:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-09-11 09:35 . 2009-03-03 04:37 98304 ----a-w- c:\windows\system32\iasrecst.dll
2011-09-11 09:35 . 2009-03-03 04:37 54784 ----a-w- c:\windows\system32\iasads.dll
2011-09-11 09:35 . 2009-03-03 04:37 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2011-09-11 09:35 . 2009-03-03 03:04 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-09-11 09:35 . 2009-03-03 02:38 17408 ----a-w- c:\windows\system32\iashost.exe
2011-09-11 09:28 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-09-11 09:28 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2011-09-11 09:28 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-09-11 09:26 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2011-09-11 09:26 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-09-11 09:26 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-11 09:26 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-09-11 09:26 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-11 09:26 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-09-11 09:26 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-09-11 09:26 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-09-11 09:26 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-09-11 09:24 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-09-11 09:24 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-09-11 09:24 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-09-11 09:24 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-09-11 09:24 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-09-11 09:24 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2011-09-11 09:24 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-09-11 09:24 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-09-11 09:24 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-09-11 09:24 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-09-11 09:22 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-09-11 09:22 . 2010-01-21 15:59 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-09-11 09:21 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-09-11 09:21 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-11 09:21 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-09-11 09:19 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-09-11 09:19 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2011-09-11 09:19 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2011-09-11 09:19 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-09-11 09:19 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-09-11 09:19 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-09-11 09:19 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-09-11 09:18 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-09-11 09:17 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-09-11 09:17 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-09-11 09:17 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-09-11 09:17 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-09-11 09:17 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-09-11 09:17 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-09-11 09:17 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-09-11 09:17 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2011-09-11 09:16 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-11 09:16 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-09-11 09:16 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-09-11 09:16 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-09-11 09:16 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-09-11 09:16 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2011-09-11 09:14 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-09-11 09:14 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-09-11 09:13 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-09-11 09:13 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-09-11 09:13 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-09-11 09:13 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-11 07:22 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-09-11 07:22 . 2003-02-21 13:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-11 03:41 . 2008-02-14 21:04 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-03 06:01 . 2011-09-11 03:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-09-11 640888]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-30 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"PLFSet"="c:\windows\PLFSet.dll" [2007-08-08 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-24 133656]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-09-11 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\LivthefLip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_10953016.lnk - c:\users\LivthefLip\AppData\Local\Temp\_uninst_10953016.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-15 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110915.001\IDSvix86.sys [2079-07-19 287792]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 99896]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2079-07-19 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 17408]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-16 3668480]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10953016
*NewlyCreated* - 17330276
*NewlyCreated* - 35620975
*NewlyCreated* - 59306348
*NewlyCreated* - 5942652DRV
*NewlyCreated* - COMHOST
*NewlyCreated* - UTE5NTI4
*Deregistered* - ute5nti4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - LivthefLip.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 17:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/
mStart Page = hxxp://en.ph.acer.yahoo.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.254.1 192.168.254.1
FF - ProfilePath - c:\users\LivthefLip\AppData\Roaming\Mozilla\Firefox\Profiles\yhzzhqm6.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=144b73bf000000000000001f3c3719ce&tlver=1.4.35.10&affID=100474
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 21:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(8840)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2011-09-18 21:26:17
ComboFix-quarantined-files.txt 2011-09-18 13:26
.
Pre-Run: 39,035,834,368 bytes free
Post-Run: 39,025,737,728 bytes free
.
- - End Of File - - 16561F87CB953061AF1997C3266D001E

#13
livtheflip

Posted 18 September 2011 - 07:44 AM

Member

Topic Starter
Member
21 posts

i have to reformat my system?again? will a disk-to-disk recovery do?because thats what i did last time..do i need a full reformat like formatting from a CD?..i did a disktodisk recovery last time because i dont have an OS installer with me but if i need to format from a CD i'll bring my unit to ACER Service center they usually do my the full format,. and the infections seems to be at my external harddisk,so it needs to be formated also?

#14
Render

Posted 18 September 2011 - 07:49 AM

Trusted Helper

Malware Removal
4,195 posts

Wait a moment. Sality is only on H: drive? If yes then format only this drive and then give a fresh OTL log:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#15
livtheflip

Posted 18 September 2011 - 07:26 PM

Member

Topic Starter
Member
21 posts

i think its only in H drive because the message from VRT promted when it scan from the h already...if i format my drive H..how can i save my files? like pictures and music, documents?... i mean can i backup those files first b4 i format?

Edited by livtheflip, 18 September 2011 - 07:28 PM.