Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Majorly Infected With Malware!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dragynborn

Dragynborn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 01 May 2008 - 03:14 PM

Deckard's System Scanner v20071014.68
Run by Xyn Rhade on 2008-04-29 18:31:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-04-28 21:36:15 UTC - RP206 - Windows Defender Checkpoint
7: 2008-04-27 18:58:03 UTC - RP204 - Removed Microsoft Office Home and Student 2007
6: 2008-04-27 18:56:44 UTC - RP202 - Removed AdwareAlert
5: 2008-04-27 06:14:32 UTC - RP201 - Spyware Terminator - restore point
4: 2008-04-27 05:50:37 UTC - RP199 - Windows Update


-- First Restore Point --
1: 2008-04-26 02:21:33 UTC - RP196 - Installed AdwareAlert


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-29 18:33:40
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\ProgramData\rgrulgtk\hifapmpk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Users\XYNRHA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\ProgramData\djzzyvce\slgnanit.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
D:\Downloads\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Utilities\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\DRAGYN~1\AppData\Local\Temp\Nero Web\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 7" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [djzzyvce] C:\ProgramData\djzzyvce\slgnanit.exe
O4 - HKLM\..\Policies\Explorer\Run: [jT9GQ3C09U] C:\ProgramData\rgrulgtk\hifapmpk.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Utilities\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Utilities\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - Unknown owner - C:\Windows\System32\lxdccoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Utilities\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe


--
End of file - 9031 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "D:\Design Programs\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sp_rsdrv2 (Spyware Terminator Driver 2) - \??\c:\windows\system32\drivers\sp_rsdrv2.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-28 20:55:00 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-28 20:54:03 0 --a------ C:\Windows\nsreg.dat
2008-04-28 20:53:49 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-28 16:35:39 0 d-------- C:\Users\All Users\djzzyvce
2008-04-27 01:01:41 0 d-------- C:\Users\Xyn Rhade\Incomplete
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\taack.exe
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\taack.dat
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\sncntr.exe
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\mwin32.exe
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-04-27 00:50:59 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-04-27 00:50:59 4096 --a------ C:\Windows\a.bat
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\thun32.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\thun.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\temp#01.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\ssvchost.com
2008-04-27 00:50:58 0 d-------- C:\Windows\system32\smp
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\psof1.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\ps1.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\netode.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\mtr2.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\msnbho.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\msgp.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\medup020.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\medup012.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\h@tkeysh@@k.dll
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\system32\bsva-egihsg52.exe
2008-04-27 00:50:58 4096 --a------ C:\Windows\iTunesMusic.exe
2008-04-27 00:50:58 0 d-------- C:\Program Files\Inet Delivery
2008-04-27 00:50:51 4096 --a------ C:\Windows\winsystem.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\winsystem.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\sysreq.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\newsd32.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\mssecu.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\bdn.com
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-04-27 00:50:51 4096 --a------ C:\Windows\system32\akttzn.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\mssecu.exe
2008-04-27 00:50:51 4096 --a------ C:\Windows\bdn.com
2008-04-27 00:50:51 0 d-------- C:\Program Files\akl
2008-04-27 00:50:50 0 d-------- C:\Users\All Users\rgrulgtk
2008-04-27 00:50:45 90112 --a------ C:\Windows\system32\fshkjeve.exe
2008-04-27 00:50:40 102400 --a------ C:\Windows\xbaqktfv.exe
2008-04-27 00:45:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-27 00:31:24 0 dr------- C:\Users\Xyn Rhade\Searches
2008-04-27 00:31:12 0 dr------- C:\Users\Xyn Rhade\Contacts
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Videos
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Templates
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Start Menu
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\SendTo
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Saved Games
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Recent
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\PrintHood
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Pictures
2008-04-27 00:31:06 1048576 --ahs---- C:\Users\Xyn Rhade\NTUSER.DAT
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\NetHood
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\My Documents
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Music
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Local Settings
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Links
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Favorites
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Downloads
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Documents
2008-04-27 00:31:06 0 dr------- C:\Users\Xyn Rhade\Desktop
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Cookies
2008-04-27 00:31:06 0 d--hs---- C:\Users\Xyn Rhade\Application Data
2008-04-27 00:31:06 0 d--h----- C:\Users\Xyn Rhade\AppData
2008-04-27 00:16:10 0 d-------- C:\Users\All Users\dmtdoank
2008-04-26 19:05:49 0 d-------- C:\Users\All Users\tzbutvlv
2008-04-26 18:54:35 0 d-------- C:\Windows\system32\ZeroSpyware Limited Edition
2008-04-26 18:52:20 0 d-------- C:\Program Files\FBM Software
2008-04-26 17:47:54 0 d-------- C:\Users\All Users\bolijypf
2008-04-25 21:18:38 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 20:05:16 141312 --a------ C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-04-25 20:05:15 0 d-------- C:\Users\All Users\Spyware Terminator
2008-04-25 20:05:12 0 d-------- C:\Program Files\Spyware Terminator
2008-04-25 19:59:48 0 d-------- C:\Users\All Users\Media Center Programs
2008-04-25 16:39:37 0 d--h----- C:\Users\All Users\~0
2008-04-24 22:11:04 0 d-------- C:\ftproot
2008-04-24 21:20:42 307200 --a------ C:\Windows\system32\NCTAudioRecord2.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL>
2008-04-24 21:20:42 315392 --a------ C:\Windows\system32\NCTAudioPlayer2.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL>
2008-04-24 21:20:42 647168 --a------ C:\Windows\system32\NCTAudioLibrary.dll <Not Verified; NCT Company Ltd.; NCTAudioLibrary ActiveX DLL>
2008-04-24 21:20:41 196608 --a------ C:\Windows\system32\NCTWMAFile2.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-04-24 21:20:41 335872 --a------ C:\Windows\system32\NCTAudioVisualization2.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL>
2008-04-24 21:20:41 892928 --a------ C:\Windows\system32\NCTAudioInformation.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation ActiveX DLL>
2008-04-24 21:20:41 327680 --a------ C:\Windows\system32\NCTAudioGrabber.dll <Not Verified; NCT Company; NCTAudioGrabber ActiveX DLL>
2008-04-24 21:20:41 1703936 --a------ C:\Windows\system32\NCTAudioFile.dll <Not Verified; NCT Company; NCTAudioFile ActiveX DLL>
2008-04-24 21:20:40 1839104 --a------ C:\Windows\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-04-24 21:20:38 101888 --a------ C:\Windows\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-24 21:20:37 413760 --a------ C:\Windows\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-04-22 23:32:33 0 d-------- C:\Users\All Users\psbsbofm
2008-04-22 23:32:33 0 d-------- C:\Users\All Users\goosktmp
2008-04-19 17:02:38 0 d-------- C:\Temp
2008-04-19 16:23:05 8 -rahs---- C:\Windows\system32\8A7C8B2FBC.sys
2008-04-19 16:22:39 0 d-------- C:\Users\All Users\InstallShield
2008-04-19 16:18:45 2828 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-04-19 16:16:04 159848 --a------ C:\Windows\Shades of Truth Uninstaller.exe
2008-04-19 11:45:10 0 d-------- C:\Users\All Users\Macromedia
2008-04-19 11:43:57 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-15 18:42:31 143360 --a------ C:\Windows\system32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-04-04 20:23:08 0 d-------- C:\Program Files\Shades of Truth
2008-04-03 23:51:25 0 d-------- C:\Program Files\QuickTime
2008-04-03 23:51:16 0 d-------- C:\Users\All Users\Apple Computer
2008-03-31 19:57:32 0 d-------- C:\Program Files\NCH Software
2008-03-31 19:54:47 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-03-31 16:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-04-29 18:30:06 27715 --a------ C:\Users\Xyn Rhade\AppData\Roaming\nvModes.001
2008-04-29 18:11:29 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Mozilla
2008-04-29 18:06:34 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\mIRC
2008-04-28 22:48:03 27715 --a------ C:\Users\Xyn Rhade\AppData\Roaming\nvModes.dat
2008-04-28 20:54:02 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Thunderbird
2008-04-27 14:02:33 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Adobe
2008-04-27 14:00:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-27 01:13:52 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\FrostWire
2008-04-27 01:11:27 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Spyware Terminator
2008-04-27 00:32:03 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Acer
2008-04-27 00:31:53 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Macromedia
2008-04-27 00:31:52 0 d--h----- C:\Users\Xyn Rhade\AppData\Roaming\Gtek
2008-04-27 00:31:47 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Leadertech
2008-04-27 00:31:15 0 d-------- C:\Users\Xyn Rhade\AppData\Roaming\Identities
2008-04-26 18:54:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 19:02:06 0 d-------- C:\Program Files\Acer GameZone
2008-04-25 18:57:00 0 d-------- C:\Program Files\Common Files
2008-04-25 17:52:47 0 d-------- C:\Program Files\Yahoo!
2008-04-23 18:47:30 0 d-------- C:\Program Files\CyberLink
2008-04-19 16:22:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-09 03:09:48 0 d-------- C:\Program Files\Windows Mail
2008-03-28 12:19:17 0 d-------- C:\Program Files\Lx_cats
2008-03-28 12:05:05 0 d-------- C:\Program Files\Lexmark 1300 Series
2008-03-28 11:34:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-25 10:07:42 174 --ahs---- C:\Program Files\desktop.ini
2008-03-25 09:58:40 0 d-------- C:\Program Files\Windows Sidebar
2008-03-25 09:58:40 0 d-------- C:\Program Files\Windows Calendar
2008-03-25 09:58:39 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-25 09:58:39 0 d-------- C:\Program Files\Movie Maker
2008-03-25 09:58:36 0 d-------- C:\Program Files\Windows Defender
2008-03-21 20:45:43 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-21 15:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-03-17 12:40:43 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-12 12:27:01 0 d-------- C:\Program Files\Nero
2008-03-06 09:55:23 0 d-------- C:\Program Files\Java
2008-03-05 21:58:50 0 d-------- C:\Program Files\Common Files\Java
2008-03-05 18:34:30 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-04 21:43:35 0 -rahs---- C:\MSDOS.SYS
2008-03-04 21:43:35 0 -rahs---- C:\IO.SYS
2008-03-04 19:43:44 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-03-03 20:48:17 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 08:01:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 07:19:16 0 d-------- C:\Program Files\Alwil Software
2008-03-03 06:22:25 0 d-------- C:\Program Files\MSXML 4.0
2008-03-03 00:20:43 0 d-------- C:\Program Files\Lexmark Toolbar
2008-03-02 20:32:34 0 d-------- C:\Program Files\Acer Registration
2008-03-02 20:32:34 0 d-------- C:\Program Files\Acer Assist
2008-02-04 23:33:23 3 --a------ C:\Windows\AFirst.cmd


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"RtHDVCpl"="RtHDVCpl.exe" [05/17/2007 01:28 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/07/2007 01:15 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [04/25/2007 06:33 PM]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [06/11/2007 05:00 PM]
"Acer Tour"="" []
"PLFSet"="C:\Windows\PLFSet.dll" [04/25/2007 04:47 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [08/15/2007 10:44 PM]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [05/24/2007 04:38 PM]
"eRecoveryService"="" []
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [02/02/2007 02:24 PM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [02/02/2007 01:05 PM]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [05/22/2007 05:49 PM]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [04/30/2007 03:19 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 01:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"RestartNeroSetup"="C:\Users\DRAGYN~1\AppData\Local\Temp\Nero Web\SetupXu.exe" [03/17/2008 12:33 PM]
"Skytel"="Skytel.exe" [05/17/2007 01:28 PM C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/09/2007 10:35 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/09/2007 10:35 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/09/2007 10:35 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 07:16 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [12/17/2007 05:13 PM]
"djzzyvce"="C:\ProgramData\djzzyvce\slgnanit.exe" [04/28/2008 04:35 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [8/7/2007 5:20:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"jT9GQ3C09U"=C:\ProgramData\rgrulgtk\hifapmpk.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
iissvcs w3svc was
apphost apphostsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bac73bf-edb5-11dc-a4d2-001e680b0001}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-29 18:34:41 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-58
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1789.68 MiB / 978.82 MiB
Pagefile Memory (total/avail): 3827.91 MiB / 2659.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.82 MiB

C: is Fixed (NTFS) - 51.14 GiB total, 17.11 GiB free.
D: is Fixed (NTFS) - 50.89 GiB total, 36.12 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1246GSX ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 51.14 GiB - C:
\PARTITION2 - Installable File System - 50.89 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080428-0] v4.8.1169 (ALWIL Software)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080428-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Xyn Rhade\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DRAGYNBOURNE-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Xyn Rhade
LOCALAPPDATA=C:\Users\Xyn Rhade\AppData\Local
LOGONSERVER=\\DRAGYNBOURNE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;d:\JZip
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\XYNRHA~1\AppData\Local\Temp
TMP=C:\Users\XYNRHA~1\AppData\Local\Temp
USERDOMAIN=Dragynbourne-PC
USERNAME=Xyn Rhade
USERPROFILE=C:\Users\Xyn Rhade
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Dragynbourne
Xyn Rhade


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Agere Systems HDA Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CD Recovery Toolbox Free 1.1 --> "d:\Utilities\CD Recovery Toolbox Free\unins000.exe"
Cool Edit Pro 2.0 --> D:\Audiophiles\coolpro2\cep2unin.exe
Default --> MsiExec.exe /I{22BED295-8AE7-4BDE-9E4E-FA038D83B194}
DivX Codec --> d:\Miscellaneous\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> D:\Players\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Players\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
FLVPlayer4Free Free FLV Player 2.6.0.0 --> "d:\Players\FLVPlayer4Free\unins000.exe"
FrostWire 4.13.5 --> D:\Downloaders\FrostWire\Uninstall.exe
Guild Wars --> "D:\Games\Guild Wars\Gw.exe" -uninstall
HTML-Kit --> "d:\Web Stuff\HTML-Kit\unins000.exe"
IceChat 7.0 (Build 20060924) --> "d:\IRC\IceChat7\unins000.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest Solitaire --> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
jZip --> D:\JZip\UNWISE.EXE /U D:\JZip\INSTALL.LOG
Launch Manager --> C:\Windows\UnInst32.exe QtZgAcer.UNI
Lexmark 1300 Series --> C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC --> D:\IRC\mIRC\uninstall.exe _?=D:\IRC\mIRC
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b5) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7 --> C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.50.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Shades of Truth --> C:\Windows\Shades of Truth Uninstaller.exe
Spybot - Search & Destroy --> "d:\Utilities\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Swiff Player 1.1 --> "D:\Players\Swiff Player\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The KMPlayer (remove only) --> "D:\Players\The KMPlayer\uninstall.exe"
Twister MP3 --> "D:\Downloaders\Twister MP3\unins000.exe"
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Winbond CIR Drivers --> MsiExec.exe /X{047D47E3-7275-4B6E-AE56-63CA6BB2EA6D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZeroSpyware Limited Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1587135D-BC42-45C2-AFC5-39B14551BBB8}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type7377 / Error
Event Submitted/Written: 04/29/2008 06:30:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application YahooMessenger.exe, version 9.0.0.922, time stamp 0x47671df3, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xcb40dadf,
process id 0x1170, application start time 0xYahooMessenger.exe0.

Event Record #/Type7369 / Success
Event Submitted/Written: 04/29/2008 06:29:47 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type7364 / Success
Event Submitted/Written: 04/29/2008 06:29:46 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type7358 / Success
Event Submitted/Written: 04/29/2008 06:29:43 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type7351 / Warning
Event Submitted/Written: 04/29/2008 04:48:05 PM
Event ID/Source: 4354 / EventSystem
Event Description:
80010105{7660E776-F12C-46DD-B7FB-C5D6B4F957E6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ConnectionMade



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45961 / Warning
Event Submitted/Written: 04/29/2008 06:33:52 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dragynbourne-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dragynbourne-PC27 can't undo changes that you allow.

For more information please see the following:
%Dragynbourne-PC275

Scan ID: {E8C9F4BB-632D-494A-B0BC-66992B9919E5}

User: Dragynbourne-PC\Xyn Rhade

Name: %Dragynbourne-PC271

ID: %Dragynbourne-PC272

Severity ID: %Dragynbourne-PC273

Category ID: %Dragynbourne-PC274

Path Found: %Dragynbourne-PC276

Alert Type: %Dragynbourne-PC278

Detection Type: 1.1.1600.02

Event Record #/Type45960 / Warning
Event Submitted/Written: 04/29/2008 06:33:52 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Dragynbourne-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Dragynbourne-PC27 can't undo changes that you allow.

For more information please see the following:
%Dragynbourne-PC275

Scan ID: {F5F6DE3C-772D-4393-97E2-23D5BD60EE2D}

User: Dragynbourne-PC\Xyn Rhade

Name: %Dragynbourne-PC271

ID: %Dragynbourne-PC272

Severity ID: %Dragynbourne-PC273

Category ID: %Dragynbourne-PC274

Path Found: %Dragynbourne-PC276

Alert Type: %Dragynbourne-PC278

Detection Type: 1.1.1600.02

Event Record #/Type45948 / Warning
Event Submitted/Written: 04/29/2008 06:30:30 PM
Event ID/Source: 19 / Microsoft-Windows-WHEA-Logger
Event Description:
10x030xdc0000000000a9ff0xfffd4ee9ff0x0102560153311730435045520102FFFFFFFF0300020
0000002000000C20600001B1E17001D0408140000000000000000000000000000000000000000000
000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14
913BB6D2853D750AAC80100000000000000000000000000000000000000000000000058010000C00
000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB000000000000000000000000000
00000020000000000000000000000000000000000000000000000180200009202000001020000000
00000D5560F3986CA494695C473A408AE58340000000000000000000000000000000002000000000
0000000000000000000000000000000000000AA040000180200000102000000000000E95412E7B9C
14049AB76909703A4320F00000000000000000000000000000000020000000000000000000000000
000000000000000000000FF01000000000000000004000C030000820F06000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000070100000000000000000000000000000008020001200000FFFB8B17B0A5E08100000000000
00000000000000000000000000000000000000000000000000000B3F8F31CB1C5A249AA595EEF92F
FA63C03000000000000009E07FC2007000000FFE94EFDFF000000000000000000000000000000000
00000000000000000000001000800800100000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000457250740000000018020000000100000000000
00000000000000000000000000000000002000000000000000100000000000000020000000000000
000000000FF01000000000000000004000C030000820F06000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000010000009203000001000000010000004F32940151AAC8010100000
0000000000300000000000000FFA90000000000DCFFE94EFDFF00000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000

Event Record #/Type45896 / Error
Event Submitted/Written: 04/29/2008 06:29:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
lxdcCATSCustConnectService%%1053

Event Record #/Type45895 / Error
Event Submitted/Written: 04/29/2008 06:29:47 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
30000lxdcCATSCustConnectService



-- End of Deckard's System Scanner: finished at 2008-04-29 18:34:41 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:13 PM

Posted 17 May 2008 - 12:19 PM

Hello Dragynborn,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:13 PM

Posted 29 May 2008 - 12:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users