Attack on Computer

View previous topic View next topic Go down

Attack on Computer

Post by outlawz28 on 14th March 2010, 11:16 pm

I have started to get messages pop up of attacks on my computer and malware and trojans have been detected. Here is my hijack this log: Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:26 PM, on 14/03/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Sunny\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Sunny\Downloads\winlogon.scr
C:\Users\Sunny\AppData\Local\av.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - [You must be registered and logged in to see this link.]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12559 bytes

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by Belahzur on 15th March 2010, 12:08 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 15th March 2010, 12:14 am

OTL logfile created on: 14/03/2010 6:09:36 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Sunny\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 16.64 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 11.08 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNNY-PC
Current User Name: Sunny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/14 18:08:52 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
PRC - [2010/02/04 08:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 08:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/03 21:57:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdxcoms.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/04/17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/04/12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 18:08:52 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
MOD - [2007/04/17 19:36:34 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/02/04 08:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/03 01:10:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/08/19 13:30:42 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/02/27 17:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/17 19:36:34 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/04/12 17:43:16 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2009/09/23 05:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/26 19:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/09/29 19:27:58 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/12/06 08:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/06/12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/05/04 15:05:04 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/04/23 19:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/12 17:43:30 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/04/12 17:43:28 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/04/12 17:43:24 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2006/12/19 13:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/12/19 13:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 13:44:10 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/09 08:55:10 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/09 08:53:58 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/09 08:53:48 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 22:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:57:06 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 00:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 12:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/18 19:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/05 09:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 00:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 00:58:47 | 000,000,000 | ---D | M]

[2009/10/25 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla\Extensions
[2009/09/08 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/14 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\g6ynileh.default\extensions
[2009/10/25 20:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\g6ynileh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/07 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\g6ynileh.default\extensions\firefox@tvunetworks.com
[2009/10/25 18:57:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe (iISoftware)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk = C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} [You must be registered and logged in to see this link.] (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} [You must be registered and logged in to see this link.] (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sunny\Desktop\iphone pics\viper o lord.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sunny\Desktop\iphone pics\viper o lord.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\Sunny\AppData\Local\av.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 18:08:50 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
[2010/03/14 17:27:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/14 17:26:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/10 04:02:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 04:02:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/06 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\BC 2010 Wreslting
[2010/02/23 11:03:17 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 11:03:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 11:02:05 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 11:02:05 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 11:02:04 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 11:02:04 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 11:02:04 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 11:02:04 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 11:02:04 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 11:02:04 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 11:02:04 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/22 01:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/22 01:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/22 00:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/21 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\HR
[2010/02/20 01:47:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/19 00:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 3600-4600 Series
[2009/09/03 22:45:51 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2009/09/03 22:45:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2009/09/03 22:45:47 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2009/09/03 22:45:46 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2009/09/03 22:45:45 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2009/09/03 22:45:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2009/09/03 22:45:44 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2009/09/03 22:45:44 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2009/09/03 22:45:42 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2009/09/03 22:45:40 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2009/09/03 22:45:39 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2009/09/03 00:22:49 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/09/03 00:22:49 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2009/09/03 00:22:49 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2009/07/17 19:55:10 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoin.dll
[2007/05/04 15:18:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/14 18:10:26 | 004,718,592 | -HS- | M] () -- C:\Users\Sunny\NTUSER.DAT
[2010/03/14 18:08:52 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
[2010/03/14 17:41:12 | 000,782,632 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/14 17:41:12 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/14 17:41:12 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/14 17:37:00 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/14 17:37:00 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/14 17:36:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/14 17:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/14 17:36:45 | 2145,501,184 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 17:27:27 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/14 17:20:17 | 000,696,832 | ---- | M] () -- C:\Windows\is-M2H8H.exe
[2010/03/14 17:20:17 | 000,010,498 | ---- | M] () -- C:\Windows\is-M2H8H.msg
[2010/03/14 17:20:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 17:20:17 | 000,000,331 | ---- | M] () -- C:\Windows\is-M2H8H.lst
[2010/03/14 17:16:29 | 000,010,222 | -HS- | M] () -- C:\Users\Sunny\AppData\Local\3pxrV41BG
[2010/03/13 02:16:24 | 000,205,824 | ---- | M] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 11:19:55 | 000,011,673 | ---- | M] () -- C:\Users\Sunny\Desktop\Bart.docx
[2010/03/12 10:51:54 | 000,002,627 | ---- | M] () -- C:\Users\Sunny\Desktop\Microsoft Office Word 2007.lnk
[2010/03/10 04:28:21 | 001,765,569 | -H-- | M] () -- C:\Users\Sunny\AppData\Local\IconCache.db
[2010/03/09 19:55:24 | 000,071,657 | ---- | M] () -- C:\Users\Sunny\Desktop\damn.jpg
[2010/03/07 22:43:01 | 000,000,937 | ---- | M] () -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acer Product Registration.lnk
[2010/02/24 17:18:53 | 000,100,432 | ---- | M] () -- C:\Users\Sunny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/24 03:20:22 | 000,376,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 22:02:51 | 000,000,110 | ---- | M] () -- C:\Users\Sunny\webct_upload_applet.properties
[2010/02/23 22:02:37 | 000,022,823 | ---- | M] () -- C:\Users\Sunny\Documents\Sunny Phulka Lazy Employees.docx
[2010/02/22 22:34:43 | 000,034,652 | ---- | M] () -- C:\Users\Sunny\Desktop\Sunny Phulka HR ESSAY.docx
[2010/02/22 01:06:32 | 005,873,664 | ---- | M] () -- C:\Users\Sunny\Desktop\Akon_-_Nosy_Neighbor.mp3
[2010/02/22 01:02:24 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/22 00:58:36 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/20 22:00:24 | 000,034,270 | ---- | M] () -- C:\Users\Sunny\Desktop\edited-Reflective Essay.docx
[2010/02/20 16:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 16:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/20 01:47:35 | 201,144,791 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/19 02:06:39 | 000,043,821 | ---- | M] () -- C:\Users\Sunny\Desktop\Sunny Phulka AgChoices 2010.docx
[2010/02/19 02:00:22 | 000,161,497 | ---- | M] () -- C:\Users\Sunny\Documents\HR QUIZ 2.docx
[2010/02/16 23:46:49 | 000,024,171 | ---- | M] () -- C:\Users\Sunny\Documents\Sunny Phulka Pressure to Be a Team Player.docx
[2010/02/16 23:43:53 | 000,024,280 | ---- | M] () -- C:\Users\Sunny\Documents\OB-Team Player.docx
[2010/02/16 23:10:17 | 000,033,173 | ---- | M] () -- C:\Users\Sunny\Desktop\Reflective Essay.docx
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 17:27:27 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/14 17:20:17 | 000,696,832 | ---- | C] () -- C:\Windows\is-M2H8H.exe
[2010/03/14 17:20:17 | 000,010,498 | ---- | C] () -- C:\Windows\is-M2H8H.msg
[2010/03/14 17:20:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 17:20:17 | 000,000,331 | ---- | C] () -- C:\Windows\is-M2H8H.lst
[2010/03/14 16:55:03 | 000,010,222 | -HS- | C] () -- C:\Users\Sunny\AppData\Local\3pxrV41BG
[2010/03/12 11:19:47 | 000,011,673 | ---- | C] () -- C:\Users\Sunny\Desktop\Bart.docx
[2010/03/09 19:55:23 | 000,071,657 | ---- | C] () -- C:\Users\Sunny\Desktop\damn.jpg
[2010/02/23 21:45:19 | 000,022,823 | ---- | C] () -- C:\Users\Sunny\Documents\Sunny Phulka Lazy Employees.docx
[2010/02/22 22:31:43 | 000,034,652 | ---- | C] () -- C:\Users\Sunny\Desktop\Sunny Phulka HR ESSAY.docx
[2010/02/22 01:02:24 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/22 00:58:36 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/02/20 01:47:16 | 201,144,791 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/19 02:06:37 | 000,043,821 | ---- | C] () -- C:\Users\Sunny\Desktop\Sunny Phulka AgChoices 2010.docx
[2010/02/19 02:00:20 | 000,161,497 | ---- | C] () -- C:\Users\Sunny\Documents\HR QUIZ 2.docx
[2010/02/19 00:43:54 | 000,000,248 | ---- | C] () -- C:\ProgramData\lxdxDiagnostics.log
[2010/02/19 00:43:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/02/17 00:49:55 | 000,034,270 | ---- | C] () -- C:\Users\Sunny\Desktop\edited-Reflective Essay.docx
[2010/02/16 23:46:47 | 000,024,171 | ---- | C] () -- C:\Users\Sunny\Documents\Sunny Phulka Pressure to Be a Team Player.docx
[2010/02/14 01:24:41 | 000,024,280 | ---- | C] () -- C:\Users\Sunny\Documents\OB-Team Player.docx
[2010/02/14 00:36:31 | 000,033,173 | ---- | C] () -- C:\Users\Sunny\Desktop\Reflective Essay.docx
[2010/01/20 16:48:45 | 000,000,680 | ---- | C] () -- C:\Users\Sunny\AppData\Local\d3d9caps.dat
[2009/10/26 12:27:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2009/10/25 18:12:30 | 000,008,771 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/10/06 21:39:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/06 00:26:48 | 000,000,552 | ---- | C] () -- C:\Users\Sunny\AppData\Local\d3d8caps.dat
[2009/09/03 23:32:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/03 22:55:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2009/09/03 22:53:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2009/09/03 22:53:02 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2009/09/03 22:53:01 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2009/09/03 22:46:38 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2009/09/03 22:45:54 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2009/09/03 17:52:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/03 08:44:46 | 000,205,824 | ---- | C] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/03 01:09:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/09/03 00:58:14 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2009/09/03 00:58:14 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2009/09/03 00:57:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2009/09/03 00:22:49 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/05/04 17:36:52 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/05/04 17:22:21 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll
[2007/05/04 17:20:37 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll
[2007/05/04 15:18:36 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/05/02 20:20:15 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/05/02 20:04:03 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2007/05/02 20:03:38 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/12 17:42:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/12 17:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/12 17:41:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/12 17:40:04 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/12 17:39:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/12 17:39:48 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 15th March 2010, 12:14 am

OTL Extras logfile created on: 14/03/2010 6:09:36 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Sunny\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 16.64 Gb Free Space | 14.91% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 11.08 Gb Free Space | 9.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUNNY-PC
Current User Name: Sunny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Sunny\AppData\Local\av.exe File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094E8E28-A217-476D-976D-583F8D2246B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39274D15-AA56-4314-98AC-FC7AE86888FF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B9F40714-7B96-467B-ACE7-90B65E851892}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A34BA2-D8DA-4B22-9B92-39F92BB6C57E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{14DFF357-2129-43BD-8436-58F059640EEB}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{14E5B197-7B88-479F-AB3B-A66E902D0EAD}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{156EE5B1-5E90-4B75-863A-94C0E8F6CC64}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16289636-CAB7-4006-98C5-468F1A3D1767}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{17726FCE-732D-4100-9081-9619565F22F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FBB3236-E515-4303-8D4C-E3FD53AAF968}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{355CBC01-A673-4B32-AFC7-675B40846140}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{39F70B62-A974-49CC-BD22-6B84BCD3B8A9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{507EA8C7-E515-4E90-848C-EE3538DA3946}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50C5DBBA-ABE2-4832-8985-50306B4C586F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{55C35D37-0BCD-4C10-8D41-76EE9401AD48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60BFB38F-72DD-47E4-A5AE-6E4181C388D0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
"{6D568786-FBBF-43EB-88A1-E703340026C6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{6DB8DCA7-7E1D-4A02-988D-7E9ABCCB4D25}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{78B4E84A-6EFF-44DD-B5FF-64A9B6A6B4D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{852D910E-46B3-414F-8E46-2C6C4CE6D054}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxjswx.exe |
"{85C07263-93CC-4DB5-9D70-4ABB03FB8C60}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{91E104DD-4E3E-4689-B675-4CA3641D7CAB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{927F929A-CB67-4B06-858D-449DB08D5AF9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A22B014E-756E-40D3-B410-CA2727C035B4}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{AA9F36DA-E6B1-46C0-9D15-26C27395980F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"{AD334959-6F9C-4258-BE40-40859ABB8E47}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C00AABBF-601A-4985-A74B-1243A1E94789}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{C41ACF3F-B58F-4C10-A1F2-D95C7565AEA4}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{D130FE2C-23A0-43C3-8650-AAF62909FFBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D401F4E1-34D6-4E75-94DB-F47FF3ED6E5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E771CCA1-6785-49F8-AF64-21919B0548F3}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |
"{EE8B22B5-02F8-4F12-8483-A3982FE3C81D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"{F4E258D8-3000-47E7-BFD1-E3A2A0E99924}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{FD6A2E15-F726-4741-8A18-DF385540B45D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"{FE005279-6704-45A0-BA4E-CED6F32594AE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxtime.exe |
"TCP Query User{46F5D1BE-E48B-4E8A-9DE1-7ED1E0BE3634}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{5E63382A-7A58-42E8-8187-061081E6215B}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{673B4977-3044-4434-A69B-852E2F3E5FB3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{74B6805C-46BA-46FE-ABF5-3794309BB2D3}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"TCP Query User{83F99F5D-9791-41FD-BE94-2AC6BFFB0E23}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{9B39C22B-D262-48B6-8B12-8303C8D22A94}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"TCP Query User{9F3F1329-CE4B-435E-8CD3-2AA64EFBE686}C:\program files\lexmark 3600-4600 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"TCP Query User{D5534F4D-E375-4D14-A3DA-BE232960C5C5}C:\users\sunny\appdata\roaming\icu2\icuii.exe" = protocol=6 | dir=in | app=c:\users\sunny\appdata\roaming\icu2\icuii.exe |
"TCP Query User{FA7EF800-273A-4130-833F-155ED9812B77}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0AC26D3D-E8D6-411E-B91A-1EE508C98365}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{1BE4A306-764F-4BD2-B1E0-0AA8B71AA6DE}C:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe |
"UDP Query User{678E4628-E2D9-425F-B9A0-0BD5F41F58D0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{80949970-1FBD-44D9-B17A-BA9F66E13858}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0ACEBAB-00F8-4981-BE05-F6A55BBA054B}C:\program files\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxmon.exe |
"UDP Query User{AE745E0F-C21A-4795-A3F4-A310A0A0973C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B6FB1CB0-F09E-499C-86CF-A59595637466}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BB9B46CA-3956-4405-AAF8-81129030787D}C:\program files\lexmark 3600-4600 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"UDP Query User{F8CA5A02-5716-40D7-A0E2-AE8CBBE10E02}C:\users\sunny\appdata\roaming\icu2\icuii.exe" = protocol=17 | dir=in | app=c:\users\sunny\appdata\roaming\icu2\icuii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F968571-D33F-1E3E-222A-676AF9AAAA11}" = ATI Catalyst Install Manager
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitComet" = BitComet 1.14
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3055] [2009-08-16]
"FLV Player" = FLV Player 2.0 (build 25)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GridVista" = Acer GridVista
"iISystem Wiper_is1" = iISystem Wiper 2.4.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"LimeWire" = LimeWire 5.2.13
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"PowerISO" = PowerISO
"PRJSTDR" = Microsoft Office Project Standard 2007 Trial
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by Belahzur on 15th March 2010, 12:39 am

Hello.

Please download [You must be registered and logged in to see this link.]

  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

  • In your case, it would be .EXE
  • Close SREng now.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 15th March 2010, 12:48 am

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

OTL by OldTimer - Version 3.1.37.1 log created on 03142010_184652

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by Belahzur on 15th March 2010, 10:19 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 15th March 2010, 11:15 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3871
Windows 6.0.6000
Internet Explorer 8.0.6001.18882

14/03/2010 5:14:42 PM
mbam-log-2010-03-14 (17-14-42).txt

Scan type: Quick Scan
Objects scanned: 112574
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by Belahzur on 16th March 2010, 1:09 am

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 17th March 2010, 7:03 am

ComboFix 10-03-16.03 - Sunny 16/03/2010 0:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.2046.1186 [GMT -7:00]
Running from: c:\users\Sunny\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\1Ob8yX.jpg
c:\users\Sunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\8bx7xx.jpg
c:\users\Sunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\8nNpAblm.jpg
c:\users\Sunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\NxXyap44k.jpg
c:\windows\system32\license.rtf
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-15 01:46 . 2010-03-15 01:46 -------- d-----w- C:\_OTL
2010-03-15 00:27 . 2010-03-15 00:27 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 00:27 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-15 00:20 . 2010-03-15 00:20 696832 ----a-w- c:\windows\is-M2H8H.exe
2010-03-10 11:02 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 11:02 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 11:02 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-23 18:03 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 18:02 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 18:02 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 18:02 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 18:02 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 18:02 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 18:02 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 18:02 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 18:02 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 18:02 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-22 08:01 . 2010-02-22 08:01 -------- d-----w- c:\program files\iPod
2010-02-22 08:01 . 2010-02-22 08:02 -------- d-----w- c:\program files\iTunes
2010-02-22 07:58 . 2010-02-22 07:58 -------- d-----w- c:\program files\QuickTime
2010-02-22 07:52 . 2010-02-22 07:52 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-19 07:43 . 2010-02-19 07:43 -------- d-----w- c:\programdata\Lexmark 3600-4600 Series

