Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

alureon.gen u & rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 8th, 2009, 11:56 am

ComboFix 09-11-30.05 - adam 08/12/2009 15:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1649 [GMT 0:00]
Running from: c:\users\adam\Desktop\AdamskyyCF.exe.exe
Command switches used :: c:\users\adam\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf"
"d:\movies\District 9 (2009)\District 9 (2009).avi"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf
d:\movies\District 9 (2009)\District 9 (2009).avi

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-05 11:07 . 2009-12-05 11:07 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-3\SpotlightResources.dll
2009-12-03 15:38 . 2009-10-11 04:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-01 19:47 . 2009-12-08 15:38 4096 d-----w- c:\program files\PeerBlock
2009-11-30 14:02 . 2009-11-30 14:02 -------- d-----w- C:\_OTL
2009-11-28 23:14 . 2009-11-28 23:14 -------- d-----w- C:\temp
2009-11-28 23:13 . 2009-11-28 23:13 -------- d-----w- c:\users\adam\AppData\Local\Pinnacle
2009-11-28 23:06 . 2006-04-11 16:03 233472 ------w- c:\windows\system32\DiskIO.dll
2009-11-28 23:06 . 2006-04-11 16:03 184320 ------w- c:\windows\system32\RALMain.dll
2009-11-28 23:06 . 2001-12-11 23:21 73728 ------w- c:\windows\system32\MMAviAx.dll
2009-11-28 23:06 . 2006-07-06 14:32 39936 ------w- c:\windows\system32\CacheX.dll
2009-11-28 23:06 . 2005-12-12 16:57 32768 ------w- c:\windows\system32\MLPagAx.dll
2009-11-28 23:06 . 2004-01-02 13:28 126976 ------w- c:\windows\system32\AVIPrAx.dll
2009-11-28 23:04 . 2005-06-02 19:28 171008 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-11-28 23:02 . 2005-12-21 10:14 19712 ----a-w- c:\windows\system32\drivers\emAudio.sys
2009-11-28 23:00 . 2002-01-05 13:40 487424 ------w- c:\windows\system32\MSVCP70.DLL
2009-11-28 23:00 . 2002-01-05 12:18 84992 ------w- c:\windows\system32\ATL70.DLL
2009-11-28 22:59 . 2009-11-28 23:01 -------- d-----w- c:\programdata\Pinnacle
2009-11-28 22:59 . 2009-11-28 23:00 -------- d-----w- c:\program files\Pinnacle
2009-11-28 22:59 . 2009-11-28 22:59 -------- d-----w- c:\users\adam\AppData\Roaming\InstallShield
2009-11-28 10:38 . 2009-11-28 10:38 4096 d-----w- C:\MGADiagToolOutput
2009-11-28 10:37 . 2009-11-28 10:37 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-11-26 09:59 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 11:27 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 11:27 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 12:09 . 2009-11-24 12:09 -------- d-----w- c:\users\adam\AppData\Local\Temporary Projects
2009-11-24 11:49 . 2009-11-24 11:49 -------- d-----w- c:\program files\Windows Resource Kits
2009-11-23 21:47 . 2009-11-23 21:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-11-23 21:46 . 2009-11-23 21:46 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-11-23 21:46 . 2009-11-23 21:46 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-11-23 21:45 . 2009-11-23 21:45 -------- d-----w- c:\users\adam\AppData\Local\Microsoft Help
2009-11-23 21:43 . 2009-11-23 21:47 4096 d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-11-23 21:43 . 2009-11-23 21:43 -------- d-----w- c:\program files\Microsoft SDKs
2009-11-21 11:42 . 2009-12-07 21:28 69 ----a-w- c:\users\adam\jagex_runescape_preferences2.dat
2009-11-21 11:42 . 2009-12-07 21:28 39 ----a-w- c:\users\adam\jagex_runescape_preferences.dat
2009-11-21 10:46 . 2009-11-21 10:58 -------- d-----w- c:\users\adam\AppData\Roaming\ImgBurn
2009-11-21 10:36 . 2009-11-21 10:36 4096 d-----w- c:\program files\ImgBurn
2009-11-20 13:43 . 2009-11-19 19:30 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-20 13:43 . 2009-11-19 19:30 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-20 13:41 . 2009-11-19 19:30 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-11-20 13:41 . 2009-11-19 19:30 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-19 19:30 . 2009-11-19 19:35 -------- d-----w- C:\$AVG
2009-11-19 19:30 . 2009-11-19 19:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 19:30 . 2009-11-19 19:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-19 19:30 . 2009-11-19 19:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 19:30 . 2009-11-19 19:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-19 19:30 . 2009-12-08 15:19 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-19 19:30 . 2009-11-19 19:30 -------- d-----w- c:\program files\AVG
2009-11-19 19:30 . 2009-12-02 12:30 4096 d-----w- c:\programdata\avg9
2009-11-19 18:40 . 2009-11-19 18:40 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-19 17:58 . 2009-11-19 17:58 -------- d-----w- c:\program files\Trend Micro
2009-11-19 16:36 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-19 16:35 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-18 21:06 . 2009-11-18 21:16 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-18 21:06 . 2009-11-18 21:06 4096 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\users\adam\AppData\Roaming\Malwarebytes
2009-11-18 20:45 . 2009-12-06 18:24 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 20:29 . 2009-11-15 20:29 -------- d-----w- c:\program files\Quantum
2009-11-13 13:33 . 2009-11-13 13:33 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-11 13:53 . 2009-11-11 13:53 -------- d-----w- c:\users\adam\AppData\Local\LogiShrd
2009-11-11 13:52 . 2009-11-11 13:52 -------- d-----w- c:\users\adam\AppData\Roaming\Leadertech
2009-11-11 13:49 . 2009-11-12 14:50 -------- d-----w- c:\programdata\LogiShrd
2009-11-11 13:49 . 2009-11-11 13:52 -------- d-----w- c:\program files\Logitech
2009-11-11 11:28 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 11:28 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi(543).dll
2009-11-09 22:03 . 2009-11-09 22:04 4096 d-----w- c:\program files\Web Site Change Monitor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 15:38 . 2009-10-08 13:28 4096 d-----w- c:\users\adam\AppData\Roaming\Skype
2009-12-08 15:20 . 2009-01-09 18:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-08 15:14 . 2009-10-08 13:30 4096 d-----w- c:\users\adam\AppData\Roaming\skypePM
2009-12-08 15:13 . 2009-11-30 14:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-07 21:58 . 2009-10-03 17:43 4096 d-----w- c:\users\adam\AppData\Roaming\mIRC
2009-12-07 21:28 . 2009-10-25 12:07 12288 d-----w- c:\program files\SwiftKit
2009-12-07 19:18 . 2009-10-03 17:43 4096 d-----w- c:\program files\mIRC
2009-12-07 19:08 . 2009-12-07 19:08 495104 ----a-w- c:\windows\system32\sqlite3.dll
2009-12-07 18:36 . 2009-12-07 18:02 -------- d-----w- c:\users\adam\AppData\Roaming\Rainmeter
2009-12-07 18:26 . 2009-12-07 18:01 4096 d-----w- c:\program files\Rainmeter
2009-12-07 17:53 . 2009-12-06 13:56 4096 d-----w- c:\program files\RocketDock
2009-12-06 21:16 . 2009-10-12 14:19 4096 d-----w- c:\users\adam\AppData\Roaming\vlc
2009-12-06 19:36 . 2009-12-06 19:36 -------- d-----w- c:\program files\ESET
2009-12-03 16:14 . 2009-12-06 18:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-12-06 18:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 15:38 . 2009-10-06 13:41 -------- d-----w- c:\program files\Java
2009-11-28 23:11 . 2009-10-05 16:13 79904 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-28 23:00 . 2009-01-09 18:12 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 11:30 . 2009-10-06 12:21 784120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-23 21:47 . 2009-10-08 14:40 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-23 21:47 . 2009-01-09 18:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-23 21:47 . 2009-01-09 18:30 12288 d-----w- c:\programdata\Microsoft Help
2009-11-20 21:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-20 14:43 . 2009-01-09 19:00 4096 d-----w- c:\program files\Acer GameZone
2009-11-20 13:45 . 2009-10-11 21:13 -------- d-----w- c:\program files\freebird
2009-11-19 18:48 . 2009-01-09 18:38 4096 d-----w- c:\program files\McAfee
2009-11-19 18:48 . 2009-01-09 18:37 4096 d-----w- c:\programdata\McAfee
2009-11-19 16:16 . 2009-10-03 15:31 8224 ----a-w- c:\users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-19 16:11 . 2009-01-09 18:32 32768 d-----w- c:\program files\Microsoft Works
2009-11-19 16:11 . 2009-10-03 19:26 4096 d-----w- c:\program files\Common Files\logishrd
2009-11-17 16:13 . 2009-10-17 16:10 -------- d-----w- c:\users\adam\AppData\Roaming\Pamela
2009-11-07 11:56 . 2009-10-21 17:37 4096 d-----w- c:\users\adam\AppData\Roaming\Vso
2009-11-02 16:28 . 2009-11-02 16:28 -------- d-----w- c:\program files\CCleaner
2009-11-02 13:43 . 2009-01-09 18:45 4096 d-----w- c:\program files\Google
2009-11-01 12:03 . 2009-11-01 12:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2009-11-01 11:04 . 2009-10-11 10:23 -------- d-----w- c:\program files\Yahoo!
2009-11-01 11:02 . 2009-10-17 16:02 4096 d-----w- c:\program files\HotRecorder
2009-11-01 11:00 . 2009-10-20 17:21 4096 d-----w- c:\program files\Free DVD Creator
2009-11-01 11:00 . 2009-10-13 13:06 4096 d-----w- c:\program files\Freecorder
2009-10-25 12:07 . 2009-10-25 12:07 -------- d-----w- c:\programdata\SwiftKit
2009-10-23 14:08 . 2009-10-23 14:08 4096 d-----w- c:\program files\DivX
2009-10-23 14:08 . 2009-10-23 14:08 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-22 12:03 . 2009-10-21 18:24 4096 d-----w- c:\programdata\vsosdk
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\users\adam\AppData\Roaming\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 47360 ----a-w- c:\users\adam\AppData\Roaming\pcouffin.sys
2009-10-21 17:37 . 2009-10-21 17:37 -------- d-----w- c:\program files\VSO
2009-10-20 17:37 . 2009-10-20 17:21 8192 d-----w- c:\program files\ffdshow
2009-10-20 17:14 . 2009-10-20 17:14 -------- d-----w- c:\users\adam\AppData\Roaming\Broad Intelligence
2009-10-20 17:14 . 2009-10-20 17:13 4096 d-----w- c:\program files\MediaCoder
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-17 16:10 . 2009-10-17 16:10 4096 d-----w- c:\program files\Pamela
2009-10-17 16:10 . 2009-10-17 16:10 155136 ----a-w- c:\windows\system32\RemoteControl.dll
2009-10-17 15:57 . 2009-10-13 13:06 737280 ----a-w- c:\windows\iun6002.exe
2009-10-17 15:55 . 2009-10-17 15:48 4096 d-----w- c:\users\adam\AppData\Roaming\Call Graph
2009-10-17 15:50 . 2009-10-17 15:50 -------- d-----w- c:\users\adam\AppData\Roaming\Sedna Wireless
2009-10-17 15:48 . 2009-10-17 15:48 4096 d-----w- c:\program files\Call Graph
2009-10-14 21:29 . 2009-10-14 21:24 4096 d-----w- c:\program files\Acez Mp3 Wav Converter
2009-10-14 21:03 . 2009-10-14 21:03 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-12 14:18 . 2009-10-12 14:18 -------- d-----w- c:\program files\VideoLAN
2009-10-11 21:20 . 2009-10-11 21:20 -------- d-----w- c:\users\adam\AppData\Roaming\Screaming Bee
2009-10-08 13:30 . 2009-10-08 13:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-06 12:21 . 2009-10-06 12:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-10-03 21:03 . 2009-10-03 21:02 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2009-10-03 21:03 . 2009-10-03 21:03 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2009-10-03 21:02 . 2009-10-03 21:02 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2009-10-03 19:02 . 2009-10-03 19:02 4096 ----a-w- c:\windows\d3dx.dat
2009-10-03 17:26 . 2009-10-03 17:26 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-03 16:23 . 2009-10-03 16:23 0 ----a-w- c:\windows\nsreg.dat
2009-09-21 16:09 . 2009-09-21 16:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 09:22 . 2009-01-09 18:40 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 09:22 . 2009-01-09 18:40 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 09:22 . 2009-01-09 18:40 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 09:22 . 2009-01-09 18:40 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 09:22 . 2009-01-09 18:40 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-14 09:44 . 2009-10-16 13:16 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 20:45 . 2009-10-28 09:38 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-10 20:45 . 2009-10-28 09:38 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-10 17:30 . 2009-10-16 13:17 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:24 . 2009-10-28 09:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 15:21 . 2009-10-28 09:38 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-01_13.55.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-12-08 15:15 59144 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-12-08 15:15 85708 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-10-03 23:22 . 2009-12-01 11:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-03 23:22 . 2009-12-08 15:17 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-03 23:22 . 2009-12-01 11:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-03 23:22 . 2009-12-08 15:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-03 23:22 . 2009-12-08 15:17 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-03 23:22 . 2009-12-01 11:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 15:39 . 2009-12-07 13:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-27 15:39 . 2009-12-07 13:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 15:39 . 2009-11-30 14:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 15:39 . 2009-12-07 13:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 13:39 . 2009-12-08 15:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-27 13:39 . 2009-12-08 15:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-27 13:39 . 2009-12-01 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 13:39 . 2009-12-08 15:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-25 12:10 . 2009-12-07 21:01 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-10-25 12:10 . 2009-12-01 11:59 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-10-25 12:10 . 2009-12-07 21:01 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-10-25 12:10 . 2009-12-01 11:59 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-10-03 15:30 . 2009-12-08 15:15 9004 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-887134994-1243305392-2542070696-1000_UserData.bin
+ 2009-12-08 15:14 . 2009-12-08 15:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-01 11:43 . 2009-12-01 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-08 15:14 . 2009-12-08 15:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-01 11:43 . 2009-12-01 11:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-12-08 15:20 617772 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-01 11:48 617772 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-01 11:48 113132 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-08 15:20 113132 c:\windows\System32\perfc009.dat
+ 2009-12-03 15:38 . 2009-10-11 04:17 149280 c:\windows\System32\javaws.exe
+ 2009-12-03 15:38 . 2009-10-11 04:17 145184 c:\windows\System32\javaw.exe
+ 2009-12-03 15:38 . 2009-10-11 04:17 145184 c:\windows\System32\java.exe
+ 2009-12-07 18:02 . 2009-12-07 18:02 228352 c:\windows\Installer\f3d054.msi
+ 2009-12-08 15:20 . 2009-12-08 15:20 802304 c:\windows\Installer\5531a.msi
+ 2009-12-08 15:20 . 2009-12-08 15:20 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-12-08 15:20 . 2009-12-08 15:20 3940352 c:\windows\Installer\55313.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1529432]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13584928]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-19 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/11/2009 19:30 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [19/11/2009 19:30 360584]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [09/01/2009 18:54 269448]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [19/11/2009 19:30 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [19/11/2009 19:30 285392]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [09/01/2009 18:29 24576]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 22:11 144632]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/01/2009 16:50 43552]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [01/12/2009 19:47 16472]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [11/10/2009 21:02 17792]
S2 0201691259589367mcinstcleanup;McAfee Application Installer Cleanup (0201691259589367);c:\users\adam\AppData\Local\Temp\020169~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\adam\AppData\Local\Temp\020169~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 22:11 50424]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 15:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-12-08 15:40
ComboFix-quarantined-files.txt 2009-12-08 15:40
ComboFix2.txt 2009-12-06 10:27
ComboFix3.txt 2009-12-01 13:59

Pre-Run: 86,207,401,984 bytes free
Post-Run: 85,446,590,464 bytes free

- - End Of File - - 5C35E2B81931671761242CD5052736E7


You didn't post instructions, do you want me to run the scan with the usual settings? Sorry for the confusion.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm
Advertisement
Register to Remove

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 8th, 2009, 12:03 pm

Hello Adamskyy :),

Please run OTL with the usual settings and post back the logs. Sorry for not being clear about that.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 8th, 2009, 12:08 pm

Entirely my mistake, I'll do so now. Thanks :)
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 8th, 2009, 12:14 pm

OTL logfile created on: 08/12/2009 16:11:49 - Run 5
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.32% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 79.49 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 48.30 Gb Free Space | 64.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2009/11/19 19:30:32 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/19 19:30:31 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/19 19:30:31 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/19 18:53:17 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/01 11:47:00 | 00,119,296 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/28 02:02:42 | 01,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 08:39:50 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2008/10/01 19:44:00 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 01:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/03/26 05:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 02:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/09/02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2005/01/29 01:09:42 | 00,876,649 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\bcmwltry.exe
PRC - [2005/01/29 01:09:42 | 00,696,422 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\wltray.exe
PRC - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
MOD - [2008/01/21 02:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/09/02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0201691259589367mcinstcleanup) McAfee Application Installer Cleanup (0201691259589367)
SRV - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 22:11:32 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/03 05:51:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/24 11:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/03 17:26:12 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/09/28 02:02:42 | 00,016,472 | ---- | M] () -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 22:03:08 | 06,754,712 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/04/06 12:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/12/10 15:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/08 17:57:00 | 07,391,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/01 18:04:16 | 00,012,832 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/30 01:53:12 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 01:53:10 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 01:53:10 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/26 10:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/22 15:18:44 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/30 09:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 09:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/29 05:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 12:02:02 | 00,140,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/21 02:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/12 08:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 14:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/12/21 10:14:52 | 00,019,712 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/19 19:30:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 18:53:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/08 15:20:05 | 00,000,000 | ---D | M]

[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2009/12/07 16:37:30 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions
[2009/11/02 19:03:08 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/14 16:37:40 | 00,002,653 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\searchplugins\kickasstorrents.xml
[2009/12/08 15:54:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 23:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/11/19 18:53:20 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/19 18:53:20 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/19 18:53:21 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/19 18:53:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wltray.exe] C:\Windows\System32\wltray.exe (BT Voyager Corporation)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 14:29:16 | 00,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/08 15:40:34 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2009/12/08 15:19:50 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/12/07 19:08:57 | 00,495,104 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2009/12/07 18:02:49 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Rainmeter
[2009/12/07 18:02:49 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Rainmeter
[2009/12/07 18:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2009/12/06 21:03:02 | 00,000,000 | R--D | C] -- C:\Users\adam\Desktop\New Briefcase
[2009/12/06 19:36:42 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/12/06 18:24:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/06 18:24:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/06 13:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2009/12/06 10:21:27 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/12/03 15:38:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/03 15:38:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/03 10:30:11 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\SysProt
[2009/12/01 19:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2009/12/01 13:38:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/01 13:38:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/01 13:38:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/01 13:38:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/01 13:37:48 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/01 13:37:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/30 14:30:34 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\Alureon stuff
[2009/11/30 14:02:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\temp
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Pinnacle
[2009/11/28 23:13:49 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\InstantCDDVD
[2009/11/28 23:13:15 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Pinnacle
[2009/11/28 23:06:42 | 00,233,472 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\DiskIO.dll
[2009/11/28 23:06:42 | 00,184,320 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\RALMain.dll
[2009/11/28 23:06:42 | 00,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MMAviAx.dll
[2009/11/28 23:06:41 | 00,126,976 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\AVIPrAx.dll
[2009/11/28 23:06:41 | 00,039,936 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\CacheX.dll
[2009/11/28 23:06:41 | 00,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MLPagAx.dll
[2009/11/28 23:04:03 | 00,171,008 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys
[2009/11/28 23:02:13 | 00,019,712 | ---- | C] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys
[2009/11/28 23:01:17 | 00,930,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltr13n.dll
[2009/11/28 23:01:17 | 00,306,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltrio13n.dll
[2009/11/28 23:01:16 | 02,079,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13s.dll
[2009/11/28 23:01:16 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13n.dll
[2009/11/28 23:01:16 | 01,013,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltwvc13n.dll
[2009/11/28 23:01:16 | 00,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMUIRes.dll
[2009/11/28 23:01:16 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2009/11/28 23:01:16 | 00,409,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13s.DLL
[2009/11/28 23:01:16 | 00,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13n.DLL
[2009/11/28 23:01:16 | 00,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.DLL
[2009/11/28 23:01:16 | 00,110,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd13s.dll
[2009/11/28 23:01:16 | 00,070,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13s.dll
[2009/11/28 23:01:16 | 00,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13s.dll
[2009/11/28 23:01:16 | 00,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13n.dll
[2009/11/28 23:01:16 | 00,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13n.dll
[2009/11/28 23:01:16 | 00,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMLRes.dll
[2009/11/28 23:00:59 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP70.DLL
[2009/11/28 23:00:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ATL70.DLL
[2009/11/28 22:59:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2009/11/28 22:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/11/28 22:59:11 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\InstallShield
[2009/11/28 10:38:13 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/11/28 10:37:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/26 09:59:24 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:27:14 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/24 12:09:13 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Temporary Projects
[2009/11/24 11:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/11/23 21:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/23 21:46:07 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Visual Studio 2008
[2009/11/23 21:45:55 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Help
[2009/11/23 21:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/23 21:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/21 10:46:42 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/21 10:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/11/19 19:30:40 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/19 19:30:38 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:34 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/19 19:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/19 19:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/19 18:40:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/19 17:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/19 16:36:44 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/19 16:35:38 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/18 20:45:38 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 20:29:43 | 00,000,000 | ---D | C] -- C:\Program Files\Quantum
[2009/11/13 13:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/11 13:53:14 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\LogiShrd
[2009/11/11 13:52:41 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/11 13:49:36 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/11/11 13:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi(543).dll
[2009/11/09 22:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\Web Site Change Monitor
[2009/10/21 17:37:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[2009/01/09 16:51:34 | 00,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2009/12/08 16:12:38 | 02,097,152 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT
[2009/12/08 16:10:44 | 00,000,039 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/12/08 16:08:03 | 00,000,069 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/12/08 15:56:49 | 00,617,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/08 15:56:49 | 00,113,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/08 15:56:48 | 00,717,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/08 15:42:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/12/08 15:42:28 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 15:42:28 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/08 15:42:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/08 15:42:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/08 15:42:20 | 29,512,17152 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 15:42:12 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/12/08 15:41:41 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/12/08 15:41:41 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/12/08 15:41:29 | 02,286,430 | -H-- | M] () -- C:\Users\adam\AppData\Local\IconCache.db
[2009/12/08 15:38:44 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/08 15:20:05 | 00,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/08 15:19:44 | 46,359,526 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/08 15:19:29 | 00,116,698 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/07 19:08:57 | 00,495,104 | ---- | M] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2009/12/07 18:02:29 | 00,001,708 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2009/12/07 18:02:29 | 00,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Rainmeter.lnk
[2009/12/06 21:10:16 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/12/06 20:53:54 | 00,036,352 | ---- | M] () -- C:\Users\adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/06 18:24:39 | 00,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 13:56:43 | 00,000,776 | ---- | M] () -- C:\Users\adam\Desktop\RocketDock.lnk
[2009/12/06 10:22:35 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/05 14:36:10 | 00,724,952 | ---- | M] () -- C:\Users\adam\Desktop\avenger.zip
[2009/12/05 14:35:49 | 00,000,107 | ---- | M] () -- C:\Users\adam\Desktop\copy.bat
[2009/12/04 16:33:54 | 00,102,660 | ---- | M] () -- C:\Users\adam\Desktop\SystemLook.exe
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/01 13:36:59 | 03,573,627 | R--- | M] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/28 23:11:00 | 00,079,904 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/11/28 23:09:20 | 00,315,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/25 16:49:05 | 00,001,558 | ---- | M] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 10:36:48 | 00,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:38 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | M] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:16:50 | 00,008,224 | ---- | M] () -- C:\Users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 16:13:49 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:12:38 | 05,505,024 | -HS- | M] () -- C:\Users\adam\ntuser.dat_previous
[2009/11/19 16:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/11 14:04:58 | 00,134,158 | ---- | M] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:59 | 00,035,840 | ---- | M] () -- C:\Users\adam\Desktop\Types of Business.doc

========== Files Created - No Company Name ==========

[2009/12/08 15:20:05 | 00,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/07 18:02:29 | 00,001,708 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2009/12/07 18:02:29 | 00,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Rainmeter.lnk
[2009/12/06 18:24:39 | 00,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/06 13:56:43 | 00,000,776 | ---- | C] () -- C:\Users\adam\Desktop\RocketDock.lnk
[2009/12/05 14:36:20 | 00,731,136 | ---- | C] () -- C:\Users\adam\Desktop\avenger.exe
[2009/12/05 14:36:10 | 00,724,952 | ---- | C] () -- C:\Users\adam\Desktop\avenger.zip
[2009/12/05 14:35:49 | 00,000,107 | ---- | C] () -- C:\Users\adam\Desktop\copy.bat
[2009/12/04 16:33:53 | 00,102,660 | ---- | C] () -- C:\Users\adam\Desktop\SystemLook.exe
[2009/12/01 13:38:01 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/01 13:38:01 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/01 13:38:01 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/01 13:38:01 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/01 13:38:01 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/01 13:36:47 | 03,573,627 | R--- | C] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/30 14:10:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/11/28 23:01:16 | 00,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2009/11/28 23:01:16 | 00,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2009/11/28 23:01:16 | 00,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2009/11/28 23:01:16 | 00,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2009/11/28 23:01:16 | 00,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2009/11/28 23:00:41 | 00,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/11/25 16:49:05 | 00,001,558 | ---- | C] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 11:42:52 | 00,000,069 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/11/21 11:42:48 | 00,000,039 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/11/21 10:36:48 | 00,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:33 | 46,359,526 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/19 19:30:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 19:30:33 | 00,116,698 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | C] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:27:42 | 29,512,17152 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:13:49 | 00,065,536 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/11/11 14:04:57 | 00,134,158 | ---- | C] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:58 | 00,035,840 | ---- | C] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/10/21 17:39:41 | 00,000,671 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\vso_ts_preview.xml
[2009/10/21 17:38:57 | 00,000,034 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2009/10/21 17:37:49 | 00,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2009/10/21 17:37:49 | 00,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2009/10/20 17:21:59 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/03 18:55:05 | 00,036,352 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:20:37 | 00,003,126 | ---- | C] () -- C:\Windows\System32\bcmwlhom.ini
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/09 18:29:31 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/09 18:19:34 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 08:23:13 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 08:23:13 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

========== LOP Check ==========

[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Acer GameZone Console
[2009/10/20 17:14:13 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broad Intelligence
[2009/10/17 15:55:47 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Call Graph
[2009/11/21 10:58:15 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/11 13:52:41 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/17 16:13:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pamela
[2009/10/08 15:00:34 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Publish Providers
[2009/12/07 18:36:07 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Rainmeter
[2009/10/11 21:20:40 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Screaming Bee
[2009/10/17 15:50:02 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sedna Wireless
[2009/10/08 15:00:17 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sony
[2009/11/07 11:56:22 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/12/08 15:41:36 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 8th, 2009, 12:14 pm

OTL Extras logfile created on: 08/12/2009 16:11:49 - Run 5
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.32% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 79.49 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 48.30 Gb Free Space | 64.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27F17D37-BBB3-45D4-9991-2F092C6225B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{461562E5-4619-4B52-B87E-42C80DB420B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F26533B-F536-468E-BBB0-9C664BD20B53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79343AB4-AABA-467B-8AFF-24F700C369B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{894747AE-778B-4048-B909-1891B1133ACD}" = rport=137 | protocol=17 | dir=out | app=system |
"{909A9321-E225-4007-A6D1-C8CD4CA18001}" = lport=138 | protocol=17 | dir=in | app=system |
"{9C9F696E-F6C3-4156-93F8-588CB408800D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A94321E7-1389-4B32-9F85-D583C8F0A73D}" = rport=139 | protocol=6 | dir=out | app=system |
"{B3BD8997-9D18-47E1-B6E2-068FE3EC5FC4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D33E829F-E88C-4716-B414-78B4F44F4055}" = rport=445 | protocol=6 | dir=out | app=system |
"{E62DAF2C-8598-46FD-B8B3-0E83DAC84894}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2C8CD84-C6F5-4388-9EAB-7427309C48E4}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0C78D2-7ADC-4984-A9D1-D6D05618A9CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0ECF67CA-E2E5-4227-98AD-7E5041870380}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{260D36EC-BFF1-417F-9F69-1E6233A337DC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{37EAE785-B708-4E4E-B4A9-5A577C3A14EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D1738B4-81E6-4FB4-8C9D-9740D05FA8D0}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{48DFC21C-4822-455F-97A8-03312C781709}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{494F9213-68CC-4502-8D77-185E9101379D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4C2D7F88-7D92-4C74-8B1E-A37C69711D24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51E241A9-08C5-4929-9D72-43998DB0451D}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{67CD107B-0CD8-4E2C-A88A-75F4131A5CD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{688EAAA3-7F09-4B07-9977-1E2E354D1512}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{6E1904C6-84DD-417F-961C-7A94BA1C5F39}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6F22ED40-E2E5-4CAF-B284-875028F9F1DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70B33D1B-9842-4640-B548-950033B3FD13}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{7158EF49-5F3C-41A3-87D4-63E4C4F5A8BF}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{7A20E3DB-4149-4A97-BD3C-2CFE96486C21}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{923651EF-EE7F-4C09-9D8C-D9C046AD4612}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BFA568F-2824-4031-8F3C-D3E945B57705}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{A4BD36C2-436E-474B-8E87-8A1F363023DF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{B250137B-2D02-4FCF-8266-0E5F1FC90925}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C6486727-4A0B-4C6E-8EB0-05C866EF9711}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{D148ABC9-1C87-4671-BD22-3F58D9C9FE9B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D3A3ED19-0A51-4A92-97CA-1BE615F009B7}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D757CBA6-ED3A-4DD4-B82C-267B60E30154}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D87F7A91-FEE4-47C9-B303-19FB93F39F1F}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D9CD915F-5525-4EF1-A01E-BC0B526620D6}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{DB018657-922E-4F1B-92EC-07C71CDDD84A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{DED6288D-8A0A-4C72-A187-D2E2C5C8B043}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FE9A3F7E-28BF-4F85-B6BF-DFDE02CCA55D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{80ABB5DF-3510-46E5-9E4B-E08E063D558B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{900357B6-1ED4-486C-9AAC-E8E1B2F1245F}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0a
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acez Mp3 Wav Converter v3.0_is1" = Acez Mp3 Wav Converter v3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Call Graph" = Call Graph
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{19451766-07CE-4A79-9A6A-61FC0395C319}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{1EB8607F-C1F8-476E-9D54-AFD8CDA09B6B}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer & Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.2.4526
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Pamela" = Pamela Standard 4.6
"Pool Sharks" = Pool Sharks 2.1
"Rainmeter" = Rainmeter (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SwiftKit" = SwiftKit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2009 12:22:27 | Computer Name = Adam | Source = McLogEvent | ID = 5022
Description =

Error - 19/11/2009 12:22:27 | Computer Name = Adam | Source = McLogEvent | ID = 5022
Description =

Error - 19/11/2009 12:24:26 | Computer Name = Adam | Source = EventSystem | ID = 4609
Description =

Error - 19/11/2009 12:25:47 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

Error - 19/11/2009 12:28:16 | Computer Name = Adam | Source = McLogEvent | ID = 5022
Description =

Error - 19/11/2009 12:29:27 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

Error - 19/11/2009 12:31:17 | Computer Name = Adam | Source = McLogEvent | ID = 5022
Description =

Error - 19/11/2009 12:31:17 | Computer Name = Adam | Source = McLogEvent | ID = 5022
Description =

Error - 19/11/2009 14:51:39 | Computer Name = Adam | Source = WinMgmt | ID = 10
Description =

Error - 19/11/2009 15:51:53 | Computer Name = Adam | Source = ESENT | ID = 474
Description = wlcomm (6032) C:\Users\adam\AppData\Local\Microsoft\Windows Live Contacts\{4c2e8e39-20fc-43ca-82b4-2f01ed407eb9}\:
The database page read from the file "C:\Users\adam\AppData\Local\Microsoft\Windows
Live Contacts\{4c2e8e39-20fc-43ca-82b4-2f01ed407eb9}\DBStore\contacts.edb" at offset
3760128 (0x0000000000396000) (database page 458 (0x1CA)) for 8192 (0x00002000)
bytes failed verification due to a page checksum mismatch. The expected checksum
was -2643653322030648012 (0xdb4fdb4f6f14f534) and the actual checksum was -2458364934875732915
(0xdde2221de074a44d). The read operation will fail with error -1018 (0xfffffc06).
If this condition persists then please restore the database from a previous backup.
This problem is likely due to faulty hardware. Please contact your hardware vendor
for further assistance diagnosing the problem.

[ Media Center Events ]
Error - 01/11/2009 07:03:17 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5564.1128)

Error - 01/11/2009 07:03:17 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5564.1129)

Error - 19/11/2009 04:59:38 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4796.1128)

Error - 19/11/2009 04:59:38 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4796.1129)

Error - 19/11/2009 04:59:44 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (4796.1128)

Error - 19/11/2009 04:59:44 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (4796.1129)

Error - 19/11/2009 05:59:57 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5408.1128)

Error - 19/11/2009 05:59:57 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5408.1129)

Error - 19/11/2009 06:00:03 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5408.1128)

Error - 19/11/2009 06:00:03 | Computer Name = Adam | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5408.1129)

[ System Events ]
Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 04/11/2009 13:08:41 | Computer Name = Adam | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 05/11/2009 03:56:56 | Computer Name = Adam | Source = HTTP | ID = 15016
Description =

Error - 05/11/2009 03:59:08 | Computer Name = Adam | Source = DCOM | ID = 10010
Description =

Error - 05/11/2009 06:18:09 | Computer Name = Adam | Source = HTTP | ID = 15016
Description =

Error - 05/11/2009 06:20:26 | Computer Name = Adam | Source = DCOM | ID = 10010
Description =


< End of report >
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 10th, 2009, 1:48 am

Hello Adamskyy :),

You have already uninstalled McAfee SecurityCenter, but there are still many files remaining. To completely remove McAfee products after you uninstalled them, please download the McAfee Consumer Product Removal Tool. Click here. Follow the steps outlined according to the product and OS that you have.

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT
  • Double click on erunt-setup.exe and run the installation setup.
  • Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
  • Continue until you get prompted to run ERUNT at startup. Choose No.
  • Next, make sure Launch ERUNT is checked (ticked) and click Finish.
  • Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code: Select all
    :otl
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    
    :commands
    [emptytemp]
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • If requested to reboot, please do so. The log file will open after restart.
  • Enable back your security softwares as soon as you completed the OTL fix steps.

Please post back:
1. the OTL fix log
2. any more problems?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 10th, 2009, 9:15 am

All processes killed
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-887134994-1243305392-2542070696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: adam
->Temp folder emptied: 2608176 bytes
->Temporary Internet Files folder emptied: 4147107 bytes
->Java cache emptied: 14991285 bytes
->FireFox cache emptied: 93629719 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 278648 bytes

Total Files Cleaned = 110.30 mb


OTL by OldTimer - Version 3.1.11.1 log created on 12102009_131142

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


tdlclk and tdlcmd.dll are no longer there, I'm experiencing no redirects, I think I'm clean? :)
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 10th, 2009, 12:12 pm

Hello Adamskyy :),

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp at the upper right corner, proceed to reboot if prompted.
  • Delete the GMER file on your desktop (os2505t2.exe).
  • Delete the Avenger, CKScanner and SystemLook files, as well as the SysProt folder on the desktop if they are still available.
  • Delete any logs on the desktop.
  • Uninstall HijackThis
    • Open HijackThis.
    • Go to Open the Misc Tools section by clicking on the box.
    • Scroll down until the bottom and under the Uninstall HijackThis section, click on Uninstall HijackThis & exit button.
    • Click Yes if prompted.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide for some detail explanations.

3. Keep your Antivirus program updated always, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Keep and use Malwarebytes' Anti-Malware occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

6. Install SiteHound or Web of Trust (WOT). SiteHound and WOT keeps you from dangerous websites with warnings and blockings.

7. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

8. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

9. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

10. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Safe surfing.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 10th, 2009, 3:51 pm

Great, thanks so much, I'm sorry for the hassle I caused with faulty replies and general obvious mistakes - thanks for sticking with me!

It's very much appreciated - I'll complete your advice steps now :)

Thanks again!
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby NonSuch » December 13th, 2009, 2:54 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware