Jump to content

My (RSIT) post **{{Vista}}**


Recommended Posts

Hey i have recently just picked up the trojan.zlob.g virus from a video website. I Ran various scans on my computer (Malwarebytes Anti-Malware) - (AVG Free 8.0) None Showed The trojan.zlob.g virus up. At the moment my internet is running fine... i get the fake windows security alert every 20-25 minutes thats all i can say as im not really a computer expert. Here are the (RSIT) Documents You Said To Post. Hope You Can Help.

 

(INFO)

info.txt logfile of random's system information tool 1.04 2008-12-09 10:45:32

 

======Uninstall list======

 

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL

Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly

Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly

Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly

Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly

Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly

Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly

Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI

Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly

Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log

Agere Systems HDA Modem-->agrsmdel

ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI

Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409

NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7

Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"

PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}

Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}

Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}

Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}

Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}

Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}

Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

 

======Security center information======

 

AV: AVG Anti-Virus Free

AS: AVG Anti-Virus Free (disabled)

AS: Windows Defender

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel

"PROCESSOR_REVISION"=1601

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

 

-----------------EOF-----------------

 

 

 

 

 

 

 

(LOG)

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Kieron at 2008-12-09 10:45:02

Microsoft® Windows Vista™ Home Basic Service Pack 1

System drive C: has 9 GB (28%) free of 32 GB

Total RAM: 1013 MB (15% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:45:25, on 09/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Users\Kieron\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Users\Kieron\AppData\Local\Temp\Low\Google\windep.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Downloads\RSIT.exe

C:\Program Files\trend micro\Kieron.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9203 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{E6116F3A-C688-46CB-98A1-1272E5EB53D4}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-14 130248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0BF43445-2F28-4351-9252-17FE6E806AA0}

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-10-14 437368]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-04 768520]

"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]

"eRecoveryService"= []

"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []

"SetPanel"=C:\Acer\APanel\APanel.cmd []

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-02 136600]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-10-28 150040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-10-28 178712]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-10-28 154136]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"Speech Recognition"=C:\Windows\Speech\Common\sapisvr.exe [2008-01-20 49664]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Program Files\Steam\Steam.exe -silent []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]

C:\PROGRA~1\ORBITD~1\orbitdm.exe [2008-10-14 1707208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-10-28 221184]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd1f0dc-bdb6-11dd-9b6e-fc4f21cdcedd}]

shell\AutoRun\command - G:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 3 months======

 

2008-12-09 10:45:02 ----D---- C:\rsit

2008-12-09 10:41:13 ----D---- C:\Program Files\Trend Micro

2008-12-09 02:28:26 ----D---- C:\Users\Kieron\AppData\Roaming\Malwarebytes

2008-12-09 02:28:16 ----D---- C:\ProgramData\Malwarebytes

2008-12-09 02:28:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-07 23:40:51 ----D---- C:\Users\Kieron\AppData\Roaming\GetRightToGo

2008-12-04 17:45:59 ----A---- C:\tracert.txt

2008-12-02 17:14:30 ----A---- C:\Windows\system32\javaws.exe

2008-12-02 17:14:30 ----A---- C:\Windows\system32\javaw.exe

2008-12-02 17:14:30 ----A---- C:\Windows\system32\java.exe

2008-12-02 17:14:30 ----A---- C:\Windows\system32\deploytk.dll

2008-12-02 01:03:44 ----D---- C:\Windows\pss

2008-11-26 17:41:07 ----A---- C:\Windows\system32\wups2.dll

2008-11-26 17:41:07 ----A---- C:\Windows\system32\wucltux.dll

2008-11-26 17:41:07 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-26 17:41:07 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-26 17:40:47 ----A---- C:\Windows\system32\wups.dll

2008-11-26 17:40:47 ----A---- C:\Windows\system32\wudriver.dll

2008-11-26 17:40:47 ----A---- C:\Windows\system32\wuapi.dll

2008-11-26 17:40:29 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-26 17:40:29 ----A---- C:\Windows\system32\wuapp.exe

2008-11-25 19:07:04 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2008-11-25 19:07:02 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2008-11-25 19:07:02 ----A---- C:\Windows\system32\WindowsCodecs.dll

2008-11-25 19:07:02 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2008-11-25 19:06:59 ----A---- C:\Windows\system32\connect.dll

2008-11-19 20:01:14 ----D---- C:\Program Files\uTorrent

2008-11-19 20:01:04 ----D---- C:\Users\Kieron\AppData\Roaming\uTorrent

2008-11-16 00:07:21 ----D---- C:\Program Files\SystemRequirementsLab

2008-11-15 22:30:31 ----D---- C:\Program Files\CCleaner

2008-11-13 11:56:46 ----A---- C:\Windows\system32\msxml3.dll

2008-11-13 11:52:09 ----A---- C:\Windows\system32\msxml6.dll

2008-10-29 15:32:32 ----A---- C:\Windows\system32\wersvc.dll

2008-10-29 15:32:32 ----A---- C:\Windows\system32\Faultrep.dll

2008-10-29 15:32:31 ----A---- C:\Windows\system32\win32spl.dll

2008-10-28 21:51:49 ----D---- C:\ProgramData\Blizzard

2008-10-28 08:43:56 ----A---- C:\Windows\system32\igfxtray.exe

2008-10-28 08:43:32 ----A---- C:\Windows\system32\igfxcfg.exe

2008-10-28 08:35:26 ----A---- C:\Windows\system32\igfxCoIn_v1591.dll

2008-10-28 08:25:44 ----A---- C:\Windows\system32\igdumdx32.dll

2008-10-28 08:21:36 ----A---- C:\Windows\system32\igd10umd32.dll

2008-10-28 08:14:44 ----A---- C:\Windows\system32\ig4dev32.dll

2008-10-28 08:14:34 ----A---- C:\Windows\system32\ig4icd32.dll

2008-10-28 08:05:16 ----A---- C:\Windows\system32\oemdspif.dll

2008-10-28 08:04:36 ----A---- C:\Windows\system32\igfxdo.dll

2008-10-27 22:46:59 ----D---- C:\Users\Kieron\AppData\Roaming\GrabPro

2008-10-27 22:46:59 ----D---- C:\downloads

2008-10-27 22:46:42 ----D---- C:\Users\Kieron\AppData\Roaming\Orbit

2008-10-27 22:46:38 ----D---- C:\Program Files\Orbitdownloader

2008-10-26 01:42:18 ----HD---- C:\Program Files\Zero G Registry

2008-10-26 01:39:41 ----D---- C:\Users\Kieron\AppData\Roaming\Sports Interactive

2008-10-23 20:14:27 ----A---- C:\Windows\system32\netapi32.dll

2008-10-22 19:02:38 ----D---- C:\.jagex_cache_32

2008-10-14 23:31:45 ----D---- C:\Program Files\BitLord

2008-10-14 18:04:33 ----A---- C:\Windows\system32\mshtml.dll

2008-10-14 18:04:32 ----A---- C:\Windows\system32\ieframe.dll

2008-10-14 18:04:30 ----A---- C:\Windows\system32\urlmon.dll

2008-10-14 18:04:29 ----A---- C:\Windows\system32\wininet.dll

2008-10-14 18:04:29 ----A---- C:\Windows\system32\mstime.dll

2008-10-14 18:04:29 ----A---- C:\Windows\system32\iertutil.dll

2008-10-14 18:04:28 ----A---- C:\Windows\system32\jsproxy.dll

2008-10-14 17:52:13 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-10-14 17:52:12 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll

2008-09-27 15:20:56 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-09-25 21:15:40 ----D---- C:\Users\Kieron\AppData\Roaming\Leadertech

2008-09-25 21:14:42 ----D---- C:\ProgramData\Logishrd

2008-09-25 21:14:31 ----D---- C:\ProgramData\Logitech

2008-09-25 21:14:29 ----D---- C:\Program Files\Logitech

2008-09-25 21:09:40 ----D---- C:\Program Files\Common Files\logishrd

2008-09-25 15:41:59 ----D---- C:\Program Files\YouTube Downloader

2008-09-23 03:01:16 ----D---- C:\Logs

2008-09-10 18:19:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-09-10 18:19:51 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-09-10 18:16:51 ----A---- C:\Windows\system32\wmpeffects.dll

2008-09-10 18:12:05 ----A---- C:\Windows\system32\emdmgmt.dll

2008-09-10 18:12:04 ----A---- C:\Windows\system32\dataclen.dll

2008-09-10 18:12:04 ----A---- C:\Windows\system32\cdd.dll

 

======List of files/folders modified in the last 3 months======

 

2008-12-09 10:45:24 ----D---- C:\Windows\Temp

2008-12-09 10:45:17 ----D---- C:\Windows\Prefetch

2008-12-09 10:41:13 ----RD---- C:\Program Files

2008-12-09 02:36:22 ----D---- C:\Windows\Debug

2008-12-09 02:36:22 ----D---- C:\Windows

2008-12-09 02:29:06 ----D---- C:\Windows\system32\drivers

2008-12-09 02:28:16 ----HD---- C:\ProgramData

2008-12-09 01:49:41 ----SHD---- C:\System Volume Information

2008-12-09 01:40:21 ----D---- C:\Windows\System32

2008-12-09 01:40:21 ----D---- C:\Windows\inf

2008-12-09 01:40:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-12-02 17:14:44 ----SHD---- C:\Windows\Installer

2008-12-02 17:13:52 ----D---- C:\Program Files\Java

2008-12-02 15:11:44 ----D---- C:\Windows\rescache

2008-12-01 20:10:48 ----SD---- C:\ProgramData\Microsoft

2008-11-30 11:11:57 ----D---- C:\Windows\system32\WDI

2008-11-28 17:51:21 ----D---- C:\Windows\winsxs

2008-11-28 17:40:31 ----D---- C:\Windows\system32\catroot

2008-11-28 17:39:40 ----D---- C:\Windows\system32\en-US

2008-11-26 17:42:09 ----D---- C:\Windows\system32\catroot2

2008-11-20 17:24:27 ----D---- C:\ProgramData\Microsoft Help

2008-11-19 17:15:10 ----D---- C:\Windows\system32\config

2008-11-19 17:15:04 ----D---- C:\Windows\Tasks

2008-11-19 17:15:04 ----D---- C:\Windows\system32\Tasks

2008-11-19 17:15:04 ----D---- C:\Windows\system32\spool

2008-11-19 17:15:04 ----D---- C:\Windows\system32\Msdtc

2008-11-19 17:15:03 ----D---- C:\Windows\system32\wbem

2008-11-19 17:15:03 ----D---- C:\Windows\registration

2008-11-16 00:07:06 ----SD---- C:\Windows\Downloaded Program Files

2008-11-16 00:00:56 ----SD---- C:\Users\Kieron\AppData\Roaming\Microsoft

2008-11-14 01:32:12 ----D---- C:\Program Files\Mozilla Firefox

2008-11-11 06:08:37 ----D---- C:\Users\Kieron\AppData\Roaming\Adobe

2008-11-10 23:10:04 ----D---- C:\Program Files\Windows Live

2008-11-10 23:04:53 ----D---- C:\ProgramData\WLInstaller

2008-11-09 15:01:07 ----D---- C:\ProgramData\avg8

2008-11-06 14:50:28 ----A---- C:\Windows\system32\igxpun.exe

2008-11-03 16:10:26 ----A---- C:\Windows\system32\mrt.exe

2008-11-01 21:54:46 ----HD---- C:\$AVG8.VAULT$

2008-10-28 09:42:24 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

2008-10-28 08:43:48 ----A---- C:\Windows\system32\igfxsrvc.exe

2008-10-28 08:43:34 ----A---- C:\Windows\system32\igfxpers.exe

2008-10-28 08:43:34 ----A---- C:\Windows\system32\igfxext.exe

2008-10-28 08:43:30 ----A---- C:\Windows\system32\hkcmd.exe

2008-10-28 08:29:40 ----A---- C:\Windows\system32\igdumd32.dll

2008-10-28 08:05:32 ----A---- C:\Windows\system32\igfxTMM.dll

2008-10-28 08:05:08 ----A---- C:\Windows\system32\igfxpph.dll

2008-10-28 08:05:02 ----A---- C:\Windows\system32\igfxexps.dll

2008-10-28 08:04:50 ----A---- C:\Windows\system32\igfxsrvc.dll

2008-10-28 08:04:28 ----A---- C:\Windows\system32\hccutils.dll

2008-10-28 08:04:24 ----A---- C:\Windows\system32\igfxdev.dll

2008-10-28 08:04:12 ----A---- C:\Windows\system32\igfxress.dll

2008-10-22 01:24:29 ----D---- C:\ProgramData\Messenger Plus!

2008-10-18 02:32:55 ----D---- C:\Program Files\Common Files\Steam

2008-10-18 01:49:48 ----SHD---- C:\$RECYCLE.BIN

2008-10-16 22:48:07 ----D---- C:\Users\Kieron\AppData\Roaming\LimeWire

2008-10-15 02:12:32 ----D---- C:\Program Files\Windows Mail

2008-10-15 02:12:30 ----D---- C:\Windows\system32\migration

2008-09-25 21:09:42 ----D---- C:\Windows\twain_32

2008-09-25 21:09:40 ----D---- C:\Program Files\Common Files

2008-09-11 11:29:41 ----D---- C:\Windows\AppPatch

2008-09-11 06:20:32 ----D---- C:\Program Files\Microsoft Works

2008-09-10 15:53:47 ----D---- C:\Program Files\MSECACHE

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-08-30 97928]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-08-16 26824]

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]

R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-29 8704]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-08 1163616]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-11 163376]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424]

R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-12-03 38496]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-21 180736]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]

S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]

S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]

S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]

S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-20 521216]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]

R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]

R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]

R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]

R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]

R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-29 386560]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

Link to post
Share on other sites

Hi Kieron,

 

If you're still in need of assistance, please visit the following webpage for instructions for downloading and running ComboFix

 

How to use ComboFix

 

 

Download ComboFix by sUBs from here, saving the file to your desktop.

 

 

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Link to post
Share on other sites

Hi Kieron,

 

If you're still in need of assistance, please visit the following webpage for instructions for downloading and running ComboFix

 

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

 

 

 

Hey Dave.

 

May I Add, A Few Days Ago I Installed Important Windows Updates. Since Then I Havent Had The Annoying Fake Windows Security Popup Im Not Sure If The Virus As Gone But Heres The ComboFix Log U Asked For:

 

 

ComboFix 08-12-13.03 - Kieron 2008-12-14 5:33:42.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.318 [GMT -8:00]

Running from: c:\users\Kieron\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Kieron\AppData\Roaming\.#

 

.

((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))

.

 

2008-12-14 05:30 . 2008-12-14 05:31 <DIR> d-------- C:\32788R22FWJFW

2008-12-11 13:58 . 2008-10-21 17:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-10 18:03 . 2008-10-31 17:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-10 18:03 . 2008-10-31 19:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-10 12:34 . 2008-10-15 18:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-10 12:34 . 2008-10-15 20:47 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-10 11:03 . 2008-10-28 22:29 2,927,104 --a------ c:\windows\explorer.exe

2008-12-10 10:53 . 2008-10-20 21:25 296,960 --a------ c:\windows\System32\gdi32.dll

2008-12-10 10:44 . 2008-06-22 17:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-10 10:44 . 2008-06-22 17:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-10 10:44 . 2008-06-22 17:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-09 10:45 . 2008-12-09 10:45 <DIR> d-------- C:\rsit

2008-12-09 10:41 . 2008-12-09 10:45 <DIR> d-------- c:\program files\Trend Micro

2008-12-09 02:28 . 2008-12-09 02:28 <DIR> d-------- c:\users\Kieron\AppData\Roaming\Malwarebytes

2008-12-09 02:28 . 2008-12-09 02:28 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-09 02:28 . 2008-12-09 02:28 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-09 02:28 . 2008-12-09 02:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-09 02:28 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-09 02:28 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-07 23:40 . 2008-12-07 23:58 <DIR> d-------- c:\users\Kieron\AppData\Roaming\GetRightToGo

2008-12-02 17:14 . 2008-12-02 17:14 410,976 --a------ c:\windows\System32\deploytk.dll

2008-12-01 20:10 . 2008-12-01 20:10 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-11-26 17:41 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-26 17:41 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-26 17:41 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-26 17:41 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-26 17:40 . 2008-10-16 13:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-26 17:40 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-26 17:40 . 2008-10-16 12:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-26 17:40 . 2008-10-16 13:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-26 17:40 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-25 19:07 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-25 19:07 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-25 19:07 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-25 19:07 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-25 19:06 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-19 20:01 . 2008-12-10 19:32 <DIR> d-------- c:\users\Kieron\AppData\Roaming\uTorrent

2008-11-19 20:01 . 2008-11-19 20:01 <DIR> d-------- c:\program files\uTorrent

2008-11-16 00:07 . 2008-11-16 00:07 <DIR> d-------- c:\program files\SystemRequirementsLab

2008-11-15 22:30 . 2008-11-15 22:30 <DIR> d-------- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-14 13:29 --------- d-----w c:\users\Kieron\AppData\Roaming\Orbit

2008-12-12 01:32 --------- d-----w c:\programdata\Microsoft Help

2008-12-12 01:30 --------- d-----w c:\program files\Microsoft Works

2008-12-12 01:14 --------- d-----w c:\programdata\Logishrd

2008-12-12 01:14 --------- d-----w c:\program files\Common Files\logishrd

2008-12-12 01:07 --------- d-----w c:\program files\Java

2008-12-11 22:36 --------- d-----w c:\program files\Windows Mail

2008-12-06 07:08 --------- d-----w c:\program files\Orbitdownloader

2008-12-02 05:04 292 ----a-w c:\users\Kieron\AppData\Roaming\wklnhst.dat

2008-11-14 07:53 30 ----a-w c:\users\Kieron\jagex_runescape_preferences.dat

2008-11-11 07:10 --------- d-----w c:\program files\Windows Live

2008-11-11 07:04 --------- d-----w c:\programdata\WLInstaller

2008-11-09 23:01 --------- d-----w c:\programdata\avg8

2008-11-06 22:50 920,088 ----a-w c:\windows\System32\igxpun.exe

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 05:51 --------- d-----w c:\programdata\Blizzard

2008-10-28 17:42 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-10-28 16:43 670,232 ----a-w c:\windows\System32\igfxcfg.exe

2008-10-28 16:43 256,536 ----a-w c:\windows\System32\igfxsrvc.exe

2008-10-28 16:43 178,712 ----a-w c:\windows\System32\igfxext.exe

2008-10-28 16:43 178,712 ----a-w c:\windows\System32\hkcmd.exe

2008-10-28 16:43 154,136 ----a-w c:\windows\System32\igfxpers.exe

2008-10-28 16:43 150,040 ----a-w c:\windows\System32\igfxtray.exe

2008-10-28 16:35 147,456 ----a-w c:\windows\System32\igfxCoIn_v1591.dll

2008-10-28 16:29 3,411,968 ----a-w c:\windows\System32\igdumd32.dll

2008-10-28 16:29 2,476,544 ----a-w c:\windows\system32\drivers\igdkmd32.sys

2008-10-28 16:28 1,498,700 ----a-w c:\windows\System32\igkrng400.bin

2008-10-28 16:25 536,576 ----a-w c:\windows\System32\igdumdx32.dll

2008-10-28 16:21 2,256,896 ----a-w c:\windows\System32\igd10umd32.dll

2008-10-28 16:14 3,895,296 ----a-w c:\windows\System32\ig4icd32.dll

2008-10-28 16:14 2,359,296 ----a-w c:\windows\System32\ig4dev32.dll

2008-10-28 16:05 69,632 ----a-w c:\windows\System32\oemdspif.dll

2008-10-28 16:05 258,048 ----a-w c:\windows\System32\igfxTMM.dll

2008-10-28 16:05 24,576 ----a-w c:\windows\System32\igfxexps.dll

2008-10-28 16:05 217,088 ----a-w c:\windows\System32\igfxpph.dll

2008-10-28 16:04 52,224 ----a-w c:\windows\System32\igfxsrvc.dll

2008-10-28 16:04 5,672,960 ----a-w c:\windows\System32\igfxress.dll

2008-10-28 16:04 221,184 ----a-w c:\windows\System32\igfxdev.dll

2008-10-28 16:04 135,168 ----a-w c:\windows\System32\igfxdo.dll

2008-10-28 16:04 106,496 ----a-w c:\windows\System32\hccutils.dll

2008-10-28 06:47 --------- d-----w c:\users\Kieron\AppData\Roaming\GrabPro

2008-10-26 09:49 --------- d-----w c:\users\Kieron\AppData\Roaming\Sports Interactive

2008-10-26 09:47 --------- d--h--w c:\program files\Zero G Registry

2008-10-22 09:24 --------- d-----w c:\programdata\Messenger Plus!

2008-10-18 10:32 --------- d-----w c:\program files\Common Files\Steam

2008-10-17 06:48 --------- d-----w c:\users\Kieron\AppData\Roaming\LimeWire

2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-08-21 05:11 1,284,008 ----a-w c:\users\Kieron\WoW-2.3.0.7561-enGB-downloader.exe

2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 01:00 39472 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-20 49664]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-02 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

--a------ 2007-11-20 02:15 1826816 c:\windows\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C06C44F0-DC3E-444E-9FC7-8085EA916F9F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{B3EAFE88-3A46-43D0-9A90-02000CBE06AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{0D86D2C2-8630-492F-B32E-A2C84EFCB069}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{52DEACB3-FBC1-4ECF-9D7C-4BDD723445CC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{F7B32ED2-7D78-41F5-AEE3-3FD20C855A57}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{120620F1-2116-4A68-88CF-71C81AF1C3E3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{70C47D05-F4B9-4642-A8C6-B8BB1ADE36AC}"= UDP:d:\world of warcraft\Launcher.exe:World of Warcraft

"{03A9E259-37C5-43BD-8E30-050A3515A91D}"= TCP:d:\world of warcraft\Launcher.exe:World of Warcraft

"{9E610318-8373-48A0-835D-E17BF7097352}"= UDP:c:\users\Kieron\Desktop\WoW-2.3.0.7561-enGB\Installer.exe:Installer

"{AABC4C2C-9426-4DAA-9790-A40C30A73474}"= TCP:c:\users\Kieron\Desktop\WoW-2.3.0.7561-enGB\Installer.exe:Installer

"{CA41D321-0D06-4C40-82EE-340C8AFF7377}"= UDP:d:\world of warcraft\BackgroundDownloader.exe:BackgroundDownloader

"{9EA27F7E-3E06-4F06-8FB8-2FF4B1761119}"= TCP:d:\world of warcraft\BackgroundDownloader.exe:BackgroundDownloader

"{3322EB5F-66A1-4C92-9C5C-9941764B90C4}"= UDP:d:\world of warcraft\Repair.exe:World of Warcraft - Repair

"{39DE82A0-0611-4A13-96BD-B31FE74DA24E}"= TCP:d:\world of warcraft\Repair.exe:World of Warcraft - Repair

"{E244C77C-A800-413D-BB35-9BF88BF6B366}"= UDP:3724:blizzard downloader

"{BF0E49E6-0EAB-433E-86C7-FAA139C31C1E}"= UDP:6881:blizzard downloader

"{BC958412-D83A-4416-B04E-3CFDD3DC00FE}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{21DC21DE-C9B0-4589-A8FB-DEADA2A159D6}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{8619882D-37C5-4464-8E02-C3BB396C4403}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{51B3B947-8412-486F-9843-B6155CD2ABFB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{92B503B9-FB4F-471F-B8F8-22465984C1EB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F4126CB0-04E2-494A-94C6-CB32C0555588}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{2A0A2332-265A-4D33-A692-81215EC734F9}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{6293AF16-DC10-49C5-8A05-60667EC93A38}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{237C6162-EC26-4E7C-9FA5-C453411D508B}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"{DC28023D-89DB-430F-A990-451620AD39AD}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"TCP Query User{EF109C67-EC16-485D-BD32-1ADA3241EEDF}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{6D4DF13E-5DCE-4CB3-9EB4-1EF22BBEB40F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{A792907B-853E-4F1E-B928-00BABD191681}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{709CBE3E-2D81-46F6-8F15-62B42A947B09}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-16 97928]

R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-03-21 51200]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-16 231704]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-21 180736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd1f0dc-bdb6-11dd-9b6e-fc4f21cdcedd}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{E6116F3A-C688-46CB-98A1-1272E5EB53D4}.job

- c:\windows\system32\msfeedssync.exe [2008-01-20 18:34]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe

HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe

MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-14 05:38:08

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\users\Kieron\AppData\Local\Temp\catchme.dll 53248 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(568)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(628)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'Explorer.exe'(26180)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\acer\Empowering Technology\EPOWER\SysHook.dll

.

Completion time: 2008-12-14 5:45:20

ComboFix-quarantined-files.txt 2008-12-14 13:45:07

 

Pre-Run: 8,781,750,272 bytes free

Post-Run: 7,650,709,504 bytes free

 

237 --- E O F --- 2008-12-11 22:07:57

 

 

Kieron x

Link to post
Share on other sites

Hi Kieron,

 

I don't see anything else rogue in your log. One of those updates might have been the Malicious Software Removal tool, and it might have removed whatever was responsible for the popup. I do suggest running an online scan to be sure we're not missing something. Please do an online scan with Kaspersky Online Scanner

 

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Post the Kaspersky log here.
Link to post
Share on other sites

"I don't see anything else rogue in your log. One of those updates might have been the Malicious Software Removal tool, and it might have removed whatever was responsible for the popup."

 

I Hope That Is The Case, I Have Ran The Kaspersky Online Scanner, Here's The Log

 

 

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, December 14, 2008

Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, December 14, 2008 16:21:25

Records in database: 1460860

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 79105

Threat name: 0

Infected objects: 0

Suspicious objects: 0

Duration of the scan: 01:11:28

 

No malware has been detected. The scan area is clean.

 

The selected area was scanned.

 

 

Kieron x

Edited by Kieron Taundry
Link to post
Share on other sites

Great! Now open MBAM and remove any items quarantined. Do the same with your resident antivirus.

 

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.

Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

You can delete any other logs that were created/saved too.

 

 

Glad I could help Kieron. Merry Christmas to you also. Surf safe! :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...