Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

alureon.gen u & rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 3rd, 2009, 9:30 pm

Hello Adamskyy :),

I'm afraid an Extras log wasn't produced, I don't think I did anything wrong.
Please read the instructions slowly and carefully, you missed out on the Use SafeList step.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Run OTL with Custom Scans
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Copy and paste the following into the white box under Custom Scans/Fixes:
    Code: Select all
    /md5start
    C:\Windows\system32\DRIVERS\nvstor32.sys
    /md5stop
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please post back:
1. new OTL logs (OTL.txt and Extras.txt)
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 4th, 2009, 9:49 am

Ah sorry, this must be very frustrating for you, I'll be sure to triple read things from now on.

OTL logfile created on: 04/12/2009 13:45:25 - Run 4
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 82.76 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 47.63 Gb Free Space | 63.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2009/11/19 19:30:32 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/19 19:30:31 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/19 19:30:31 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/19 18:53:17 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/28 02:02:42 | 01,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/01 19:44:00 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 01:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/06/12 10:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/03/26 05:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 02:24:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2005/01/29 01:09:42 | 00,876,649 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\bcmwltry.exe
PRC - [2005/01/29 01:09:42 | 00,696,422 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\wltray.exe
PRC - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
MOD - [2008/01/21 02:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0201691259589367mcinstcleanup) McAfee Application Installer Cleanup (0201691259589367)
SRV - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 22:11:32 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/03 05:51:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/24 11:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/03 17:26:12 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/09/28 02:02:42 | 00,016,472 | ---- | M] () -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 22:03:08 | 06,754,712 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/04/06 12:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/12/10 15:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/08 17:57:00 | 07,391,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/01 18:04:16 | 00,012,832 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/30 01:53:12 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 01:53:10 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 01:53:10 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/26 10:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/22 15:18:44 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/30 09:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 09:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/29 05:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 12:02:02 | 00,140,832 | ---- | M] () -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/21 02:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/12 08:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 14:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/12/21 10:14:52 | 00,019,712 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/19 19:30:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 18:53:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 09:54:10 | 00,000,000 | ---D | M]

[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2009/12/03 16:35:29 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions
[2009/11/02 19:03:08 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/14 16:37:40 | 00,002,653 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\searchplugins\kickasstorrents.xml
[2009/12/04 13:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 23:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/11/19 18:53:20 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/19 18:53:20 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/19 18:53:21 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/19 18:53:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wltray.exe] C:\Windows\System32\wltray.exe (BT Voyager Corporation)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 14:29:16 | 00,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/03 15:38:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/03 15:38:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/03 10:30:11 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\SysProt
[2009/12/01 19:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2009/12/01 13:38:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/01 13:38:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/01 13:38:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/01 13:38:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/01 13:37:48 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/01 13:37:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/30 14:30:34 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\Alureon stuff
[2009/11/30 14:02:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\temp
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Pinnacle
[2009/11/28 23:13:49 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\InstantCDDVD
[2009/11/28 23:13:15 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Pinnacle
[2009/11/28 23:06:42 | 00,233,472 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\DiskIO.dll
[2009/11/28 23:06:42 | 00,184,320 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\RALMain.dll
[2009/11/28 23:06:42 | 00,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MMAviAx.dll
[2009/11/28 23:06:41 | 00,126,976 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\AVIPrAx.dll
[2009/11/28 23:06:41 | 00,039,936 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\CacheX.dll
[2009/11/28 23:06:41 | 00,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MLPagAx.dll
[2009/11/28 23:04:03 | 00,171,008 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys
[2009/11/28 23:02:13 | 00,019,712 | ---- | C] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys
[2009/11/28 23:01:17 | 00,930,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltr13n.dll
[2009/11/28 23:01:17 | 00,306,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltrio13n.dll
[2009/11/28 23:01:16 | 02,079,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13s.dll
[2009/11/28 23:01:16 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13n.dll
[2009/11/28 23:01:16 | 01,013,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltwvc13n.dll
[2009/11/28 23:01:16 | 00,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMUIRes.dll
[2009/11/28 23:01:16 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2009/11/28 23:01:16 | 00,409,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13s.DLL
[2009/11/28 23:01:16 | 00,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13n.DLL
[2009/11/28 23:01:16 | 00,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.DLL
[2009/11/28 23:01:16 | 00,110,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd13s.dll
[2009/11/28 23:01:16 | 00,070,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13s.dll
[2009/11/28 23:01:16 | 00,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13s.dll
[2009/11/28 23:01:16 | 00,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13n.dll
[2009/11/28 23:01:16 | 00,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13n.dll
[2009/11/28 23:01:16 | 00,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMLRes.dll
[2009/11/28 23:00:59 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP70.DLL
[2009/11/28 23:00:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ATL70.DLL
[2009/11/28 22:59:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2009/11/28 22:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/11/28 22:59:11 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\InstallShield
[2009/11/28 10:38:13 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/11/28 10:37:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/26 09:59:24 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:27:14 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/24 12:09:13 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Temporary Projects
[2009/11/24 11:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/11/23 21:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/23 21:46:07 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Visual Studio 2008
[2009/11/23 21:45:55 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Help
[2009/11/23 21:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/23 21:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/21 10:46:42 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/21 10:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/11/19 19:30:40 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/19 19:30:38 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:34 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/19 19:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/19 19:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/19 18:40:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/19 17:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/19 16:36:44 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/19 16:35:38 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/18 20:45:38 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 20:29:43 | 00,000,000 | ---D | C] -- C:\Program Files\Quantum
[2009/11/13 13:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/11 13:53:14 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\LogiShrd
[2009/11/11 13:52:41 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/11 13:49:36 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/11/11 13:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi(543).dll
[2009/11/09 22:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\Web Site Change Monitor
[2009/11/06 20:26:40 | 00,000,000 | ---D | C] -- C:\Games
[2009/10/21 17:37:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[2009/01/09 16:51:34 | 00,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2009/12/04 13:47:18 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/04 13:47:17 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll
[2009/12/04 13:45:02 | 02,097,152 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT
[2009/12/04 13:44:35 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/12/04 13:42:29 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/12/04 13:42:27 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/04 13:42:27 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/04 13:42:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/04 13:42:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/04 13:42:00 | 29,512,17152 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/04 13:41:48 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/12/03 22:16:57 | 03,413,196 | -H-- | M] () -- C:\Users\adam\AppData\Local\IconCache.db
[2009/12/03 22:14:47 | 00,000,039 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/12/03 22:12:25 | 00,000,069 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/12/03 14:53:54 | 00,717,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/03 14:53:54 | 00,617,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/03 14:53:54 | 00,113,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/03 10:28:38 | 46,090,958 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/03 10:28:22 | 00,111,793 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/02 21:33:50 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/12/02 21:33:50 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/12/01 13:55:35 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/01 13:36:59 | 03,573,627 | R--- | M] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/28 23:36:54 | 00,036,352 | ---- | M] () -- C:\Users\adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 23:11:00 | 00,079,904 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/11/28 23:09:20 | 00,315,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/25 16:49:05 | 00,001,558 | ---- | M] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 10:36:48 | 00,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:38 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | M] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:16:50 | 00,008,224 | ---- | M] () -- C:\Users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 16:13:49 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:12:38 | 05,505,024 | -HS- | M] () -- C:\Users\adam\ntuser.dat_previous
[2009/11/19 16:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/11 14:04:58 | 00,134,158 | ---- | M] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:59 | 00,035,840 | ---- | M] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/11/07 11:56:21 | 00,000,671 | ---- | M] () -- C:\Users\adam\AppData\Roaming\vso_ts_preview.xml

========== Files Created - No Company Name ==========

[2009/12/03 12:46:03 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/03 10:46:02 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll
[2009/12/01 13:38:01 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/01 13:38:01 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/01 13:38:01 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/01 13:38:01 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/01 13:38:01 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/01 13:36:47 | 03,573,627 | R--- | C] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/30 14:10:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/11/28 23:01:16 | 00,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2009/11/28 23:01:16 | 00,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2009/11/28 23:01:16 | 00,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2009/11/28 23:01:16 | 00,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2009/11/28 23:01:16 | 00,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2009/11/28 23:00:41 | 00,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/11/25 16:49:05 | 00,001,558 | ---- | C] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 11:42:52 | 00,000,069 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/11/21 11:42:48 | 00,000,039 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/11/21 10:36:48 | 00,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:33 | 46,090,958 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/19 19:30:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 19:30:33 | 00,111,793 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | C] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:27:42 | 29,512,17152 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:13:49 | 00,065,536 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/11/11 14:04:57 | 00,134,158 | ---- | C] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:58 | 00,035,840 | ---- | C] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/10/21 17:39:41 | 00,000,671 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\vso_ts_preview.xml
[2009/10/21 17:38:57 | 00,000,034 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2009/10/21 17:37:49 | 00,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2009/10/21 17:37:49 | 00,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2009/10/20 17:21:59 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/03 18:55:05 | 00,036,352 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:20:37 | 00,003,126 | ---- | C] () -- C:\Windows\System32\bcmwlhom.ini
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/09 18:29:31 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/09 18:19:34 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/09 16:50:50 | 00,140,832 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 08:23:13 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 08:23:13 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

========== LOP Check ==========

[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Acer GameZone Console
[2009/10/20 17:14:13 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broad Intelligence
[2009/10/17 15:55:47 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Call Graph
[2009/11/21 10:58:15 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/11 13:52:41 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/17 16:13:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pamela
[2009/10/08 15:00:34 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Publish Providers
[2009/10/11 21:20:40 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Screaming Bee
[2009/10/17 15:50:02 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sedna Wireless
[2009/10/08 15:00:17 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sony
[2009/11/07 11:56:22 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/12/02 21:33:45 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< End of report >
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 4th, 2009, 9:50 am

OTL Extras logfile created on: 04/12/2009 13:45:25 - Run 4
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.48% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 82.76 Gb Free Space | 59.48% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 47.63 Gb Free Space | 63.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3BD8997-9D18-47E1-B6E2-068FE3EC5FC4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E62DAF2C-8598-46FD-B8B3-0E83DAC84894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0C78D2-7ADC-4984-A9D1-D6D05618A9CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0ECF67CA-E2E5-4227-98AD-7E5041870380}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{260D36EC-BFF1-417F-9F69-1E6233A337DC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3D1738B4-81E6-4FB4-8C9D-9740D05FA8D0}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{48DFC21C-4822-455F-97A8-03312C781709}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{494F9213-68CC-4502-8D77-185E9101379D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C2D7F88-7D92-4C74-8B1E-A37C69711D24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E241A9-08C5-4929-9D72-43998DB0451D}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{688EAAA3-7F09-4B07-9977-1E2E354D1512}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{6E1904C6-84DD-417F-961C-7A94BA1C5F39}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6F22ED40-E2E5-4CAF-B284-875028F9F1DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70B33D1B-9842-4640-B548-950033B3FD13}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7158EF49-5F3C-41A3-87D4-63E4C4F5A8BF}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{7A20E3DB-4149-4A97-BD3C-2CFE96486C21}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{923651EF-EE7F-4C09-9D8C-D9C046AD4612}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BFA568F-2824-4031-8F3C-D3E945B57705}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{A4BD36C2-436E-474B-8E87-8A1F363023DF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{B250137B-2D02-4FCF-8266-0E5F1FC90925}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C6486727-4A0B-4C6E-8EB0-05C866EF9711}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{D148ABC9-1C87-4671-BD22-3F58D9C9FE9B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D3A3ED19-0A51-4A92-97CA-1BE615F009B7}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D87F7A91-FEE4-47C9-B303-19FB93F39F1F}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D9CD915F-5525-4EF1-A01E-BC0B526620D6}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{DB018657-922E-4F1B-92EC-07C71CDDD84A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DED6288D-8A0A-4C72-A187-D2E2C5C8B043}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{80ABB5DF-3510-46E5-9E4B-E08E063D558B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{900357B6-1ED4-486C-9AAC-E8E1B2F1245F}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0a
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acez Mp3 Wav Converter v3.0_is1" = Acez Mp3 Wav Converter v3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Call Graph" = Call Graph
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"LastFM_is1" = Last.fm 1.5.4.24567
"MediaCoder" = MediaCoder 0.7.2.4526
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Pamela" = Pamela Standard 4.6
"Pool Sharks" = Pool Sharks 2.1
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SwiftKit" = SwiftKit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/11/2009 07:41:30 | Computer Name = Adam | Source = Application Error | ID = 1000
Description = Faulting application Starter.exe, version 1.0.0.1, time stamp 0x4aedaeb3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000096, fault offset 0x07372a3b, process id 0x1344, application start time 0x01ca6843efb51721.

Error - 18/11/2009 10:23:31 | Computer Name = Adam | Source = Application Error | ID = 1000
Description = Faulting application Starter.exe, version 1.0.0.1, time stamp 0x4aedaeb3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000096, fault offset 0x0e9a2a3b, process id 0x510, application start time 0x01ca685aa6534401.

Error - 18/11/2009 11:54:54 | Computer Name = Adam | Source = Application Error | ID = 1000
Description = Faulting application Starter.exe, version 1.0.0.1, time stamp 0x4aedaeb3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000096, fault offset 0x0dc42a3b, process id 0xc9c, application start time 0x01ca6867674bc901.

Error - 18/11/2009 11:56:40 | Computer Name = Adam | Source = Application Error | ID = 1000
Description = Faulting application Starter.exe, version 1.0.0.1, time stamp 0x4aedaeb3,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000096, fault offset 0x10af2a3b, process id 0x41c, application start time 0x01ca6867a435f661.

Error - 18/11/2009 16:30:22 | Computer Name = Adam | Source = VSS | ID = 8194
Description =

Error - 18/11/2009 16:39:21 | Computer Name = Adam | Source = Application Hang | ID = 1002
Description = The program pol.exe version 1.18.12.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17bc Start Time: 01ca688f26769ea1 Termination Time: 345

Error - 18/11/2009 16:58:40 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

Error - 18/11/2009 17:08:28 | Computer Name = Adam | Source = VSS | ID = 8194
Description =

Error - 18/11/2009 17:18:25 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

Error - 19/11/2009 04:03:48 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 01/11/2009 07:03:17 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5564.1128)

Error - 01/11/2009 07:03:17 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5564.1129)

Error - 19/11/2009 04:59:38 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4796.1128)

Error - 19/11/2009 04:59:38 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4796.1129)

Error - 19/11/2009 04:59:44 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4796.1128)

Error - 19/11/2009 04:59:44 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4796.1129)

Error - 19/11/2009 05:59:57 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5408.1128)

Error - 19/11/2009 05:59:57 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5408.1129)

Error - 19/11/2009 06:00:03 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5408.1128)

Error - 19/11/2009 06:00:03 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5408.1129)

[ System Events ]
Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:13:32 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 31/10/2009 17:54:10 | Computer Name = Adam | Source = HTTP | ID = 15016
Description =

Error - 31/10/2009 17:56:28 | Computer Name = Adam | Source = DCOM | ID = 10010
Description =

Error - 01/11/2009 06:52:56 | Computer Name = Adam | Source = HTTP | ID = 15016
Description =


< End of report >
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 4th, 2009, 12:21 pm

Hello Adamskyy :),

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1
Link 2


  • Double click on SystemLook.exe to run it.
  • Copy and paste the following text into the main textfield:
    Code: Select all
    :filefind 
    nvstor32.sys
  • Click the Look button to start the scan. This might take a while.
  • When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your desktop as SystemLook.txt.

Please post back:
1. the SystemLook log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 4th, 2009, 12:34 pm

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:34 on 04/12/2009 by adam (Administrator - Elevation successful)

========== filefind ==========

Searching for "nvstor32.sys"
C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sataraid\nvstor32.sys --a--- 140832 bytes [16:50 09/01/2009] [12:02 25/01/2008] 7DF63192BCF9C20EC2F7492E7F7544F9
C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP78PV\IDE\WinVista\sata_ide\nvstor32.sys --a--- 140832 bytes [16:50 09/01/2009] [12:02 25/01/2008] FA7B8ECA6E845B244B7E30A9DCD82C6C
C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1d63ff55\nvstor32.sys --a--- 140832 bytes [16:50 09/01/2009] [12:02 25/01/2008] FA7B8ECA6E845B244B7E30A9DCD82C6C
C:\Windows\System32\drivers\nvstor32.sys --a--- 140832 bytes [16:50 09/01/2009] [12:02 25/01/2008] FA7B8ECA6E845B244B7E30A9DCD82C6C

-=End Of File=-
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 5th, 2009, 9:31 am

Hello Adamskyy :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Duplicate with batch
  • Open Notepad. Copy and paste the following text into it:
    Code: Select all
    @echo off
    copy C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1d63ff55\nvstor32.sys c:\
    exit
  • Save it as copy.bat on the desktop. Make sure the Save as type: is All Files (*.*).
  • Double click on copy.bat to run it. Allow if prompted by any security software.

Please download The Avenger 2© by Swandog46 and save it to your desktop. Click here.

The Avenger must be run from an account with Administrator priviledges.

Run The Avenger 2 script
  • Unzip the program to a folder on the desktop. Go into the folder and double click on avenger.exe to launch it.
  • You will be prompted, click OK to continue after reading the warning and disclaimer.
  • Copy and paste the following text into the white text box under Input script here::
    Code: Select all
    Files to move:
    C:\nvstor32.sys | C:\Windows\System32\drivers\nvstor32.sys
    
    Files to delete:
    C:\Windows\System32\tdlclk.dll
    C:\Windows\System32\tdlcmd.dll
    C:\Windows\System32\drivers\lvuvc.hs
    
  • Ensure the following:
    • Scan for rootkits is checked.
    • Automatically disable any rootkits found is unchecked (unticked).
  • Press the Execute key. You will be asked if you want to execute the script, click Yes to proceed.
  • The Avenger will now process the script. This may involve more than one reboots, please continue by clicking Yes if prompted.
  • When finished it will produce a log file. Please post the contents of that log back here. It can also be found at C:\avenger.txt

Warning: The above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please post back:
1. The Avenger log
2. any more redirects? If yes, please explain in detail.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 5th, 2009, 10:42 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\nvstor32.sys|C:\Windows\System32\drivers\nvstor32.sys" completed successfully.
File "C:\Windows\System32\tdlclk.dll" deleted successfully.
File "C:\Windows\System32\tdlcmd.dll" deleted successfully.
File "C:\Windows\System32\drivers\lvuvc.hs" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Also after the reboot I recieved this dialogue box:
Image

I've noticed no redirects as of now, I will inform you if I do experience any. However, the files are still there.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 5th, 2009, 10:02 pm

Hello Adamskyy :),

Good work with the Avenger steps. The error message is related to your drive letters. You can try changing the drive letters to see if the message will go away. Have a look here for further enlightenment on the matter.

We need to disable Windows Defender real-time protection temporarily as it will interfere with the fix.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck Use real-time protection (recommended) box. Scroll down if you do not see it.
  • Click on the Save button at the bottom right hand corner and close the window.
Remember to enable it after the fix.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    Code: Select all
    C:\Users\adam\Desktop\AdamskyyCF.exe.exe /killall
  • Click OK and ComboFix will execute. It may reboot your system when it finishes. This is normal.
  • Follow the prompts and post back the ComboFix log when done, located at C:\ComboFix.txt.
  • If you lose Internet connection after running ComboFix, unplug the cable you use to connect to the Internet and plug it back in.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

Do not mouse click on ComboFix while it is running. That may cause it to stall.

Please post back:
1. the ComboFix log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 6th, 2009, 6:28 am

ComboFix 09-11-30.05 - adam 06/12/2009 10:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.2010 [GMT 0:00]
Running from: c:\users\adam\Desktop\AdamskyyCF.exe.exe
Command switches used :: /killall
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tdlclk.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 10:21 . 2009-12-06 10:22 4096 d-----w- c:\users\adam\AppData\Local\temp
2009-12-06 10:21 . 2009-12-06 10:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-06 10:21 . 2009-12-06 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-05 11:07 . 2009-12-05 11:07 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2009-12-03 15:38 . 2009-10-11 04:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-01 19:47 . 2009-12-06 10:14 4096 d-----w- c:\program files\PeerBlock
2009-11-30 14:02 . 2009-11-30 14:02 -------- d-----w- C:\_OTL
2009-11-28 23:14 . 2009-11-28 23:14 -------- d-----w- C:\temp
2009-11-28 23:13 . 2009-11-28 23:13 -------- d-----w- c:\users\adam\AppData\Local\Pinnacle
2009-11-28 23:06 . 2006-04-11 16:03 233472 ------w- c:\windows\system32\DiskIO.dll
2009-11-28 23:06 . 2006-04-11 16:03 184320 ------w- c:\windows\system32\RALMain.dll
2009-11-28 23:06 . 2001-12-11 23:21 73728 ------w- c:\windows\system32\MMAviAx.dll
2009-11-28 23:06 . 2006-07-06 14:32 39936 ------w- c:\windows\system32\CacheX.dll
2009-11-28 23:06 . 2005-12-12 16:57 32768 ------w- c:\windows\system32\MLPagAx.dll
2009-11-28 23:06 . 2004-01-02 13:28 126976 ------w- c:\windows\system32\AVIPrAx.dll
2009-11-28 23:04 . 2005-06-02 19:28 171008 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-11-28 23:02 . 2005-12-21 10:14 19712 ----a-w- c:\windows\system32\drivers\emAudio.sys
2009-11-28 23:00 . 2002-01-05 13:40 487424 ------w- c:\windows\system32\MSVCP70.DLL
2009-11-28 23:00 . 2002-01-05 12:18 84992 ------w- c:\windows\system32\ATL70.DLL
2009-11-28 22:59 . 2009-11-28 23:01 -------- d-----w- c:\programdata\Pinnacle
2009-11-28 22:59 . 2009-11-28 23:00 -------- d-----w- c:\program files\Pinnacle
2009-11-28 22:59 . 2009-11-28 22:59 -------- d-----w- c:\users\adam\AppData\Roaming\InstallShield
2009-11-28 10:38 . 2009-11-28 10:38 -------- d-----w- C:\MGADiagToolOutput
2009-11-28 10:37 . 2009-11-28 10:37 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-11-26 09:59 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 11:27 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 11:27 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 12:09 . 2009-11-24 12:09 -------- d-----w- c:\users\adam\AppData\Local\Temporary Projects
2009-11-24 11:49 . 2009-11-24 11:49 -------- d-----w- c:\program files\Windows Resource Kits
2009-11-23 21:47 . 2009-11-23 21:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-23 21:46 . 2009-11-23 21:46 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-11-23 21:46 . 2009-11-23 21:46 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-11-23 21:45 . 2009-11-23 21:45 -------- d-----w- c:\users\adam\AppData\Local\Microsoft Help
2009-11-23 21:43 . 2009-11-23 21:47 4096 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-23 21:43 . 2009-11-23 21:43 -------- d-----w- c:\program files\Microsoft SDKs
2009-11-21 11:42 . 2009-12-05 21:57 69 ----a-w- c:\users\adam\jagex_runescape_preferences2.dat
2009-11-21 11:42 . 2009-12-05 21:57 39 ----a-w- c:\users\adam\jagex_runescape_preferences.dat
2009-11-21 10:46 . 2009-11-21 10:58 -------- d-----w- c:\users\adam\AppData\Roaming\ImgBurn
2009-11-21 10:36 . 2009-11-21 10:36 4096 d-----w- c:\program files\ImgBurn
2009-11-20 13:43 . 2009-11-19 19:30 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-20 13:43 . 2009-11-19 19:30 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-20 13:41 . 2009-11-19 19:30 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-11-20 13:41 . 2009-11-19 19:30 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-19 19:30 . 2009-11-19 19:35 -------- d-----w- C:\$AVG
2009-11-19 19:30 . 2009-11-19 19:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 19:30 . 2009-11-19 19:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-19 19:30 . 2009-11-19 19:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 19:30 . 2009-11-19 19:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-19 19:30 . 2009-12-06 10:14 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-19 19:30 . 2009-11-19 19:30 -------- d-----w- c:\program files\AVG
2009-11-19 19:30 . 2009-12-02 12:30 4096 d-----w- c:\programdata\avg9
2009-11-19 18:40 . 2009-11-19 18:40 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-19 17:58 . 2009-11-19 17:58 -------- d-----w- c:\program files\Trend Micro
2009-11-19 16:36 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-19 16:35 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-18 21:06 . 2009-11-18 21:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-18 21:06 . 2009-11-18 21:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\users\adam\AppData\Roaming\Malwarebytes
2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 20:29 . 2009-11-15 20:29 -------- d-----w- c:\program files\Quantum
2009-11-13 13:33 . 2009-11-13 13:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-11 13:53 . 2009-11-11 13:53 -------- d-----w- c:\users\adam\AppData\Local\LogiShrd
2009-11-11 13:52 . 2009-11-11 13:52 -------- d-----w- c:\users\adam\AppData\Roaming\Leadertech
2009-11-11 13:49 . 2009-11-12 14:50 -------- d-----w- c:\programdata\LogiShrd
2009-11-11 13:49 . 2009-11-11 13:52 -------- d-----w- c:\program files\Logitech
2009-11-11 11:28 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 11:28 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi(543).dll
2009-11-09 22:03 . 2009-11-09 22:04 -------- d-----w- c:\program files\Web Site Change Monitor
2009-11-06 20:26 . 2009-11-25 16:49 -------- d-----w- C:\Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 10:24 . 2009-10-08 13:28 4096 d-----w- c:\users\adam\AppData\Roaming\Skype
2009-12-06 10:22 . 2009-11-30 14:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-06 10:06 . 2009-10-08 13:30 4096 d-----w- c:\users\adam\AppData\Roaming\skypePM
2009-12-03 16:11 . 2009-10-25 12:07 12288 d-----w- c:\program files\SwiftKit
2009-12-03 15:38 . 2009-10-06 13:41 -------- d-----w- c:\program files\Java
2009-12-02 12:11 . 2009-10-03 17:43 4096 d-----w- c:\users\adam\AppData\Roaming\mIRC
2009-12-02 11:55 . 2009-10-03 17:43 4096 d-----w- c:\program files\mIRC
2009-11-29 11:46 . 2009-10-12 14:19 4096 d-----w- c:\users\adam\AppData\Roaming\vlc
2009-11-28 23:11 . 2009-10-05 16:13 79904 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-28 23:00 . 2009-01-09 18:12 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 11:30 . 2009-10-06 12:21 784120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-23 21:47 . 2009-10-08 14:40 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-23 21:47 . 2009-01-09 18:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-23 21:47 . 2009-01-09 18:30 12288 d-----w- c:\programdata\Microsoft Help
2009-11-20 21:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-20 14:43 . 2009-01-09 19:00 4096 d-----w- c:\program files\Acer GameZone
2009-11-20 13:45 . 2009-10-11 21:13 -------- d-----w- c:\program files\freebird
2009-11-19 18:48 . 2009-01-09 18:38 4096 d-----w- c:\program files\McAfee
2009-11-19 18:48 . 2009-01-09 18:37 4096 d-----w- c:\programdata\McAfee
2009-11-19 16:16 . 2009-10-03 15:31 8224 ----a-w- c:\users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 16:11 . 2009-01-09 18:32 32768 d-----w- c:\program files\Microsoft Works
2009-11-19 16:11 . 2009-10-03 19:26 4096 d-----w- c:\program files\Common Files\logishrd
2009-11-17 16:13 . 2009-10-17 16:10 -------- d-----w- c:\users\adam\AppData\Roaming\Pamela
2009-11-07 11:56 . 2009-10-21 17:37 4096 d-----w- c:\users\adam\AppData\Roaming\Vso
2009-11-02 16:28 . 2009-11-02 16:28 -------- d-----w- c:\program files\CCleaner
2009-11-02 13:43 . 2009-01-09 18:45 4096 d-----w- c:\program files\Google
2009-11-01 12:03 . 2009-11-01 12:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-11-01 11:04 . 2009-10-11 10:23 -------- d-----w- c:\program files\Yahoo!
2009-11-01 11:02 . 2009-10-17 16:02 4096 d-----w- c:\program files\HotRecorder
2009-11-01 11:00 . 2009-10-20 17:21 4096 d-----w- c:\program files\Free DVD Creator
2009-11-01 11:00 . 2009-10-13 13:06 4096 d-----w- c:\program files\Freecorder
2009-10-25 12:07 . 2009-10-25 12:07 -------- d-----w- c:\programdata\SwiftKit
2009-10-23 14:08 . 2009-10-23 14:08 4096 d-----w- c:\program files\DivX
2009-10-23 14:08 . 2009-10-23 14:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-22 12:03 . 2009-10-21 18:24 4096 d-----w- c:\programdata\vsosdk
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\users\adam\AppData\Roaming\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\users\adam\AppData\Roaming\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 -------- d-----w- c:\program files\VSO
2009-10-20 17:37 . 2009-10-20 17:21 8192 d-----w- c:\program files\ffdshow
2009-10-20 17:14 . 2009-10-20 17:14 -------- d-----w- c:\users\adam\AppData\Roaming\Broad Intelligence
2009-10-20 17:14 . 2009-10-20 17:13 4096 d-----w- c:\program files\MediaCoder
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-17 16:10 . 2009-10-17 16:10 4096 d-----w- c:\program files\Pamela
2009-10-17 16:10 . 2009-10-17 16:10 155136 ----a-w- c:\windows\system32\RemoteControl.dll
2009-10-17 15:57 . 2009-10-13 13:06 737280 ----a-w- c:\windows\iun6002.exe
2009-10-17 15:55 . 2009-10-17 15:48 4096 d-----w- c:\users\adam\AppData\Roaming\Call Graph
2009-10-17 15:50 . 2009-10-17 15:50 -------- d-----w- c:\users\adam\AppData\Roaming\Sedna Wireless
2009-10-17 15:48 . 2009-10-17 15:48 4096 d-----w- c:\program files\Call Graph
2009-10-14 21:29 . 2009-10-14 21:24 4096 d-----w- c:\program files\Acez Mp3 Wav Converter
2009-10-14 21:03 . 2009-10-14 21:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-12 14:18 . 2009-10-12 14:18 -------- d-----w- c:\program files\VideoLAN
2009-10-11 21:20 . 2009-10-11 21:20 -------- d-----w- c:\users\adam\AppData\Roaming\Screaming Bee
2009-10-08 15:00 . 2009-10-08 15:00 -------- d-----w- c:\users\adam\AppData\Roaming\Publish Providers
2009-10-08 15:00 . 2009-10-08 14:39 -------- d-----w- c:\users\adam\AppData\Roaming\Sony
2009-10-08 14:39 . 2009-10-08 14:38 -------- d-----w- c:\programdata\Sony
2009-10-08 14:38 . 2009-10-08 14:38 -------- d-----w- c:\program files\Vstplugins
2009-10-08 14:37 . 2009-10-08 14:37 -------- d-----w- c:\program files\Sony
2009-10-08 14:35 . 2009-10-08 14:35 -------- d-----w- c:\program files\Sony Setup
2009-10-08 13:30 . 2009-10-08 13:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-08 13:28 . 2009-10-08 13:27 -------- d-----r- c:\program files\Skype
2009-10-08 13:27 . 2009-10-08 13:27 -------- d-----w- c:\program files\Common Files\Skype
2009-10-08 13:27 . 2009-10-08 13:21 -------- d-----w- c:\programdata\Skype
2009-10-06 12:21 . 2009-10-06 12:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-10-03 21:03 . 2009-10-03 21:02 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2009-10-03 21:03 . 2009-10-03 21:03 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2009-10-03 21:02 . 2009-10-03 21:02 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2009-10-03 19:02 . 2009-10-03 19:02 4096 ----a-w- c:\windows\d3dx.dat
2009-10-03 17:26 . 2009-10-03 17:26 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-03 16:23 . 2009-10-03 16:23 0 ----a-w- c:\windows\nsreg.dat
2009-09-21 16:09 . 2009-09-21 16:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 09:22 . 2009-01-09 18:40 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-01-09 18:40 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-01-09 18:40 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-01-09 18:40 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-01-09 18:40 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:44 . 2009-10-16 13:16 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 20:45 . 2009-10-28 09:38 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-10 20:45 . 2009-10-28 09:38 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-10 17:30 . 2009-10-16 13:17 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:24 . 2009-10-28 09:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-10-28 09:38 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-01_13.55.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-12-06 10:24 58448 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-06 10:24 85510 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-03 23:22 . 2009-12-01 11:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 23:22 . 2009-12-06 10:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 23:22 . 2009-12-06 10:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-03 23:22 . 2009-12-01 11:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-03 23:22 . 2009-12-06 10:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-03 23:22 . 2009-12-01 11:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-27 15:39 . 2009-12-06 10:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 15:39 . 2009-12-06 10:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 15:39 . 2009-12-06 10:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 13:39 . 2009-12-06 10:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 13:39 . 2009-12-06 10:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 13:39 . 2009-12-06 10:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-25 12:10 . 2009-12-01 11:59 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-10-25 12:10 . 2009-12-05 21:56 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-10-25 12:10 . 2009-12-05 21:56 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-10-25 12:10 . 2009-12-01 11:59 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-10-03 15:30 . 2009-12-06 10:24 8808 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-887134994-1243305392-2542070696-1000_UserData.bin
- 2009-12-01 11:43 . 2009-12-01 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-06 10:22 . 2009-12-06 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-01 11:43 . 2009-12-01 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-06 10:22 . 2009-12-06 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-12-06 10:10 617772 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-01 11:48 617772 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-01 11:48 113132 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-06 10:10 113132 c:\windows\System32\perfc009.dat
+ 2009-12-03 15:38 . 2009-10-11 04:17 149280 c:\windows\System32\javaws.exe
+ 2009-12-03 15:38 . 2009-10-11 04:17 145184 c:\windows\System32\javaw.exe
+ 2009-12-03 15:38 . 2009-10-11 04:17 145184 c:\windows\System32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13584928]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-19 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/11/2009 19:30 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [19/11/2009 19:30 360584]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [09/01/2009 18:54 269448]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [19/11/2009 19:30 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/11/2009 19:30 285392]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [09/01/2009 18:29 24576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 22:11 144632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/01/2009 16:50 43552]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [01/12/2009 19:47 16472]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [11/10/2009 21:02 17792]
S2 0201691259589367mcinstcleanup;McAfee Application Installer Cleanup (0201691259589367);c:\users\adam\AppData\Local\Temp\020169~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\adam\AppData\Local\Temp\020169~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 22:11 50424]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 10:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\adam\AppData\Roaming\Microsoft\Windows\Cookies\adam@msn[3].txt 394 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5148)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-12-06 10:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 10:27
ComboFix2.txt 2009-12-01 13:59