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 03:27 . 2009-10-08 16:08 -------- d-----w- c:\users\Sunny\AppData\Roaming\vlc
2010-03-15 01:16 . 2009-09-04 01:02 -------- d-----w- c:\program files\BitComet
2010-03-15 00:49 . 2009-10-07 04:38 -------- d-----w- c:\users\Sunny\AppData\Roaming\Skype
2010-03-15 00:36 . 2009-10-05 23:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 00:27 . 2009-10-26 00:46 -------- d-----w- c:\program files\Lavasoft
2010-03-15 00:03 . 2009-10-07 04:39 -------- d-----w- c:\users\Sunny\AppData\Roaming\skypePM
2010-03-13 01:36 . 2009-09-09 03:32 -------- d-----w- c:\users\Sunny\AppData\Roaming\LimeWire
2010-03-12 19:15 . 2009-09-04 06:04 -------- d-----w- c:\programdata\Lx_cats
2010-03-10 11:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 11:12 . 2007-05-04 22:20 -------- d-----w- c:\programdata\Microsoft Help
2010-03-01 08:49 . 2009-10-26 00:48 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-25 00:18 . 2009-09-03 07:35 100432 ----a-w- c:\users\Sunny\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:16 . 2009-10-03 08:01 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 08:01 . 2009-09-04 06:37 -------- d-----w- c:\program files\Common Files\Apple
2010-02-13 05:09 . 2010-01-25 00:50 -------- d-----w- c:\program files\Veetle
2010-02-04 19:49 . 2009-10-26 00:48 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 19:49 . 2009-10-26 00:48 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 19:49 . 2009-10-26 00:48 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 05:19 . 2010-02-04 05:19 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-01-28 06:29 . 2010-01-28 06:21 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-28 06:29 . 2010-01-28 06:21 -------- d-----w- c:\program files\AVS4YOU
2010-01-28 06:23 . 2010-01-28 06:23 -------- d-----w- c:\users\Sunny\AppData\Roaming\AVS4YOU
2010-01-28 06:23 . 2010-01-28 06:23 -------- d-----w- c:\programdata\AVS4YOU
2010-01-28 06:19 . 2010-01-28 06:20 737280 ----a-w- c:\windows\iun6002.exe
2010-01-28 06:01 . 2010-01-28 06:01 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-01-28 06:01 . 2010-01-28 06:01 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-27 13:53 . 2009-10-26 00:48 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 13:52 . 2009-10-29 00:52 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 13:52 . 2009-10-26 01:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 13:52 . 2009-10-26 00:48 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 13:52 . 2009-10-26 00:48 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 13:52 . 2009-10-26 00:48 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 13:52 . 2009-10-26 00:48 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 13:52 . 2009-10-29 00:51 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 13:52 . 2009-10-26 00:48 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 13:51 . 2009-10-26 00:48 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 13:51 . 2009-10-26 00:48 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 13:51 . 2009-10-26 00:48 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 13:51 . 2009-10-26 00:48 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 13:50 . 2009-10-26 00:48 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 13:50 . 2009-10-26 00:48 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-22 10:21 . 2009-09-23 04:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 23:48 . 2010-01-20 23:48 680 ----a-w- c:\users\Sunny\AppData\Local\d3d9caps.dat
2010-01-07 23:07 . 2009-10-05 23:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-10-05 23:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-21 23:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:36 . 2010-02-09 22:29 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-09 22:29 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-09 22:29 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-09 22:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-09 22:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-09 22:29 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-09 22:29 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-09 22:29 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-09 22:29 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-09 22:29 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-03 08:16 . 2009-09-03 08:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-09-04 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-09-03 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-13 457728]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-04 813840]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-06-13 16040]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-06 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Product Registration.lnk - c:\program files\Acer Registration\ACE1.exe [2007-2-2 3383296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2009-08-19 98984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\g6ynileh.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\g6ynileh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-16 00:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\eNetHook.dll
.
Completion time: 2010-03-16 00:56:29
ComboFix-quarantined-files.txt 2010-03-16 07:56

Pre-Run: 17,423,622,144 bytes free
Post-Run: 17,303,924,736 bytes free

- - End Of File - - 762FEE2F50EEF4B92E75A525CFA2A66B

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Attack on Computer

Post by Belahzur on 17th March 2010, 9:21 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 8.1.3
    BitComet 1.14
    Java(TM) 6 Update 16
    LimeWire 5.2.13

  • Click on the Uninstall/Change button at the top.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Attack on Computer

Post by outlawz28 on 18th March 2010, 6:59 am

Its running much better now. Thanks a lot you guys are the best!!

outlawz28
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2008-11-19
OS OS : Windows Vista Home Premium
Points Points : 29709
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum