Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008 Self-installed


  • This topic is locked This topic is locked
4 replies to this topic

#1 doomgiver13

doomgiver13

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 August 2008 - 02:40 PM

So, I left my machine unlocked and while I was at work, my cousin came by the house and downloaded some crap. P2P type stuff. He also apparently got me well infected. I've run Acast AV, Adaware, apybot, and DSS... I think I'm in a bit over my head.








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:09 PM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\lphctf4j0ea27.exe
C:\Program Files\rhcpf4j0ea27\rhcpf4j0ea27.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winpopup LAN Messenger\WinPopup.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\pphctf4j0ea27.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\doomgiver13\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\doomgiver13.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run="C:\Users\doomgiver13\AppData\Roaming\Adobe\Manager.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C5E261C-DDE3-4017-814B-8D32047BB822} - C:\Windows\system32\efcBussS.dll
O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - C:\Windows\system32\opNEUMec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: fdkowvbp - {E238B641-0BAE-4756-B698-D41EE397FBE3} - C:\Windows\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [lphctf4j0ea27] C:\Windows\system32\lphctf4j0ea27.exe
O4 - HKLM\..\Run: [SMrhcpf4j0ea27] C:\Program Files\rhcpf4j0ea27\rhcpf4j0ea27.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opNEUMec.dll,#1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Winpopup LAN Messenger] "C:\Program Files\Winpopup LAN Messenger\WinPopup.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [s9201] "C:\ProgramData\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O21 - SSODL: eqvwamkl - {C2501290-6D63-4A1A-8207-D6F1713876C2} - C:\Windows\eqvwamkl.dll (file missing)
O21 - SSODL: wnslvxtf - {616EA610-1569-4FD9-B134-D09768325129} - C:\Windows\wnslvxtf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 12201 bytes
If you truly live by the sword, it only stands to reason that someone has to die by it.

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:39 PM

Posted 03 August 2008 - 03:18 PM

Hello doomgiver13

Welcome to BleepingComputer :thumbsup:
========================
Please go to Start >Search> Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /config then hit ok.
Place a check next to everything and click on ok or scan.
Post those logs please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 doomgiver13

doomgiver13
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 August 2008 - 03:30 PM

Deckard's System Scanner v20071014.68
Run by doomgiver13 on 2008-08-03 15:41:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-08-03 19:22:00 UTC - RP337 - SiSoftware Sandra Lite
2: 2008-08-03 19:19:42 UTC - RP336 - Removed Microsoft Visual C++ 2005 Redistributable
1: 2008-08-03 05:17:50 UTC - RP335 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as doomgiver13.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:59 PM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\lphctf4j0ea27.exe
C:\Program Files\rhcpf4j0ea27\rhcpf4j0ea27.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winpopup LAN Messenger\WinPopup.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\pphctf4j0ea27.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\doomgiver13\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DOOMGI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run="C:\Users\doomgiver13\AppData\Roaming\Adobe\Manager.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C5E261C-DDE3-4017-814B-8D32047BB822} - C:\Windows\system32\efcBussS.dll
O2 - BHO: (no name) - {4EC66E48-B863-4413-BC91-463D9CCA093B} - C:\Windows\system32\opNEUMec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TBSB07396 - {D7ADF7C1-14FB-4110-B2DF-187884CAC12A} - C:\Program Files\Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: fdkowvbp - {E238B641-0BAE-4756-B698-D41EE397FBE3} - C:\Windows\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [lphctf4j0ea27] C:\Windows\system32\lphctf4j0ea27.exe
O4 - HKLM\..\Run: [SMrhcpf4j0ea27] C:\Program Files\rhcpf4j0ea27\rhcpf4j0ea27.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opNEUMec.dll,#1
O4 - HKLM\..\Run: [0c15c650] rundll32.exe "C:\Windows\system32\kpxxqdeb.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Winpopup LAN Messenger] "C:\Program Files\Winpopup LAN Messenger\WinPopup.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [s9201] "C:\ProgramData\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O21 - SSODL: eqvwamkl - {C2501290-6D63-4A1A-8207-D6F1713876C2} - C:\Windows\eqvwamkl.dll (file missing)
O21 - SSODL: wnslvxtf - {616EA610-1569-4FD9-B134-D09768325129} - C:\Windows\wnslvxtf.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 12248 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Windows\system32\shell32.dll,60
.ini - inifile - DefaultIcon - C:\Windows\system32\shell32.dll,58
.txt - txtfile - DefaultIcon - C:\Windows\system32\shell32.dll,59


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\acer\empowering technology\emode\pcm\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\acer\empowering technology\emode\pcm\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\Windows\System32\rundll32.exe (pid 472)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 3096)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 2832)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 3080)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 2496)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 3984)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4252)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5288)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 2772)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4924)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4908)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5448)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5580)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5864)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5380)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4732)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4632)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5820)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4524)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4856)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 1900)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 1140)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 5208)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\System32\rundll32.exe (pid 4468)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll

C:\Windows\explorer.exe (pid 3816)
2007-02-12 18:02:08 94208 --a------ C:\Windows\System32\MSNChatHook.dll <Not Verified; HiTRUST Inc.; MsnChatHook>
2007-02-07 01:52:08 63488 --a------ C:\Windows\System32\ShowErrMsg.dll <Not Verified; ; ShowErrMsg>
2007-02-12 17:36:26 286720 --a------ C:\Windows\System32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2007-02-07 01:56:30 28672 --a------ C:\Windows\System32\BatchCrypto.dll <Not Verified; ; BatchCrypto Dynamic Link Library>
2006-11-29 23:30:18 401408 --a------ C:\Windows\System32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2006-11-17 00:41:40 237568 --a------ C:\Windows\System32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-08-01 07:19:10 99200 -----n--- C:\Windows\System32\rliwhyxj.dll
2008-08-01 00:48:43 323328 --a------ C:\Windows\System32\efcBussS.dll
2008-08-01 00:43:34 34176 --a------ C:\Windows\System32\opNEUMec.dll
2008-08-03 15:40:48 98688 --a------ C:\Windows\System32\kpxxqdeb.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-07-25 20:00:00 508 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Frank D. Harris.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 15:40:47 98688 --a------ C:\Windows\system32\kpxxqdeb.dll
2008-08-03 14:25:48 0 d-------- C:\Program Files\Trend Micro
2008-08-01 22:37:09 34176 --a------ C:\Windows\system32\opNEUMec.dll
2008-08-01 22:35:11 347 --ahs---- C:\Windows\system32\RYcbcLRu.ini2
2008-08-01 22:35:05 322816 --a------ C:\Windows\system32\uRLcbcYR.dll
2008-08-01 22:30:09 60928 --a------ C:\Windows\system32\blphctf4j0ea27.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-01 21:36:06 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-01 21:36:06 0 d-------- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 21:27:48 94208 --a------ C:\Windows\system32\pphctf4j0ea27.exe
2008-08-01 07:20:49 129920 --a------ C:\Windows\system32\qlkzdh.dll
2008-08-01 07:20:48 129920 --a------ C:\Windows\system32\uxpscdsv.dll
2008-08-01 07:19:18 0 d-------- C:\Users\All Users\services
2008-08-01 07:19:18 0 d-------- C:\Users\All Users\Application Data\services
2008-08-01 07:19:09 99200 -----n--- C:\Windows\system32\rliwhyxj.dll
2008-08-01 07:17:26 94208 --a------ C:\Windows\edot.exe
2008-08-01 07:17:13 0 d-------- C:\Users\All Users\Secure Solutions
2008-08-01 07:17:13 0 d-------- C:\Users\All Users\Application Data\Secure Solutions
2008-08-01 00:58:36 0 d-------- C:\Program Files\Lavasoft
2008-08-01 00:58:35 0 d-------- C:\Users\All Users\Lavasoft
2008-08-01 00:58:35 0 d-------- C:\Users\All Users\Application Data\Lavasoft
2008-08-01 00:54:53 120960 --a------ C:\Windows\system32\uitjhj.dll
2008-08-01 00:54:52 120960 --a------ C:\Windows\system32\xllyxetm.dll
2008-08-01 00:48:45 775364 --ahs---- C:\Windows\system32\SssuBcfe.ini2
2008-08-01 00:48:38 323328 --a------ C:\Windows\system32\efcBussS.dll
2008-08-01 00:43:34 34176 --a------ C:\Windows\system32\hgGyxXnM.dll
2008-08-01 00:39:46 0 d-------- C:\Program Files\rhcpf4j0ea27
2008-08-01 00:39:37 86016 --a------ C:\Windows\grswptdl.exe
2008-08-01 00:39:37 94208 --a------ C:\Windows\etrp.exe
2008-08-01 00:39:16 110080 --a------ C:\Windows\system32\lphctf4j0ea27.exe
2008-07-07 18:38:30 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-07-07 18:38:15 0 d---s---- C:\Program Files\Xfire
2008-07-07 18:05:41 0 d-------- C:\Program Files\Akella Games
2008-07-07 18:03:34 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-07 01:18:10 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-07-05 00:02:00 0 d-------- C:\Users\All Users\Boson
2008-07-05 00:02:00 0 d-------- C:\Users\All Users\Application Data\Boson
2008-07-05 00:02:00 0 d-------- C:\Program Files\Boson Software
2008-07-04 23:59:04 0 d-------- C:\Windows\system32\URTTEMP


-- Find3M Report ---------------------------------------------------------------

2008-08-03 15:41:15 0 d-------- C:\Users\doomgiver13\AppData\Roaming\DNA
2008-08-03 14:24:13 0 d-------- C:\Program Files\Yahoo!
2008-08-03 14:23:58 0 d-------- C:\Program Files\TaxCut06
2008-08-03 14:21:43 0 d-------- C:\Program Files\Packet Tracer 4.1
2008-08-02 06:47:45 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-02 06:47:09 0 d-------- C:\Program Files\Common Files
2008-08-02 01:54:07 0 d-------- C:\Program Files\Zumie
2008-08-02 01:51:35 0 d-------- C:\Program Files\Google
2008-08-02 01:49:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-02 01:49:18 0 d-------- C:\Program Files\eSobi
2008-08-01 00:56:22 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Heatseeker
2008-08-01 00:56:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 00:44:04 0 d-------- C:\Users\doomgiver13\AppData\Roaming\BitTorrent
2008-08-01 00:39:58 0 d-------- C:\Users\doomgiver13\AppData\Roaming\rhcpf4j0ea27
2008-08-01 00:38:43 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Adobe
2008-07-15 18:39:30 0 d-------- C:\Program Files\World of Warcraft
2008-07-15 18:13:03 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Acreon
2008-07-10 23:22:47 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Roxio
2008-07-09 17:59:04 0 d-------- C:\Program Files\Java
2008-07-07 21:00:25 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Xfire
2008-07-07 18:18:51 0 d-------- C:\Program Files\Opera
2008-07-07 01:17:40 0 d-------- C:\Users\doomgiver13\AppData\Roaming\DAEMON Tools
2008-07-02 21:45:34 0 d-------- C:\Program Files\Windows Mail
2008-07-02 21:44:27 0 d-------- C:\Program Files\Microsoft Silverlight
2008-07-02 17:56:25 0 d-------- C:\Program Files\Real
2008-07-02 17:55:33 0 d-------- C:\Program Files\IntelliAdmin
2008-07-02 00:41:27 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-06-23 19:19:01 0 d-------- C:\Program Files\DivX
2008-06-23 19:18:40 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-18 22:03:53 0 d-------- C:\Program Files\Freeze.com
2008-06-18 22:03:52 0 d-------- C:\Users\doomgiver13\AppData\Roaming\WeatherBug
2008-06-18 22:03:25 0 d-------- C:\Program Files\Freeze.com Toolbar
2008-06-04 20:31:24 2293 --a------ C:\Windows\ipconfig.dat
2008-06-04 20:29:54 2293 --a------ C:\Windows\checkip.dat
2008-06-04 01:43:56 256 --a------ C:\Windows\system32\pool.bin
2008-06-04 01:30:39 0 d-------- C:\Users\doomgiver13\AppData\Roaming\Research In Motion
2008-06-04 01:28:00 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-04 01:27:34 6 --ahs---- C:\Users\doomgiver13\AppData\Roaming\desktop.ini
2008-06-04 01:27:33 0 d-------- C:\Program Files\Roxio
2008-06-04 01:26:21 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-04 01:25:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-04 01:23:57 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-04 01:23:36 0 d-------- C:\Program Files\Research In Motion
2008-05-30 18:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 17:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 17:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5E261C-DDE3-4017-814B-8D32047BB822}]
08/01/2008 12:48 AM 323328 --a------ C:\Windows\system32\efcBussS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EC66E48-B863-4413-BC91-463D9CCA093B}]
08/01/2008 12:43 AM 34176 --a------ C:\Windows\system32\opNEUMec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7ADF7C1-14FB-4110-B2DF-187884CAC12A}]
05/15/2008 04:18 PM 1920120 --a------ C:\Program Files\Freeze.com Toolbar\freeze_us.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 04:07 AM C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [02/07/2007 02:04 AM]
"PCMService"="C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" [01/12/2007 11:24 PM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 06:43 AM]
"eRecoveryService"="" []
"Apanel"="C:\ACERSW\config\NewSetApanel.cmd" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 09:38 AM]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [11/03/2006 11:01 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [10/04/2007 08:14 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [10/04/2007 08:14 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [10/04/2007 08:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"lphctf4j0ea27"="C:\Windows\system32\lphctf4j0ea27.exe" [08/01/2008 12:39 AM]
"SMrhcpf4j0ea27"="C:\Program Files\rhcpf4j0ea27\rhcpf4j0ea27.exe" [07/31/2008 03:47 AM]
"MSServer"="C:\Windows\system32\opNEUMec.dll" [08/01/2008 12:43 AM]
"0c15c650"="C:\Windows\system32\kpxxqdeb.dll" [08/03/2008 03:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 08:43 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]
"Winpopup LAN Messenger"="C:\Program Files\Winpopup LAN Messenger\WinPopup.exe" [02/06/2008 12:28 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [06/02/2008 11:50 PM]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/04/2008 10:01 AM]
"s9201"="C:\ProgramData\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" [08/01/2008 07:17 AM]

C:\Users\doomgiver13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [6/7/2006 12:25:20 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [4/25/2007 4:09:22 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4EC66E48-B863-4413-BC91-463D9CCA093B}"= C:\Windows\system32\opNEUMec.dll [08/01/2008 12:43 AM 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {C2501290-6D63-4A1A-8207-D6F1713876C2} - C:\Windows\eqvwamkl.dll [ ]
"wnslvxtf"= {616EA610-1569-4FD9-B134-D09768325129} - C:\Windows\wnslvxtf.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\efcBussS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ae929d-8d5b-11dc-b93f-806e6f6e6963}]
AutoRun\command- E:\swgbg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b47d1ee0-4c78-11dd-905b-0019210bbcbb}]
AutoRun\command- J:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-03 15:46:20 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vistaâ„¢ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3800+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1790.82 MiB / 940.93 MiB
Pagefile Memory (total/avail): 3834.18 MiB / 2390.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.1 MiB

C: is Fixed (NTFS) - 69.78 GiB total, 27.63 GiB free.
D: is Fixed (NTFS) - 69.51 GiB total, 69.42 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST316081 2AS SCSI Disk Device - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 69.78 GiB - C:
\PARTITION2 - Installable File System - 69.51 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AV: avast! antivirus 4.8.1229 [VPS 080803-0] v4.8.1229 (ALWIL Software) Disabled
AS: Spybot - Search and Destroy v1.0.0.6 (Safer Networking Ltd.) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: avast! antivirus 4.8.1229 [VPS 080803-0] v4.8.1229 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\doomgiver13\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TECHHUNTER225
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\doomgiver13
LOCALAPPDATA=C:\Users\doomgiver13\AppData\Local
LOGONSERVER=\\TECHHUNTER225
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\DOOMGI~1\AppData\Local\Temp
TMP=C:\Users\DOOMGI~1\AppData\Local\Temp
USERDOMAIN=techhunter225
USERNAME=doomgiver13
USERPROFILE=C:\Users\doomgiver13
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Frank D. Harris
doomgiver13 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Users\doomgiver13\AppData\Local\{0BC8968B-5A12-4C72-ACF4-4CC9A9A6F102}\TweakVista_Setup.exe
--> MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
--> MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
--> MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
--> MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
--> MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
--> MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Assist --> C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eMode Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer Registration --> C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AntivirXP08 --> "C:\Program Files\rhcpf4j0ea27\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Basic Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2} /l1033
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
EZMedia Box 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE8556FB-4A95-47FA-8E88-A1A18B52105C}\Setup.exe" -l0x9
Heatseeker --> "C:\Users\doomgiver13\AppData\Roaming\Heatseeker\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
HyperTerminal Private Edition v5.0 --> C:\Windows\Unwise32.exe C:\PROGRA~1\WINDOW~2\HYPERT~1\Install.log
In-Fisherman Freshwater Trophies --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}
Indeo® Software --> C:\Windows\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
ISO Recorder --> MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Marvell Miniport Driver --> C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Motorola SM56 Speakerphone Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Move Networks Media Player for Internet Explorer --> C:\Users\doomgiver13\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Media Manager --> MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Shockwave --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WebCam Suite 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF157E38-A290-4265-844B-687E5707899E}\Setup.exe" -l0x9
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Winpopup LAN Messenger 5.2 --> "C:\Program Files\Winpopup LAN Messenger\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type10091 / Warning
Event Submitted/Written: 08/03/2008 02:20:17 PM
Event ID/Source: 10010 / Microsoft-Windows-RestartManager
Event Description:
14324C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exeExternal Installer001671088651

Event Record #/Type10047 / Error
Event Submitted/Written: 08/02/2008 01:53:13 AM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {46ce8d36-f139-4158-956d-ac2fd4175419}

Event Record #/Type10019 / Error
Event Submitted/Written: 08/02/2008 01:48:53 AM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {46ce8d36-f139-4158-956d-ac2fd4175419}

Event Record #/Type9989 / Error
Event Submitted/Written: 08/01/2008 10:54:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module rliwhyxj.dll, version 0.0.0.0, time stamp 0x489078fa, exception code 0xc0000005, fault offset 0x00001108,
process id 0x7f0, application start time 0xExplorer.EXE0.

Event Record #/Type9987 / Error
Event Submitted/Written: 08/01/2008 10:38:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program as2008xp.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 820
Start Time: 01c8f450fe0f7e63
Termination Time: 103



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type41292 / Error
Event Submitted/Written: 08/03/2008 03:43:38 PM
Event ID/Source: 10010 / DCOM
Event Description:
{0002DF01-0000-0000-C000-000000000046}

Event Record #/Type41249 / Warning
Event Submitted/Written: 08/02/2008 10:37:12 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Event Record #/Type41241 / Error
Event Submitted/Written: 08/02/2008 05:35:05 AM
Event ID/Source: 10010 / DCOM
Event Description:
{0002DF01-0000-0000-C000-000000000046}

Event Record #/Type41182 / Error
Event Submitted/Written: 08/01/2008 10:38:39 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
Diagnostic System Host

Event Record #/Type41181 / Error
Event Submitted/Written: 08/01/2008 10:38:37 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
Diagnostic Service Host



-- End of Deckard's System Scanner: finished at 2008-08-03 15:46:20 ------------

Edited by doomgiver13, 03 August 2008 - 03:46 PM.

If you truly live by the sword, it only stands to reason that someone has to die by it.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:39 PM

Posted 03 August 2008 - 04:54 PM

Please go to Start > search then Run> open the run box then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on fix.
Rescan again and it should say all associations ok.
====================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill explorer]
    C:\Windows\System32\rliwhyxj.dll
    C:\Windows\System32\efcBussS.dll
    C:\Windows\System32\opNEUMec.dll
    C:\Windows\System32\kpxxqdeb.dll
    C:\Windows\system32\RYcbcLRu.ini2
    C:\Windows\system32\uRLcbcYR.dll
    C:\Windows\system32\blphctf4j0ea27.scr 
    C:\Windows\system32\pphctf4j0ea27.exe
    C:\Windows\system32\qlkzdh.dll
    C:\Windows\system32\uxpscdsv.dll
    C:\Windows\edot.exe
    C:\Windows\system32\uitjhj.dll
    C:\Windows\system32\xllyxetm.dll
    C:\Windows\system32\SssuBcfe.ini2
    C:\Windows\system32\efcBussS.dll
    C:\Windows\system32\hgGyxXnM.dll
    C:\Program Files\rhcpf4j0ea27
    C:\Windows\grswptdl.exe
    C:\Windows\etrp.exe
    C:\Windows\system32\lphctf4j0ea27.exe
    C:\ProgramData\Secure Solutions
    C:\Users\All Users\Secure Solutions
    C:\Users\All Users\Application Data\Secure Solutions
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\eqvwamkl
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wnslvxtf
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ae929d-8d5b-11dc-b93f-806e6f6e6963}
    E:\swgbg.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b47d1ee0-4c78-11dd-905b-0019210bbcbb}
    J:\Autorun.exe
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=============================
Please post back with these logs in your next reply:
Ot Move it log
Mbam log
New dss log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:39 PM

Posted 16 August 2008 - 08:44 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users