Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Avertsement Pop Ups


  • This topic is locked This topic is locked
6 replies to this topic

#1 khargis

khargis

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 16 June 2008 - 10:03 AM

Ok im not sure if anyone has already posted about this or not. My sister sent me an email of a music file titled ourladypeace.mp3 tht she wanted me to burn onto a cd for her. As soon as i open her email all of a sudden i keep getting random internet window popups with a web address usually saying:

(http://mtn5.goole.ws/ac.php?bannerid=1&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=)

or

(http://mtn5.goole.ws/ac.php?bannerid=1&zoneid=1&target=_blank&withtext=&source=&timeout=0&ct0=)


I've tried using Spybot search & destroy - which only removed a bunch of other ad wares that ididnt realize were on my comp.
I've used Norton antivirus, but the scan said there were no infections foun on my computer.
I've used the windows defender that came in with my computer's vista
I've tied uninstalling unnecessary programs such as computer games, language software, etc

And the problem still continues. I dont really see or notice any pattern in it, the advertiment windows seem to always cme up at random times. The only tngthat is consistant is that when ever i start my computer up these f*@king pop ups rapidly jump onto my screen as a series of 25 to28 windows. Every time i close one window two more open up until my internet explorer freezes and shuts itself down. Disconnecting the internt doesnt work either, the windows till come up only they have that e logo and some words saying there was a problem with my connection. At this time I cant do a whole system restoration because i have too many sensitive files that are too big to go on cds and I've aady filled three 2GB flashdrives up.

Well i hope you guys can help me out. everything else seems to fail.

Edited by khargis, 16 June 2008 - 10:07 AM.


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:33 AM

Posted 16 June 2008 - 11:15 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 khargis

khargis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 16 June 2008 - 12:20 PM

ok i did as you instructed, i didnt see anything asking to download Hijackthis, and i dont think i have it on my comp. Well here are the contents of the files as requested:

main.txt

Deckard's System Scanner v20071014.68
Run by KAXH on 2008-06-16 12:55:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-06-16 14:14:21 UTC - RP153 - Removed Google Toolbar for Internet Explorer
9: 2008-06-16 12:00:16 UTC - RP152 - Windows Defender Checkpoint
8: 2008-06-16 05:21:19 UTC - RP150 - Windows Defender Checkpoint
7: 2008-06-16 04:49:01 UTC - RP148 - Windows Defender Checkpoint
6: 2008-06-15 15:57:25 UTC - RP146 - Windows Update


-- First Restore Point --
1: 2008-06-13 13:21:49 UTC - RP141 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 766 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 13:06:39
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\mrofinu1000106.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Svconr\Svconr.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Users\KAXH\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Users\KAXH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJIJQFSY\dss[1].exe
C:\Windows\System32\dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqQjKcc.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KAXH\AppData\Local\Temp\awtrOhHA.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KAXH\AppData\Local\Temp\iifgGVMD.dll,#1
O4 - HKCU\..\Run: [BM471ec20e] Rundll32.exe "C:\Users\KAXH\AppData\Local\Temp\tyiyigsp.dll",s
O4 - HKCU\..\Run: [442df192] rundll32.exe "C:\Users\KAXH\AppData\Local\Temp\ylfovfjh.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\444.470
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe


--
End of file - 11334 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 13:05:00 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{89521FC7-FD0C-4648-BC39-BA88B468AF40}.job
2008-05-12 23:03:12 252 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 09:55:44 0 -rahs---- C:\MSDOS.SYS
2008-06-16 09:55:44 0 -rahs---- C:\IO.SYS
2008-06-16 07:50:17 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-16 01:54:10 55808 --a------ C:\Windows\portsv.exe
2008-06-16 00:48:40 0 d-------- C:\Program Files\Svconr
2008-06-16 00:48:36 0 d-------- C:\Program Files\Temporary
2008-06-16 00:46:57 417792 --a------ C:\Program Files\Video.exe
2008-06-16 00:46:57 417792 --a------ C:\Program Files\Track_03.exe
2008-06-16 00:45:40 90073 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-16 00:45:29 62464 --a------ C:\Windows\system32\bszip.dll <Not Verified; BigSpeedSoft; BigSpeed Zip DLL>
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\tracert.com
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\tasklist.com
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\taskkill.com
2008-06-16 00:45:21 24576 --a------ C:\Windows\system32\ssqQjKcc.dll
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\ping.com
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\netstat.com
2008-06-16 00:45:21 0 ---hs---- C:\Windows\system32\cmd.com
2008-06-16 00:45:21 0 d--hs---- C:\Program Files\outlook
2008-06-16 00:45:16 41984 --a------ C:\Windows\mrofinu1000106.exe
2008-06-16 00:45:13 0 d--hs---- C:\Windows\S0FYSA
2008-06-16 00:45:09 0 d-------- C:\Windows\system32\pb109
2008-06-16 00:45:09 0 d-------- C:\Windows\system32\dgi
2008-06-16 00:45:09 0 d-------- C:\Windows\system32\3039a
2008-06-16 00:45:08 0 d-------- C:\Windows\system32\netrax07
2008-06-16 00:45:08 0 d-------- C:\Temp
2008-06-16 00:44:55 0 d-------- C:\Program Files\?dobe
2008-06-16 00:44:45 417792 --a------ C:\Program Files\Setup.exe
2008-06-16 00:44:37 147456 --a------ C:\Windows\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-06-16 00:40:12 0 --a------ C:\Windows\nsreg.dat
2008-06-13 19:16:14 0 d--h----- C:\Users\All Users\CanonBJ
2008-06-13 19:15:59 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information
2008-06-13 19:10:03 0 d--h----- C:\Program Files\CanonBJ
2008-05-21 12:23:51 0 d-------- C:\Users\All Users\Google
2008-05-21 12:23:46 0 d-------- C:\Program Files\Google
2008-05-21 12:22:12 0 d-------- C:\Program Files\Java
2008-05-21 12:21:57 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 21:11:39 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-16 21:11:20 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Find3M Report ---------------------------------------------------------------

2008-06-16 12:20:12 0 d-------- C:\Users\KAXH\AppData\Roaming\LimeWire
2008-06-16 10:01:27 27240 --a------ C:\Users\KAXH\AppData\Roaming\nvModes.001
2008-06-16 09:01:08 0 d-------- C:\Program Files\Common Files
2008-06-16 00:46:58 218592 --a------ C:\Program Files\c.zip
2008-06-16 00:46:58 217692 --a------ C:\Program Files\b.zip
2008-06-16 00:46:57 218586 --a------ C:\Program Files\a.zip
2008-06-16 00:46:56 25214 --a------ C:\Program Files\A.ico
2008-06-16 00:46:55 25214 --a------ C:\Program Files\B.ico
2008-06-16 00:45:03 0 d-------- C:\Users\KAXH\AppData\Roaming\??mbols
2008-06-16 00:44:55 0 d-------- C:\Program Files\?dobe
2008-06-16 00:40:00 0 d-------- C:\Users\KAXH\AppData\Roaming\.wyzo
2008-06-13 11:35:38 27240 --a------ C:\Users\KAXH\AppData\Roaming\nvModes.dat
2008-06-12 03:11:29 0 d-------- C:\Program Files\Windows Mail
2008-05-22 15:52:29 0 d-------- C:\Users\KAXH\AppData\Roaming\Google
2008-05-20 09:26:17 0 d-------- C:\Users\KAXH\AppData\Roaming\Adobe
2008-05-13 17:46:48 0 d-------- C:\Users\KAXH\AppData\Roaming\CyberLink
2008-05-13 14:41:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 09:54:14 0 d-------- C:\Program Files\GamesBar
2008-05-13 09:52:33 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-05-13 09:52:32 0 d-------- C:\Program Files\Oberon Media
2008-05-13 01:17:55 174 --ahs---- C:\Program Files\desktop.ini
2008-05-13 01:10:54 0 d-------- C:\Program Files\Windows Calendar
2008-05-13 01:10:44 0 d-------- C:\Program Files\Windows Sidebar
2008-05-13 01:05:22 0 d-------- C:\Program Files\Windows Live
2008-05-13 00:50:16 3 --a------ C:\Windows\AFirst.cmd
2008-05-12 23:59:09 0 d-------- C:\Program Files\SUYIN
2008-05-12 23:59:09 0 d-------- C:\Program Files\ACER Crystal Eye webcam
2008-05-12 23:58:33 0 d-------- C:\Program Files\Common Files\snp2uvc
2008-05-12 23:54:33 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-12 23:37:35 0 d-------- C:\Program Files\MSXML 4.0
2008-05-12 23:03:10 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-12 23:00:31 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 22:46:18 0 d-------- C:\Users\KAXH\AppData\Roaming\Yahoo!
2008-05-12 22:44:24 0 d-------- C:\Program Files\Yahoo!
2008-05-12 22:19:50 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:51:53 0 d-------- C:\Program Files\Vic512WA
2008-05-12 21:51:41 0 d-------- C:\Program Files\Acer Inc
2008-05-12 21:49:49 0 d-------- C:\Users\KAXH\AppData\Roaming\Acer
2008-05-12 21:49:48 0 d-------- C:\Users\KAXH\AppData\Roaming\Leadertech
2008-05-12 21:40:09 0 d-------- C:\Program Files\Acer Assist
2008-05-12 21:40:03 0 d-------- C:\Program Files\Acer Registration
2008-05-12 21:27:03 0 d-------- C:\Program Files\Acer Arcade Deluxe
2008-05-12 21:23:08 0 d-------- C:\Program Files\Launch Manager
2008-05-12 21:20:03 0 d-------- C:\Users\KAXH\AppData\Roaming\Identities
2008-05-12 21:18:52 0 d-------- C:\Users\KAXH\AppData\Roaming\Macromedia
2008-05-12 21:18:22 1314 --a------ C:\Windows\CLEANUP.CMD
2008-05-12 21:18:09 0 d-------- C:\Users\KAXH\AppData\Roaming\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
01/06/2008 03:35 AM 540672 --a------ C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/14/2007 09:37 PM]
"RtHDVCpl"="RtHDVCpl.exe" [05/17/2007 02:28 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/07/2007 02:15 AM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [04/25/2007 07:33 PM]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [06/11/2007 06:00 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [03/08/2007 07:38 AM]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [05/09/2007 11:35 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/09/2007 11:35 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/09/2007 11:35 PM]
"PLFSet"="C:\Windows\PLFSet.dll" [04/25/2007 04:47 PM]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [08/15/2007 11:44 PM]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [05/24/2007 01:38 PM]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [02/02/2007 03:24 PM]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [02/02/2007 02:05 PM]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [05/22/2007 06:49 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"outlook"="C:\Program Files\outlook\outlook.exe" [02/11/2006 07:13 PM]
"runner1"="C:\Windows\mrofinu1000106.exe" [06/16/2008 12:45 AM]
"MSServer"="C:\Windows\system32\ssqQjKcc.dll" [06/16/2008 12:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/12/2008 11:42 PM]
"WindowsWelcomeCenter"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [06/16/2008 12:48 AM]
"cmds"="C:\Users\KAXH\AppData\Local\Temp\awtrOhHA.dll,c" []
"MSServer"="C:\Users\KAXH\AppData\Local\Temp\iifgGVMD.dll,#1" []
"BM471ec20e"="C:\Users\KAXH\AppData\Local\Temp\tyiyigsp.dll,s" []
"442df192"="C:\Users\KAXH\AppData\Local\Temp\ylfovfjh.dll,b" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
dllhost.exe [2/8/2007 9:50:08 AM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [8/14/2007 10:03:06 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}"= C:\Windows\system32\ssqQjKcc.dll [06/16/2008 12:45 AM 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{094ddc9b-2093-11dd-89de-001b24f401af}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{094ddca8-2093-11dd-89de-001b24f401af}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{094ddcb1-2093-11dd-89de-001b24f401af}]
AutoRun\command- F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-16 13:09:20 ------------



extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual-Core Processor TK-55
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 765.81 MiB / 161.8 MiB
Pagefile Memory (total/avail): 1806.26 MiB / 449.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.13 MiB

C: is Fixed (NTFS) - 51.14 GiB total, 11.7 GiB free.
D: is Fixed (NTFS) - 50.89 GiB total, 49.76 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120822AS ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 51.14 GiB - C:
\PARTITION2 - Installable File System - 50.89 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\KAXH\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\KAXH
LOCALAPPDATA=C:\Users\KAXH\AppData\Local
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6801
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\KAXH\AppData\Local\Temp
TMP=C:\Users\KAXH\AppData\Local\Temp
USERDOMAIN=Home
USERNAME=KAXH
USERPROFILE=C:\Users\KAXH
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

KAXH
Keita


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem --> agrsmdel
Big Kahuna Reef 2 --> "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Bricks of Egypt --> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Canon MP530 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
Elemental --> "C:\Program Files\Oberon Media\Elemental\Uninstall.exe" "C:\Program Files\Oberon Media\Elemental\install.log"
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
GamesBar 2.0.1.12 --> C:\Program Files\GamesBar\uninst.exe
Install(US)2 --> C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Jewel Quest Solitaire --> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Launch Manager --> C:\Windows\UnInst32.exe QtZgAcer.UNI
Luxor 2 --> "C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Prime Suspects --> "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst --> "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7 --> C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Orion --> MsiExec.exe /X{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.50.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Treasures of the Deep --> "C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Winbond CIR Drivers --> MsiExec.exe /X{047D47E3-7275-4B6E-AE56-63CA6BB2EA6D}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ă¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zuma Deluxe --> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3147 / Error
Event Submitted/Written: 06/16/2008 01:04:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc0000005, fault offset 0x00009bfd,
process id 0xc80, application start time 0xExplorer.EXE0.

Event Record #/Type3144 / Error
Event Submitted/Written: 06/16/2008 01:02:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program iexplore.exe version 7.0.6000.16681 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15e4
Start Time: 01c8cfd07bd0ae40
Termination Time: 47938

Event Record #/Type3136 / Success
Event Submitted/Written: 06/16/2008 11:30:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3123 / Error
Event Submitted/Written: 06/16/2008 10:16:04 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16681, time stamp 0x48113d17, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x16c0, application start time 0xiexplore.exe0.

Event Record #/Type3110 / Success
Event Submitted/Written: 06/16/2008 09:55:36 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17059 / Warning
Event Submitted/Written: 06/16/2008 01:08:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.

For more information please see the following:
%Home275

Scan ID: {550C8871-6F6B-4D11-97BB-6B002C400760}

User: Home\KAXH

Name: %Home271

ID: %Home272

Severity ID: %Home273

Category ID: %Home274

Path Found: %Home276

Alert Type: %Home278

Detection Type: 1.1.1505.02

Event Record #/Type17058 / Warning
Event Submitted/Written: 06/16/2008 01:08:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.

For more information please see the following:
%Home275

Scan ID: {C70B14D5-A72A-481B-B561-085531F6876F}

User: Home\KAXH

Name: %Home271

ID: %Home272

Severity ID: %Home273

Category ID: %Home274

Path Found: %Home276

Alert Type: %Home278

Detection Type: 1.1.1505.02

Event Record #/Type17054 / Warning
Event Submitted/Written: 06/16/2008 00:55:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.

For more information please see the following:
%Home275

Scan ID: {EEE2BC9B-3860-419F-A46B-ACFD7A0952C8}

User: Home\KAXH

Name: %Home271

ID: %Home272

Severity ID: %Home273

Category ID: %Home274

Path Found: %Home276

Alert Type: %Home278

Detection Type: 1.1.1505.02

Event Record #/Type17047 / Warning
Event Submitted/Written: 06/16/2008 00:52:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.

For more information please see the following:
%Home275

Scan ID: {95525F3B-17BE-4398-B711-B2686526E570}

User: Home\KAXH

Name: %Home271

ID: %Home272

Severity ID: %Home273

Category ID: %Home274

Path Found: %Home276

Alert Type: %Home278

Detection Type: 1.1.1505.02

Event Record #/Type17046 / Warning
Event Submitted/Written: 06/16/2008 00:52:16 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Home27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Home27 can't undo changes that you allow.

For more information please see the following:
%Home275

Scan ID: {5CDA2E2D-46F2-4DB3-A9F8-B7266B574063}

User: Home\KAXH

Name: %Home271

ID: %Home272

Severity ID: %Home273

Category ID: %Home274

Path Found: %Home276

Alert Type: %Home278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-06-16 13:09:20 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:33 AM

Posted 16 June 2008 - 04:04 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqQjKcc.dll,#1
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KAXH\AppData\Local\Temp\awtrOhHA.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KAXH\AppData\Local\Temp\iifgGVMD.dll,#1
O4 - HKCU\..\Run: [BM471ec20e] Rundll32.exe "C:\Users\KAXH\AppData\Local\Temp\tyiyigsp.dll",s
O4 - HKCU\..\Run: [442df192] rundll32.exe "C:\Users\KAXH\AppData\Local\Temp\ylfovfjh.dll",b
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (file missing)






Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 khargis

khargis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 17 June 2008 - 07:02 AM

ok i did as you intsructed but after i check the things you said to fix, they were still there after having performed the fix errors. Is there any other way i can fix this/?

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:33 AM

Posted 17 June 2008 - 08:52 AM

Don't be concerned about that yet. We can come back to that step later if needed. Go ahead and proceed with Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:33 AM

Posted 01 July 2008 - 11:47 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users