[[ComboFix.Txt]]
ComboFix 10-09-22.02 - User 22/09/2010 19:59:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2046.922 [GMT -4:00]
Running from: c:\users\User\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\1.bin\trz7FF4.tmp
c:\program files\MyWebSearch\bar\1.bin\trz9D16.tmp
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\ Wuala Online.url
c:\users\User\AppData\Roaming\trz317.tmp
c:\users\User\AppData\Roaming\Xegyu
c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
c:\users\User\AppData\Roaming\Yzcepi
c:\users\User\AppData\Roaming\Yzcepi\aharo.siu
c:\users\User\AppData\Roaming\Yzcepi\aharo.tmp
c:\users\User\Minecraft
c:\windows\system32\config\systemprofile\AppData\Local\mifdthi.dll
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe
c:\windows\system32\f3PSSavr.scr
Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-22 22:19 . 2010-09-22 22:19 -------- d-----w- c:\programdata\WindowsSearch
2010-09-22 19:37 . 2010-09-22 19:37 -------- d-----w- C:\_OTL
2010-09-22 13:04 . 2010-09-22 13:04 -------- d-----w- c:\program files\temp
2010-09-18 23:12 . 2010-09-18 23:12 -------- d-----w- c:\program files\AVS4YOU
2010-09-18 23:10 . 2010-06-22 18:57 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-09-18 23:10 . 2010-06-22 18:57 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-09-14 14:54 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-09-14 14:54 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-09-14 14:52 . 2010-09-14 14:52 -------- d-----w- c:\windows\system32\RsFx
2010-09-14 14:44 . 2010-09-14 14:52 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-14 14:42 . 2010-09-14 14:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-14 14:41 . 2010-09-14 14:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-14 14:39 . 2010-09-14 14:39 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-14 14:31 . 2010-09-14 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-14 14:27 . 2010-09-14 14:27 -------- d-----w- c:\program files\IIS
2010-09-14 14:11 . 2010-09-14 14:50 -------- d-----w- c:\windows\system32\1033
2010-09-14 14:10 . 2010-09-14 14:10 -------- d-----w- c:\windows\symbols
2010-09-14 14:09 . 2010-09-14 14:18 -------- d-----w- c:\program files\Microsoft F#
2010-09-14 14:09 . 2010-09-14 14:43 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-14 14:09 . 2010-09-14 14:13 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-14 14:09 . 2010-09-14 14:17 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-14 14:09 . 2010-09-14 14:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-09-14 14:01 . 2010-09-14 14:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-09 00:34 . 2010-09-21 12:54 -------- d-----w- c:\users\User\AppData\Roaming\.minecraft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 00:12 . 2009-12-09 04:04 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-23 00:12 . 2009-09-11 23:53 -------- d-----w- c:\users\User\AppData\Roaming\WTablet
2010-09-23 00:11 . 2009-09-16 12:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-09-22 13:04 . 2010-09-22 13:04 106496 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ymyn.exe
2010-09-22 11:54 . 2010-09-22 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ynel.exe
2010-09-21 23:54 . 2010-09-21 23:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\unpu.exe
2010-09-21 12:05 . 2009-11-12 13:47 -------- d-----w- c:\users\User\AppData\Roaming\Mual
2010-09-21 11:54 . 2010-09-21 11:54 116224 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uvec.exe
2010-09-21 11:01 . 2010-03-03 10:13 -------- d-----w- c:\users\User\AppData\Roaming\Kineo
2010-09-21 10:57 . 2009-08-04 00:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-21 10:56 . 2009-09-19 19:12 -------- d-----w- c:\program files\QuickTime
2010-09-21 10:56 . 2009-06-18 00:23 -------- d-----w- c:\program files\Paint.NET
2010-09-21 10:55 . 2009-06-17 17:49 -------- d-----w- c:\program files\Movie Maker 2.6
2010-09-21 10:55 . 2008-08-21 21:30 -------- d-----w- c:\program files\Microsoft Works
2010-09-21 10:54 . 2009-10-12 01:52 -------- d-----w- c:\program files\Microsoft
2010-09-21 10:52 . 2009-08-02 18:25 -------- d-----w- c:\program files\DDS Converter 2
2010-09-21 10:52 . 2008-08-21 21:08 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-21 10:52 . 2009-06-17 17:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 10:52 . 2009-08-06 05:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-09-21 10:42 . 2009-08-06 05:19 -------- d-----w- c:\program files\backburner 2
2010-09-21 10:42 . 2009-08-21 15:41 -------- d-----w- c:\program files\AVI-GIF
2010-09-21 10:42 . 2009-08-21 20:14 -------- d-----w- c:\program files\Audacity
2010-09-19 23:00 . 2009-06-16 03:30 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2010-09-19 02:56 . 2010-09-15 03:23 65024 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 62464 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
2010-09-19 02:56 . 2010-09-15 03:23 248832 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
2010-09-19 02:56 . 2010-09-15 03:23 195072 ----a-w- c:\users\User\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
2010-09-18 23:12 . 2010-05-12 11:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-15 03:06 . 2010-09-15 03:23 232159 ----a-w- c:\users\User\AppData\Roaming\.minecraft\Minecraft.exe
2010-09-14 15:09 . 2010-09-14 14:25 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-14 14:50 . 2008-08-21 21:29 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 14:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-09-14 14:25 . 2010-09-14 14:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-09-14 14:23 . 2009-06-11 22:51 71840 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-07 02:01 . 2010-08-19 14:39 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2010-08-27 13:21 . 2010-04-02 13:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 23:51 . 2009-07-07 10:58 -------- d-----w- c:\program files\Steam
2010-08-22 23:37 . 2009-07-07 10:58 -------- d-----w- c:\program files\Common Files\Steam
2010-08-17 16:39 . 2010-08-17 16:39 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2010-08-17 16:39 . 2010-08-17 16:39 1036288 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80d.dll
2010-08-17 16:39 . 2010-08-17 16:39 548864 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2010-08-17 16:10 . 2010-08-17 13:41 46 ----a-w- c:\users\User\jagex_runescape_preferences.dat
2010-08-17 16:10 . 2010-08-17 13:42 99 ----a-w- c:\users\User\jagex_runescape_preferences2.dat
2010-08-17 13:42 . 2010-08-17 13:42 0 ----a-w- c:\users\User\jagex__preferences3.dat
2010-08-10 03:01 . 2010-07-19 22:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-10 01:53 . 2010-08-10 01:53 -------- d-----w- c:\users\User\AppData\Roaming\Screaming Bee
2010-07-24 07:53 . 2010-07-17 16:18 73216 ----a-w- c:\windows\system32\o.dat
2010-07-17 16:21 . 2010-07-17 16:21 120 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ukazafuxu.dat
2010-07-17 16:21 . 2010-07-17 16:21 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Qdativodukeqoda.bin
2010-07-08 18:55 . 2010-07-08 18:56 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-06-28 20:57 . 2010-07-13 17:56 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-07-13 17:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-07-13 17:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-07-13 17:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-07-13 17:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-07-13 17:57 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-07-13 17:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 21:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"WeatherEye"="d:\programs\WeatherEye\WeatherEye.exe" [2009-10-27 718232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-04 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]
"AMTDeviceService"="d:\programs\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
trz77F0.tmp [2010-9-21 253440]
unpu.exe [2010-9-21 116224]
uvec.exe [2010-9-21 116224]
ymyn.exe [2010-9-22 106496]
ynel.exe [2010-9-22 116224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-07-18 357376]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0609&m=aspire_m1201mStart Page =
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0609&m=aspire_m1201IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\790fczqk.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://ca.yahoo.com/FF - prefs.js: keyword.URL -
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\User\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {5B7E0F29-0448-4B9B-8842-DDA1BFFC675D} - c:\windows\system32\config\systemprofile\AppData\Local\{5B7E0F29-0448-4B9B-8842-DDA1BFFC675D}\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{99756919-C498-4D97-9E20-2076DE0E42B9} - c:\program files\Wowd\ext\eiexxpw.dll
HKCU-Run-EA Core - d:\programs\EA Download Manager\EADM\Core.exe
HKCU-Run-{A1BEEF18-926B-82F6-3BBB-3A32F8584B7E} - c:\users\User\AppData\Roaming\Xegyu\ehacz.exe
HKU-Default-Run-qonlkhsys - cbyxwv.dll
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-AV VoizGame - d:\programs\AVVOIZ~1\UNWISE.EXE
AddRemove-ffdshow_is1 - d:\programs\Fox Video Converter\codec\unins000.exe
AddRemove-InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} - c:\program files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe
AddRemove-RealAlt_is1 - d:\programs\Fox Video Converter\codec\real\unins000.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{65761BAE-11E8-48FE-B30F-1F01011AB906} - c:\program files\InstallShield Installation Information\{65761BAE-11E8-48FE-B30F-1F01011AB906}\setup.exe
AddRemove-{80AAD9DF-7E64-40D2-80D2-BECA41593EEB} - c:\program files\InstallShield Installation Information\{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}\setup.exe
AddRemove-{9DF0196F-B6B8-4C3A-8790-DE42AA530101} - c:\program files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe
AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-22 20:17
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3465122130-2015767867-611751245-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,11,40,49,2e,c8,96,39,03,31,79,e0,11,39,1b,7c,18,a4,ec,8b,ed,
94,02,c8,76,04,ce,c8,0b,4c,49,76,08,ae,d6,19,57,94,f9,e8,9e,d8,c9,23,51,a4,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2648)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\3dsmax9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2010-09-22 20:20:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-23 00:20
Pre-Run: 43,309,654,016 bytes free
Post-Run: 43,000,782,848 bytes free
- - End Of File - - 749BCDF06F5B71EFB7565ED4D66AEED7