Pre-Run: 88,600,170,496 bytes free
Post-Run: 88,558,227,456 bytes free

- - End Of File - - A139F4CAB710C312776B1F4A87804943
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 6th, 2009, 10:19 am

Hello Adamskyy :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

Run MBAM
  • Double click on mbam-setup.exe and follow the prompts to install the program.
  • At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
  • Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • Click Finish and close the window.
  • Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
  • Post the contents of log.txt in your reply.

Please post back:
1. the MBAM log
2. ESET online scan result
3. how are things now?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 6th, 2009, 3:35 pm

Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

06/12/2009 19:21:28
mbam-log-2009-12-06 (19-21-28).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 293487
Time elapsed: 50 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\tdlclk.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\tdlcmd.dll.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11302009_140219\C_Windows\System32\tdlclk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11302009_140219\C_Windows\System32\tdlcmd.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\11302009_140740\C_Windows\System32\tdlclk.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


Starting ESET now.

Would you know why this pops up when I load Malwarebytes up?
Image
Last edited by Adamskyy on December 7th, 2009, 9:41 am, edited 1 time in total.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 6th, 2009, 4:48 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a2e54bf848d26c44a608724c9231f1fc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-06 08:45:12
# local_time=2009-12-06 08:45:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 1478535 1478535 0 0
# compatibility_mode=1024 16777215 100 0 1473033 1473033 0 0
# compatibility_mode=5892 16776574 100 100 36232 97661178 0 0
# compatibility_mode=8192 67108863 100 0 3848 3848 0 0
# scanned=179616
# found=3
# cleaned=0
# scan_time=3862
C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\11302009_140219\C_Windows\System32\qtplugin.exe a variant of Win32/Kryptik.BFK trojan 00000000000000000000000000000000 I
D:\Movies\District 9 (2009)\District 9 (2009).avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I

I have noticed no redirects.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 6th, 2009, 8:02 pm

Hello Adamskyy :),

Your MBAM log is not complete. Please post all the contents.

Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 7th, 2009, 7:55 am

Oops, sorry, I'll attach the rest when I come home.

Edited the rest into the post now, sorry for that.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 7th, 2009, 9:13 pm

Hello Adamskyy :),

Please update your Adobe Reader to the latest.
  • Open Adobe Reader.
  • Go to Help on the pull down menu, then select Check for Updates....
  • Continue accordingly and close it when done.

We need to disable Windows Defender real-time protection temporarily as it will interfere with the fix.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck Use real-time protection (recommended) box. Scroll down if you do not see it.
  • Click on the Save button at the bottom right hand corner and close the window.
Remember to enable it after the fix.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

Run ComboFix script
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Open Notepad. Copy and paste the following text into it:
    Code: Select all
    File::
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf
    D:\Movies\District 9 (2009)\District 9 (2009).avi

  • Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

    Image
  • Referring to the screenshot above, drag CFScript.txt into AdamskyyCF.exe.exe
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
  • If you lose Internet connection after running ComboFix, unplug the cable you use to connect to the Internet and plug it back in.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

Do not mouse click on ComboFix while it is running. That may cause it to stall.

Please post back:
1. the ComboFix log
2. new OTL logs
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware