Inactive [InActive] Bloodhound.Sonar.1 and Other Problems.

kazzyb · 2008/12/02

Hi,

I hope someone can help me?

My Norton keeps telling me that I have a Bloodhound.Sonar.1 infection yet once I remove it it keeps coming back.

My skype also keeps crashing and everytime I open up IE the pictures disappear and I have to go into tools, internet options e.t.c. to restore them although this happens everytime!

My Laptop is obviously riddled with issues but I don't know where to start. I've downloaded and run various spyware programmes such as Ad-aware and spybot but they don't seem to have helped.

Here is my Hijack this file.

Hope you can help!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:05, on 02/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Users\Alban\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alban\AppData\Local\Temp\Low\3159625004.exe
C:\Users\Alban\AppData\Local\Citrix\ICA Client\Wfcrun32.exe
C:\Users\Alban\AppData\Local\Citrix\ICACLI~1\WFICA32.EXE
C:\Users\Alban\AppData\Local\Temp\Low\601120412.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Alban\AppData\Local\Temp\Low\509318268.exe
C:\Users\Alban\AppData\Local\Temp\Low\750548268.exe
C:\Users\Alban\AppData\Local\Temp\Low\3942643676.exe
C:\Users\Alban\AppData\Local\Temp\Low\3828811532.exe
C:\Users\Alban\AppData\Local\Temp\Low\4061781532.exe
C:\Users\Alban\AppData\Local\Temp\Low\1254356940.exe
C:\Users\Alban\AppData\Local\Temp\Low\1139704796.exe
C:\Users\Alban\AppData\Local\Temp\Low\1367334796.exe
C:\Users\Alban\AppData\Local\Temp\csrssc.exe
C:\Users\Alban\AppData\Local\Temp\Low\268932908.exe
C:\Users\Alban\AppData\Local\Temp\Low\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype 2\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B200799F-9538-403d-9A6E-36F5942EC540} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: C:\Windows\system32\jhsrf832jbnefe.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jhsrf832jbnefe.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe "
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe "
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype 2\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\Alban\AppData\Local\Temp\csrssc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Update Monitor CSK Demo.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype 2\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.fivelands.info/ScriptX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://media.srl-online.com/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\Windows\system32\jhsrf832jbnefe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15923 bytes

Geri · 2008/12/05

Hi kazzyb
Welcome to WindowsBBS.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

Vista users right click Combofix.exe and select Run As Administrator.

When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Now this.

Download RSIT by random/random and save it to your desktop.

Double click RSIT.exe to start the tool.

At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.

If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.

When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.

Please post the contents of log.txt here in your next reply.

Please post the Combofix Log and the log.txt from RSIT.

Thanks
Geri

kazzyb · 2008/12/06

Hi Geri,

Thank you for your help. Here are the files you asked for:

ComboFix 08-12-06.04 - Alban 2008-12-07 0:25:59.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.299 [GMT 0:00]
Running from: c:\users\Alban\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 00:21 . 2008-12-07 00:21 6,736 --a------ c:\windows\System32\drivers\PROCEXP90.SYS
2008-12-04 22:18 . 2008-12-04 22:18 <DIR> d-------- c:\program files\MortimerBeckettTimeParadox_at
2008-12-04 09:12 . 2008-12-04 09:12 <DIR> d-------- c:\users\Alban\AppData\Roaming\pdf995
2008-12-04 08:53 . 2008-12-04 19:26 <DIR> d-------- c:\users\All Users\pdf995
2008-12-04 08:53 . 2008-12-04 19:26 <DIR> d-------- c:\programdata\pdf995
2008-12-04 08:53 . 2008-12-04 08:56 <DIR> d-------- c:\program files\pdf995
2008-12-04 08:53 . 2008-12-04 08:53 249,856 --a------ c:\windows\System32\pdfmona.dll
2008-12-04 08:53 . 2008-12-04 08:53 51,716 --a------ c:\windows\System32\pdf995mon.dll
2008-12-04 08:53 . 2008-12-04 19:26 60 --a------ c:\windows\wpd99.drv
2008-12-02 19:22 . 2008-12-02 19:22 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-02 19:22 . 2008-12-02 19:22 <DIR> d-------- c:\users\Alban\AppData\Roaming\Malwarebytes
2008-12-02 19:22 . 2008-12-02 19:22 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-02 14:41 . 2008-12-02 14:41 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 10:25 . 2008-12-06 20:08 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-01 10:25 . 2008-12-06 20:08 <DIR> d-------- c:\programdata\Lavasoft
2008-12-01 09:51 . 2008-12-01 14:34 <DIR> d-------- c:\program files\NoAdware
2008-12-01 09:35 . 2008-12-01 09:35 <DIR> d-------- c:\users\All Users\TEMP
2008-12-01 09:35 . 2008-12-01 09:35 <DIR> d-------- c:\programdata\TEMP
2008-12-01 09:35 . 2008-12-01 14:35 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-01 07:35 . 2008-12-01 07:35 <DIR> d-------- c:\program files\Advance Training CSK 2009
2008-11-30 12:09 . 2008-11-30 12:09 <DIR> d-------- c:\program files\Skype
2008-11-30 12:08 . 2008-11-30 12:09 <DIR> d-------- c:\program files\Skype 2
2008-11-30 12:08 . 2008-11-30 12:08 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-29 22:03 . 2008-12-01 14:34 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-29 22:03 . 2008-12-01 14:34 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-29 22:03 . 2008-12-01 14:34 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-29 08:08 . 2008-11-29 08:08 7,680 --a------ c:\windows\o255.exe
2008-11-29 08:07 . 2008-11-29 08:09 193,392 --a------ c:\windows\pn8.exe
2008-11-29 08:07 . 2008-11-29 08:09 16,384 --a------ c:\windows\feoc827.exe
2008-11-29 08:07 . 2008-11-29 08:09 2 --a------ C:\-1070884225
2008-11-29 06:57 . 2008-12-04 22:07 <DIR> d-------- c:\program files\Mortimer Beckett And The Time Paradox
2008-11-29 06:56 . 2008-11-29 06:56 <DIR> d-------- c:\program files\ReflexiveArcade
2008-11-28 20:26 . 2008-11-28 20:27 <DIR> d-------- c:\program files\Apple Software Update
2008-11-26 21:12 . 2008-11-29 19:46 <DIR> d-------- c:\program files\Software Informer
2008-11-26 19:52 . 2008-11-26 19:52 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-11-26 19:52 . 2008-11-26 19:52 56 --ah----- c:\programdata\ezsidmv.dat
2008-11-26 19:47 . 2005-03-25 15:57 217,088 --a------ c:\windows\System32\DSSCORE.DLL
2008-11-26 17:54 . 2008-11-29 08:06 <DIR> d-------- c:\users\Alban\AppData\Roaming\LimeWire
2008-11-26 17:53 . 2008-11-26 17:54 <DIR> d-------- c:\program files\LimeWire
2008-11-26 00:56 . 2008-08-28 03:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 00:56 . 2008-08-28 03:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 00:56 . 2008-08-28 03:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 00:56 . 2008-10-22 03:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 00:56 . 2008-10-22 03:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 00:56 . 2008-10-22 03:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-26 00:55 . 2008-10-21 05:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-22 12:26 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-22 12:26 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-22 12:26 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-22 12:26 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-22 12:26 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-22 12:26 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-22 12:26 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-22 12:25 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-22 12:25 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-19 12:30 . 2008-09-05 04:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-19 12:30 . 2008-08-26 01:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-19 12:30 . 2008-09-05 04:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-19 12:29 . 2008-09-10 03:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-19 12:29 . 2008-09-10 03:21 2,048 --a------ c:\windows\System32\msxml6r.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 00:29 --------- d-----w c:\users\Alban\AppData\Roaming\Skype
2008-12-07 00:06 --------- d-----w c:\users\Alban\AppData\Roaming\skypePM
2008-12-06 20:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-04 21:30 --------- d-----w c:\program files\Lx_cats
2008-12-01 07:34 --------- d-----w c:\program files\Advance Training CSK 2008 Demo
2008-11-30 16:46 --------- d-----w c:\program files\Google
2008-11-30 12:09 --------- d-----w c:\programdata\Skype
2008-11-29 19:59 --------- d-----w c:\users\Alban\AppData\Roaming\ICAClient
2008-11-28 18:03 --------- d-----w c:\program files\Java
2008-11-27 21:01 --------- d-----w c:\programdata\Symantec
2008-11-26 20:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 03:02 --------- d-----w c:\programdata\Microsoft Help
2008-11-07 13:49 --------- d-----w c:\program files\Norton 360
2008-11-02 10:50 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-20 00:27 --------- d-----w c:\programdata\Yahoo!
2008-10-16 02:11 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-07-18 18:14 32 ----a-w c:\users\All Users\ezsid.dat
2008-07-18 18:14 32 ----a-w c:\programdata\ezsid.dat
2008-07-10 11:08 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@= "{4433A54A-1AC8-432F-90FC-85F045CF383C} "
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@= "{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} "
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@= "{476D0EA3-80F9-48B5-B70B-05E677C9C148} "
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r "=" " [?]
"????????? "= "??????????????e" [?]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-08 1232896]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"mRouterConfig "= "c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"Google Update "= "c:\users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"Skype "= "c:\program files\Skype 2\Phone\Skype.exe" [2008-11-07 21633320]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc "= "c:\windows\system32\nvsvc.dll" [2006-11-22 90191]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"WarReg_PopUp "= "c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager "= "c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"lxctmon.exe "= "c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server "= "c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint "= "c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS "= "c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Windows Mobile-based device management "= "c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"PC Suite for Smartphones "= "c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-11-08 528384]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RtHDVCpl "= "RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

c:\users\Alban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Update Monitor CSK Demo.lnk - c:\users\Alban\AppData\Roaming\Microsoft\Installer\{CAF55DFA-8F19-4880-93AD-33342476831A}\Icon4A13CA3D1.exe [2008-09-23 9216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-02 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)
"DefaultOutboundAction "= 0 (0x0)
"DefaultInboundAction "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{300FC74B-2318-4D14-AC53-306200A8835E} "= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{47C39F74-3446-4FB4-B64D-B39E7559E330} "= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{E5B902FE-5174-415A-A786-16ECAABC704B} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{99D7267F-065F-4499-8FAA-9E0A37A4443A} "= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exeevice Monitor
"{645850A6-44F9-44AD-A53F-D7978460DB55} "= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exeevice Monitor
"{5BBE94B6-E289-490C-A466-A1446E4B1DBA} "= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{94FF2A47-F470-4E44-B897-E3112D4D2A26} "= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{1FE6644C-B400-43B0-BC4A-E197A30FD60A} "= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{366EF621-8876-40A7-B7F1-6E336B53403E} "= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{E67F6E0E-4FC4-4535-854C-7519F27E6AE2} "= Disabled:UDP:135:TCP Port 135
"{496497CC-CECB-4420-B572-ABB3FDDBA207} "= Disabled:UDP:5000:TCP Port 5000
"{A6245174-C6DE-446B-A3F2-B0D1A5268EB4} "= Disabled:UDP:5001:TCP Port 5001
"{9458F217-C201-43FC-9EE5-545A97DE6369} "= Disabled:UDP:5002:TCP Port 5002
"{56D585F3-E948-4422-865B-6C1A86126C23} "= Disabled:UDP:5003:TCP Port 5003
"{1985E732-E5AD-4ED0-8534-04C8BFB65771} "= Disabled:UDP:5004:TCP Port 5004
"{190E33D7-5129-4E2E-9DEA-71608401B7B9} "= Disabled:UDP:5005:TCP Port 5005
"{0778ED3D-7EBB-4AFC-8728-B4AAF57899C1} "= Disabled:UDP:5006:TCP Port 5006
"{2F6EB853-E6F7-4651-8D72-F5F0E6733E24} "= Disabled:UDP:5007:TCP Port 5007
"{EC394D9C-504D-4205-8DDE-BB77FE1B6A75} "= Disabled:UDP:5008:TCP Port 5008
"{D6AD27BC-8E05-4C44-BD51-9FCD24CAAD8E} "= Disabled:UDP:5009:TCP Port 5009
"{935F9C63-5B7F-4E83-967C-1BB68CC64789} "= Disabled:UDP:5010:TCP Port 5010
"{1075BFFF-6BF9-4633-9F07-AE5989B47F58} "= Disabled:UDP:5011:TCP Port 5011
"{8808C5CD-BDB9-4B36-8066-CE879BE92AF3} "= Disabled:UDP:5012:TCP Port 5012
"{63FAD5A7-F897-428B-9908-5A6A2A1826DD} "= Disabled:UDP:5013:TCP Port 5013
"{7C62CA29-E81B-4ACD-AC81-D65CACFECD3B} "= Disabled:UDP:5014:TCP Port 5014
"{D7225F1F-E0C4-4F4A-84E4-07D9B6527C15} "= Disabled:UDP:5015:TCP Port 5015
"{8D3F5A2B-7E36-4631-8981-6990EDF1F62F} "= Disabled:UDP:5016:TCP Port 5016
"{FA5C786D-3709-4980-9892-BEEC27DC8052} "= Disabled:UDP:5017:TCP Port 5017
"{6E9FF516-0EFC-4E1F-B07C-223FD8BD60F0} "= Disabled:UDP:5018:TCP Port 5018
"{08974415-6D12-4966-BB04-759F3FCD9442} "= Disabled:UDP:5019:TCP Port 5019
"{FB35E346-C52B-4A52-983F-EE1CFE9F93EA} "= Disabled:UDP:5020:TCP Port 5020
"{406BF986-E513-43B8-AAE2-733A039AB13D} "= UDP:990:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{308AEDC6-D60E-4514-BB08-593C24172EF0} "= UDP:5721:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}%systemroot%\WindowsMobile\wmdc.exe,-4002
"{65C1373B-ACF0-4702-855B-54366BE7DF1E} "= UDP:1034:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}%systemroot%\WindowsMobile\wmdc.exe,-4003
"{0E3B08EB-00A5-4CEC-A5BC-41BF42A41D55} "= UDP:5678:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}|%systemroot%\WindowsMobile\wmdHost.exe%systemroot%\WindowsMobile\wmdc.exe,-4004
"{AD6891B7-27D3-4870-8952-BD85F975C0E1} "= UDP:999:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}|%systemroot%\WindowsMobile\wmdHost.exe%systemroot%\WindowsMobile\wmdc.exe,-4005
"{CDB3BC5B-FF1D-4F63-801A-E51727687116} "= UDP:26675:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}%systemroot%\WindowsMobile\wmdc.exe,-4006
"{68EEF0FC-4ECA-4C50-9F21-D3E731E6446B} "= UDP:990:LocalSubnet:LocalSubnet|IF={75AAE2AD-ED81-4F42-8EED-D03D26B52643}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdc.exe,-4001
"{48F8BDB4-0CCD-4D14-A719-6CEBCFD84C12} "= UDP:5721:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}%systemroot%\WindowsMobile\wmdc.exe,-4002
"{EB989C2E-9A9C-48D8-BBEC-807D3941176A} "= UDP:1034:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}%systemroot%\WindowsMobile\wmdc.exe,-4003
"{14C5F5F3-70E3-4B4B-B1BF-72B93D73C0BD} "= UDP:5678:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}|%systemroot%\WindowsMobile\wmdHost.exe%systemroot%\WindowsMobile\wmdc.exe,-4004
"{F2E14D60-D541-40B5-B3FB-C1DB8744C464} "= UDP:999:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}|%systemroot%\WindowsMobile\wmdHost.exe%systemroot%\WindowsMobile\wmdc.exe,-4005
"{0F86A6F0-7B6C-4937-B659-6F101D2ED657} "= UDP:26675:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}%systemroot%\WindowsMobile\wmdc.exe,-4006
"{14564204-4280-44AC-8527-F9BC2EA5A195} "= UDP:990:LocalSubnet:LocalSubnet|IF={4C9159C4-FBB9-4374-9F83-871D246F4D8E}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr%systemroot%\WindowsMobile\wmdc.exe,-4001
"{995189C7-2BFD-4246-97E3-D74EF63B1FA0} "= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F734B88B-EB9F-43DB-A189-73925E91BE5F} "= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DD4A3464-5C98-4D29-BD6C-A4E3E193E5FF} "= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{F15B206E-B3D5-49F1-A535-67C65E0F9464} "= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{CDB11053-4E54-4FD5-9BD0-E6147CCA5FA4} "= UDP:5100:Webcam
"{A6BE4C8F-6F5D-473B-B88A-5C86F2CDB78A} "= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{02793060-C69D-4C97-861C-5253F6D9BDAA} "= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{70CF3FF2-2812-4736-89C0-830FA469FB4A} "= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{B320604C-4300-403A-8B30-8203C9D64575} "= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{CAF47FEB-C854-411C-AC68-E83DE68079CA} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E3CFB36-71E4-4833-BDC5-083C51ED5105} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C40D053B-30EE-49A7-B241-112D332AA13E} "= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5157E19E-C3F9-451E-98CA-878E654820AD} "= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{3B22FAE5-FA3E-458D-96DD-550A2AF5113B} "= c:\program files\Skype 2\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)
"DefaultOutboundAction "= 0 (0x0)
"DefaultInboundAction "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)
"DefaultOutboundAction "= 0 (0x0)
"DefaultInboundAction "= 1 (0x1)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.003\IDSvix86.sys [2008-12-06 270384]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2008-03-17 62984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-12-02 31232]
S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2008-03-17 83080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e542067-29dd-11dc-bff8-806e6f6e6963}]
\shell\AutoRun\command - E:\Menu.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-08 18:15]

2008-12-06 c:\windows\Tasks\User_Feed_Synchronization-{19342455-01D8-4842-8C79-C2760B874170}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-fsm - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

c:\windows\Downloaded Program Files\FrontdoorFD.dll - O16 -: {0A43D7AC-D6C1-4622-B309-BF975F427C0E}
hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab

- c:\windows\Downloaded Program Files\ScriptX.inf

c:\windows\System32\atl.dll - c:\windows\System32\ACNePlayer.dll
O16 -: {B991DA79-51F7-4011-98D2-1F2592E82A56}
hxxp://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
c:\windows\Downloaded Program Files\ACNeplayerU.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 00:34:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(10092)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\System32\NLSLexicons0009.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2008-12-07 0:42:28
ComboFix-quarantined-files.txt 2008-12-07 00:41:33

Pre-Run: 13,393,584,128 bytes free
Post-Run: 13,262,905,344 bytes free

300 --- E O F --- 2008-12-01 23:18:56

kazzyb · 2008/12/06

Logfile of random's system information tool 1.04 (written by random/random)
Run by Alban at 2008-12-07 00:46:17
Microsoft® Windows Vistaâ„¢ Home Premium
System drive C: has 13 GB (23%) free of 54 GB
Total RAM: 1014 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:50, on 07/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype 2\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype 2\Plugin Manager\skypePM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Alban\AppData\Local\Citrix\ICA Client\Wfcrun32.exe
C:\Users\Alban\AppData\Local\Citrix\ICACLI~1\WFICA32.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alban\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alban.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype 2\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe "
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe "
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype 2\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Update Monitor CSK Demo.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype 2\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.fivelands.info/ScriptX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://media.srl-online.com/XUpload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13254 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{19342455-01D8-4842-8C79-C2760B874170}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype 2\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-06-07 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-30 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-30 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-30 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-30 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc "=C:\Windows\system32\nvsvc.dll [2006-11-22 90191]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2006-11-22 7757824]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2006-11-22 81920]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"IgfxTray "=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds "=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence "=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"WarReg_PopUp "=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"LManager "=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"eDataSecurity Loader "=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120]
"lxctmon.exe "=C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2006-11-22 291760]
"Lexmark 5400 Series Fax Server "=C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-11-22 304048]
"EzPrint "=C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-11-22 82864]
"LXCTCATS "=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll []
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"Windows Mobile-based device management "=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"LogitechCommunicationsManager "=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon "=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"PC Suite for Smartphones "=C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [2007-11-08 528384]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck "=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-08 1232896]
"????r "= []
"????????? "=??????????????e []
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"mRouterConfig "=C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe [2006-03-02 290816]
"Google Update "=C:\Users\Alban\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-08 133104]
"Skype "=C:\Program Files\Skype 2\Phone\Skype.exe [2008-11-07 21633320]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-30 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\Alban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Update Monitor CSK Demo.lnk - C:\Users\Alban\AppData\Roaming\Microsoft\Installer\{CAF55DFA-8F19-4880-93AD-33342476831A}\Icon4A13CA3D1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e542067-29dd-11dc-bff8-806e6f6e6963}]
shell\AutoRun\command - E:\Menu.exe

======List of files/folders created in the last 3 months======

2008-12-07 00:46:17 ----D---- C:\rsit
2008-12-07 00:42:30 ----A---- C:\ComboFix.txt
2008-12-07 00:23:18 ----A---- C:\Windows\zip.exe
2008-12-07 00:23:18 ----A---- C:\Windows\VFIND.exe
2008-12-07 00:23:18 ----A---- C:\Windows\SWREG.exe
2008-12-07 00:23:18 ----A---- C:\Windows\sed.exe
2008-12-07 00:23:18 ----A---- C:\Windows\NIRCMD.exe
2008-12-07 00:23:18 ----A---- C:\Windows\grep.exe
2008-12-07 00:23:18 ----A---- C:\Windows\fdsv.exe
2008-12-07 00:23:17 ----A---- C:\Windows\SWXCACLS.exe
2008-12-07 00:23:17 ----A---- C:\Windows\SWSC.exe
2008-12-07 00:23:01 ----D---- C:\Windows\ERDNT
2008-12-07 00:23:01 ----D---- C:\Qoobox
2008-12-07 00:22:59 ----D---- C:\ComboFix
2008-12-04 22:18:50 ----D---- C:\Program Files\MortimerBeckettTimeParadox_at
2008-12-04 09:12:02 ----D---- C:\Users\Alban\AppData\Roaming\pdf995
2008-12-04 08:53:47 ----D---- C:\ProgramData\pdf995
2008-12-04 08:53:44 ----A---- C:\Windows\system32\pdfmona.dll
2008-12-04 08:53:43 ----A---- C:\Windows\system32\pdf995mon.dll
2008-12-04 08:53:26 ----D---- C:\Program Files\pdf995
2008-12-02 19:39:23 ----A---- C:\avenger.txt
2008-12-02 19:22:53 ----D---- C:\Users\Alban\AppData\Roaming\Malwarebytes
2008-12-02 19:22:27 ----D---- C:\ProgramData\Malwarebytes
2008-12-02 14:41:55 ----D---- C:\Program Files\Trend Micro
2008-12-01 10:25:05 ----D---- C:\ProgramData\Lavasoft
2008-12-01 09:51:50 ----D---- C:\Program Files\NoAdware
2008-12-01 09:35:43 ----D---- C:\ProgramData\TEMP
2008-12-01 09:35:23 ----D---- C:\Program Files\SpywareBlaster
2008-12-01 07:35:04 ----D---- C:\Program Files\Advance Training CSK 2009
2008-11-30 12:09:04 ----D---- C:\Program Files\Skype
2008-11-30 12:08:52 ----D---- C:\Program Files\Common Files\Skype
2008-11-30 12:08:08 ----D---- C:\Program Files\Skype 2
2008-11-29 22:03:46 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-11-29 22:03:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-29 08:08:13 ----A---- C:\Windows\o255.exe
2008-11-29 08:07:34 ----A---- C:\Windows\pn8.exe
2008-11-29 08:07:29 ----A---- C:\Windows\feoc827.exe
2008-11-29 08:04:40 ----A---- C:\kdiue732.txt
2008-11-29 06:57:17 ----D---- C:\Program Files\Mortimer Beckett And The Time Paradox
2008-11-29 06:56:48 ----D---- C:\Program Files\ReflexiveArcade
2008-11-28 20:26:56 ----D---- C:\Program Files\Apple Software Update
2008-11-28 18:03:33 ----A---- C:\Windows\system32\javaws.exe
2008-11-28 18:03:33 ----A---- C:\Windows\system32\javaw.exe
2008-11-28 18:03:33 ----A---- C:\Windows\system32\java.exe
2008-11-26 21:12:59 ----D---- C:\Program Files\Software Informer
2008-11-26 19:47:22 ----A---- C:\Windows\system32\DSSCORE.DLL
2008-11-26 17:54:17 ----D---- C:\Users\Alban\AppData\Roaming\LimeWire
2008-11-26 17:53:40 ----D---- C:\Program Files\LimeWire
2008-11-26 00:56:30 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 00:56:29 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 00:56:29 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 00:56:27 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 00:56:26 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 00:56:25 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 00:55:55 ----A---- C:\Windows\system32\connect.dll
2008-11-22 12:26:49 ----A---- C:\Windows\system32\wups2.dll
2008-11-22 12:26:49 ----A---- C:\Windows\system32\wucltux.dll
2008-11-22 12:26:49 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-22 12:26:49 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-22 12:26:13 ----A---- C:\Windows\system32\wups.dll
2008-11-22 12:26:13 ----A---- C:\Windows\system32\wudriver.dll
2008-11-22 12:26:13 ----A---- C:\Windows\system32\wuapi.dll
2008-11-22 12:25:46 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-22 12:25:46 ----A---- C:\Windows\system32\wuapp.exe
2008-11-19 12:30:07 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-19 12:30:07 ----A---- C:\Windows\system32\msxml3.dll
2008-11-19 12:29:03 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-19 12:29:03 ----A---- C:\Windows\system32\msxml6.dll
2008-10-28 22:55:27 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 22:55:26 ----A---- C:\Windows\system32\printcom.dll
2008-10-24 15:24:23 ----A---- C:\Windows\system32\netapi32.dll
2008-10-23 04:15:45 ----A---- C:\Windows\system32\EncDec.dll
2008-10-23 04:15:43 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-23 04:15:43 ----A---- C:\Windows\system32\mcmde.dll
2008-10-16 00:55:05 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-16 00:55:05 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-16 00:54:58 ----A---- C:\Windows\system32\mshtml.dll
2008-10-16 00:54:57 ----A---- C:\Windows\system32\ieframe.dll
2008-10-16 00:54:55 ----A---- C:\Windows\system32\wininet.dll
2008-10-16 00:54:55 ----A---- C:\Windows\system32\urlmon.dll
2008-10-16 00:54:55 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-16 00:54:55 ----A---- C:\Windows\system32\iertutil.dll
2008-10-16 00:54:55 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-16 00:54:54 ----A---- C:\Windows\system32\mstime.dll
2008-10-16 00:54:54 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-16 00:54:54 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-16 00:54:53 ----A---- C:\Windows\system32\ieui.dll
2008-10-16 00:54:53 ----A---- C:\Windows\system32\iesetup.dll
2008-10-16 00:54:53 ----A---- C:\Windows\system32\iernonce.dll
2008-10-16 00:54:53 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-16 00:54:53 ----A---- C:\Windows\system32\advpack.dll
2008-10-16 00:54:52 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-16 00:54:52 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-16 00:54:52 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-16 00:54:52 ----A---- C:\Windows\system32\icardie.dll
2008-10-06 22:19:04 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-06 22:19:03 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-06 22:19:02 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 12:30:08 ----A---- C:\Windows\system32\deploytk.dll
2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll
2008-09-23 15:57:12 ----D---- C:\Program Files\Common Files\Borland Shared
2008-09-23 15:56:45 ----D---- C:\Program Files\Advance Training CSK 2008 Demo
2008-09-10 13:35:25 ----A---- C:\Windows\system32\gameux.dll
2008-09-10 13:35:24 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 13:35:22 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 13:35:08 ----A---- C:\Windows\system32\wmpeffects.dll

======List of files/folders modified in the last 3 months======

2008-12-07 00:46:25 ----D---- C:\Windows\Temp
2008-12-07 00:43:07 ----D---- C:\Windows\system32\en-US
2008-12-07 00:43:06 ----D---- C:\Windows\System32
2008-12-07 00:42:39 ----D---- C:\Windows
2008-12-07 00:37:46 ----D---- C:\Users\Alban\AppData\Roaming\Skype
2008-12-07 00:34:48 ----A---- C:\Windows\system.ini
2008-12-07 00:29:35 ----D---- C:\Windows\system32\drivers
2008-12-07 00:29:34 ----D---- C:\Program Files\Common Files
2008-12-07 00:29:30 ----D---- C:\Windows\AppPatch
2008-12-07 00:24:48 ----SHD---- C:\System Volume Information
2008-12-07 00:06:25 ----D---- C:\Users\Alban\AppData\Roaming\skypePM
2008-12-06 22:51:44 ----D---- C:\Windows\inf
2008-12-06 22:51:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-06 20:14:11 ----RD---- C:\Program Files
2008-12-06 20:08:53 ----SHD---- C:\Windows\Installer
2008-12-06 20:08:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 21:30:05 ----D---- C:\Program Files\Lx_cats
2008-12-04 10:13:59 ----HD---- C:\ProgramData
2008-12-01 19:28:43 ----SD---- C:\Windows\Downloaded Program Files
2008-12-01 09:16:27 ----SD---- C:\Users\Alban\AppData\Roaming\Microsoft
2008-12-01 09:07:01 ----D---- C:\Windows\Prefetch
2008-12-01 07:27:54 ----D---- C:\Windows\system32\Tasks
2008-11-30 16:46:33 ----D---- C:\Program Files\Google
2008-11-30 16:45:58 ----D---- C:\ProgramData\Google
2008-11-30 12:09:01 ----D---- C:\ProgramData\Skype
2008-11-29 19:59:29 ----D---- C:\Windows\Tasks
2008-11-29 19:59:29 ----D---- C:\Windows\system32\spool
2008-11-29 19:59:28 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-29 19:59:28 ----D---- C:\Windows\system32\catroot2
2008-11-29 19:59:22 ----D---- C:\Users\Alban\AppData\Roaming\ICAClient
2008-11-28 18:03:28 ----D---- C:\Program Files\Java
2008-11-27 21:01:04 ----D---- C:\ProgramData\Symantec
2008-11-27 08:46:41 ----D---- C:\Program Files\Adobe
2008-11-26 20:06:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-26 03:12:56 ----D---- C:\Windows\winsxs
2008-11-26 03:12:49 ----D---- C:\Windows\system32\catroot
2008-11-26 03:02:46 ----D---- C:\ProgramData\Microsoft Help
2008-11-07 13:49:00 ----D---- C:\Program Files\Norton 360
2008-11-03 16:10:26 ----A---- C:\Windows\system32\mrt.exe
2008-11-02 10:50:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-24 02:16:40 ----D---- C:\Windows\Microsoft.NET
2008-10-24 02:16:39 ----RSD---- C:\Windows\assembly
2008-10-24 02:08:12 ----D---- C:\Windows\ehome
2008-10-20 00:27:56 ----D---- C:\ProgramData\Yahoo!
2008-10-16 02:11:58 ----D---- C:\Program Files\Windows Mail
2008-10-16 02:11:54 ----D---- C:\Windows\system32\migration
2008-10-16 02:11:54 ----D---- C:\Program Files\Internet Explorer
2008-09-23 07:56:29 ----A---- C:\YServer.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081204.003\IDSvix86.sys [2008-09-12 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-09 36056]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]
R3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081206.020\NAVENG.SYS [2008-11-18 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081206.020\NAVEX15.SYS [2008-11-18 876112]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-07-03 82432]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-09-02 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WinDriver6;WinDriver6; C:\Windows\System32\Drivers\windrvr6.sys [2006-10-06 329452]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\Windows\system32\DRIVERS\zebrceb.sys [2007-04-13 62984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-02 6144]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-22 4455264]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\Windows\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 zebrbus;Sony Ericsson Composite Device driver; C:\Windows\system32\DRIVERS\zebrbus.sys [2007-04-13 83080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-11-30 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-12 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 lxct_device;lxct_device; C:\Windows\system32\lxctcoms.exe [2006-11-22 537520]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-06-07 1245064]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-30 137200]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-02-01 394704]

-----------------EOF-----------------

Geri · 2008/12/06

Hi
I need to know if you are still getting the warning from Norton.

If so please give me the file path(s) that it shows for it.

Thanks

Log in or Sign up

Inactive [InActive] Bloodhound.Sonar.1 and Other Problems.

kazzyb Inactive Thread Starter

Geri Inactive Alumni

kazzyb Inactive Thread Starter

kazzyb Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Log in or Sign up

Inactive [InActive] Bloodhound.Sonar.1 and Other Problems.

kazzyb Inactive Thread Starter

Geri Inactive Alumni

kazzyb Inactive Thread Starter

kazzyb Inactive Thread Starter

Geri Inactive Alumni

Share This Page

Useful Searches