Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure What Kind Of Infection (malware?)


  • This topic is locked This topic is locked
17 replies to this topic

#1 enticle

enticle

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 02 September 2008 - 05:26 PM

I was directed to this site to post a log. I have some sort of malware which is causing popups to try and get me to buy there 'spyware removal programs' and I've tried many malware removal programs and nothing is getting rid of this. It also added something called pchealthcenter onto my computer which I deleted.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:26 PM, on 02/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\ahgpifan\gzsnazgj.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\VIEC13B.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\VIEC1A9.exe
C:\Windows\System32\VIEC1D7.exe
C:\Windows\System32\VIEC4E3.exe
C:\Windows\System32\VIE3F8F.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PCHealthCenter\0.exe
C:\Windows\system32\mjmvmvkh.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\winlo.exe
C:\winlo.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\mjmvmvkh.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows] C:\Users\Doug\AppData\Local\Temp\Setup_ver1.1400.0.exe
O4 - HKLM\..\Run: [lphcnjoj0ecfc] C:\Windows\system32\lphcnjoj0ecfc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\Windows\system32\sysrest32.exe
O4 - HKLM\..\Run: [\VIE368A.exe] C:\Windows\System32\VIE368A.exe
O4 - HKLM\..\Run: [\VIE37B2.exe] C:\Windows\System32\VIE37B2.exe
O4 - HKLM\..\Run: [\VIE3AED.exe] C:\Windows\System32\VIE3AED.exe
O4 - HKLM\..\Run: [\VIE6112.exe] C:\Windows\System32\VIE6112.exe
O4 - HKLM\..\Run: [\VIEE243.exe] C:\Windows\System32\VIEE243.exe
O4 - HKLM\..\Run: [\VIEC2A2.exe] C:\Windows\System32\VIEC2A2.exe
O4 - HKLM\..\Run: [\VIEC30F.exe] C:\Windows\System32\VIEC30F.exe
O4 - HKLM\..\Run: [\VIEC2B2.exe] C:\Windows\System32\VIEC2B2.exe
O4 - HKLM\..\Run: [\VIE4059.exe] C:\Windows\System32\VIE4059.exe
O4 - HKLM\..\Run: [\VIEC13B.exe] C:\Windows\System32\VIEC13B.exe
O4 - HKLM\..\Run: [\VIEC1A9.exe] C:\Windows\System32\VIEC1A9.exe
O4 - HKLM\..\Run: [\VIEC1D7.exe] C:\Windows\System32\VIEC1D7.exe
O4 - HKLM\..\Run: [\VIEC4E3.exe] C:\Windows\System32\VIEC4E3.exe
O4 - HKLM\..\Run: [\VIE3F8F.exe] C:\Windows\System32\VIE3F8F.exe
O4 - HKLM\..\Run: [\VIE75CA.exe] C:\Windows\System32\VIE75CA.exe
O4 - HKLM\..\Run: [\VIE75BB.exe] C:\Windows\System32\VIE75BB.exe
O4 - HKLM\..\Run: [\VIE7676.exe] C:\Windows\System32\VIE7676.exe
O4 - HKLM\..\Run: [\VIE78E6.exe] C:\Windows\System32\VIE78E6.exe
O4 - HKLM\..\Run: [\VIEF372.exe] C:\Windows\System32\VIEF372.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [admstrweb] C:\Windows\system32\gtexalwr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msgcfgsmart] C:\Windows\system32\wtedqjcp.exe
O4 - HKCU\..\Run: [\VIE368A.exe] C:\Windows\System32\VIE368A.exe
O4 - HKCU\..\Run: [\VIE37B2.exe] C:\Windows\System32\VIE37B2.exe
O4 - HKCU\..\Run: [\VIE3AED.exe] C:\Windows\System32\VIE3AED.exe
O4 - HKCU\..\Run: [\VIE6112.exe] C:\Windows\System32\VIE6112.exe
O4 - HKCU\..\Run: [\VIEE243.exe] C:\Windows\System32\VIEE243.exe
O4 - HKCU\..\Run: [\VIEC2A2.exe] C:\Windows\System32\VIEC2A2.exe
O4 - HKCU\..\Run: [\VIEC30F.exe] C:\Windows\System32\VIEC30F.exe
O4 - HKCU\..\Run: [\VIEC2B2.exe] C:\Windows\System32\VIEC2B2.exe
O4 - HKCU\..\Run: [\VIE4059.exe] C:\Windows\System32\VIE4059.exe
O4 - HKCU\..\Run: [\VIEC13B.exe] C:\Windows\System32\VIEC13B.exe
O4 - HKCU\..\Run: [\VIEC1A9.exe] C:\Windows\System32\VIEC1A9.exe
O4 - HKCU\..\Run: [\VIEC1D7.exe] C:\Windows\System32\VIEC1D7.exe
O4 - HKCU\..\Run: [\VIEC4E3.exe] C:\Windows\System32\VIEC4E3.exe
O4 - HKCU\..\Run: [\VIE3F8F.exe] C:\Windows\System32\VIE3F8F.exe
O4 - HKCU\..\Run: [\VIE75CA.exe] C:\Windows\System32\VIE75CA.exe
O4 - HKCU\..\Run: [\VIE75BB.exe] C:\Windows\System32\VIE75BB.exe
O4 - HKCU\..\Run: [\VIE7676.exe] C:\Windows\System32\VIE7676.exe
O4 - HKCU\..\Run: [\VIE78E6.exe] C:\Windows\System32\VIE78E6.exe
O4 - HKCU\..\Run: [uiadm] C:\Windows\system32\mjmvmvkh.exe
O4 - HKCU\..\Run: [\VIEF372.exe] C:\Windows\System32\VIEF372.exe
O4 - HKLM\..\Policies\Explorer\Run: [GMjjswgBGk] C:\ProgramData\ahgpifan\gzsnazgj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CmdWeb - {5D386E3A-132D-E4F4-F9E6-050A6A1D78D4} - C:\Program Files\teduqrd\CmdWeb.dll (file missing)
O21 - SSODL: tsxngabr - {91D18F3B-0BF4-41FB-BADB-3565035B39B1} - C:\Windows\tsxngabr.dll (file missing)
O21 - SSODL: RKxlMsYla - {58F66F2B-F25C-C581-4D37-874676113A67} - C:\Windows\system32\zqfxun.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11523 bytes

Edited by enticle, 02 September 2008 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 02 September 2008 - 07:24 PM

Hello enticle

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 02 September 2008 - 07:41 PM

Logfile of random's system information tool (written by random/random)
Run by Doug at 2008-09-02 17:39:04
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 23 GB (10%) free of 234 GB
Total RAM: 3071 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:43 PM, on 02/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\ahgpifan\gzsnazgj.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\VIE7425.exe
C:\Windows\System32\VIE76E3.exe
C:\Windows\System32\VIE2E8E.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\ifodytyz.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\wuauclt.exe
C:\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Doug.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [\VIEEFE9.exe] C:\Windows\System32\VIEEFE9.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [\VIE7425.exe] C:\Windows\System32\VIE7425.exe
O4 - HKLM\..\Run: [\VIE76E3.exe] C:\Windows\System32\VIE76E3.exe
O4 - HKLM\..\Run: [\VIE2E8E.exe] C:\Windows\System32\VIE2E8E.exe
O4 - HKLM\..\Run: [\VIEC1B8.exe] C:\Windows\System32\VIEC1B8.exe
O4 - HKLM\..\Run: [\VIEC0CE.exe] C:\Windows\System32\VIEC0CE.exe
O4 - HKLM\..\Run: [\VIEC3BB.exe] C:\Windows\System32\VIEC3BB.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [enweb] C:\Windows\system32\ifodytyz.exe
O4 - HKCU\..\Run: [\VIEEFE9.exe] C:\Windows\System32\VIEEFE9.exe
O4 - HKCU\..\Run: [\VIE7425.exe] C:\Windows\System32\VIE7425.exe
O4 - HKCU\..\Run: [\VIE76E3.exe] C:\Windows\System32\VIE76E3.exe
O4 - HKCU\..\Run: [\VIE2E8E.exe] C:\Windows\System32\VIE2E8E.exe
O4 - HKCU\..\Run: [\VIEC1B8.exe] C:\Windows\System32\VIEC1B8.exe
O4 - HKCU\..\Run: [\VIEC0CE.exe] C:\Windows\System32\VIEC0CE.exe
O4 - HKCU\..\Run: [\VIEC3BB.exe] C:\Windows\System32\VIEC3BB.exe
O4 - HKLM\..\Policies\Explorer\Run: [GMjjswgBGk] C:\ProgramData\ahgpifan\gzsnazgj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CmdWeb - {5D386E3A-132D-E4F4-F9E6-050A6A1D78D4} - (no file)
O21 - SSODL: tsxngabr - {91D18F3B-0BF4-41FB-BADB-3565035B39B1} - (no file)
O21 - SSODL: RKxlMsYla - {58F66F2B-F25C-C581-4D37-874676113A67} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 10253 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-21 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-21 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-21 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"eRecoveryService"= []
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-05-06 196128]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-19 1232152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"\VIEEFE9.exe"=C:\Windows\System32\VIEEFE9.exe [2008-09-01 78848]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-08-14 716800]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"\VIE7425.exe"=C:\Windows\System32\VIE7425.exe [2008-09-01 29184]
"\VIE76E3.exe"=C:\Windows\System32\VIE76E3.exe [2008-09-01 28160]
"\VIE2E8E.exe"=C:\Windows\System32\VIE2E8E.exe [2008-09-01 28160]
"\VIEC1B8.exe"=C:\Windows\System32\VIEC1B8.exe [2008-09-01 28160]
"\VIEC0CE.exe"=C:\Windows\System32\VIEC0CE.exe [2008-09-01 29184]
"\VIEC3BB.exe"=C:\Windows\System32\VIEC3BB.exe [2008-09-01 28160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"GMjjswgBGk"=C:\ProgramData\ahgpifan\gzsnazgj.exe [2008-08-18 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"enweb"=C:\Windows\system32\ifodytyz.exe [2008-09-02 90112]
"\VIEEFE9.exe"=C:\Windows\System32\VIEEFE9.exe [2008-09-01 78848]
"\VIE7425.exe"=C:\Windows\System32\VIE7425.exe [2008-09-01 29184]
"\VIE76E3.exe"=C:\Windows\System32\VIE76E3.exe [2008-09-01 28160]
"\VIE2E8E.exe"=C:\Windows\System32\VIE2E8E.exe [2008-09-01 28160]
"\VIEC1B8.exe"=C:\Windows\System32\VIEC1B8.exe [2008-09-01 28160]
"\VIEC0CE.exe"=C:\Windows\System32\VIEC0CE.exe [2008-09-01 29184]
"\VIEC3BB.exe"=C:\Windows\System32\VIEC3BB.exe [2008-09-01 28160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ASETRES.EXE
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
CmdWeb - {5D386E3A-132D-E4F4-F9E6-050A6A1D78D4}
tsxngabr - {91D18F3B-0BF4-41FB-BADB-3565035B39B1}
RKxlMsYla - {58F66F2B-F25C-C581-4D37-874676113A67}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D4CDD46-2A9A-468B-B31F-94F8AEA3C613}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdssserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=1
"DisableTaskMgr"=0
"NoDispBackgroundPage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee6e65d-6cf2-11dd-9cb8-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe
shell\directx\command - E:\DirectX9\dxsetup.exe
shell\setup\command - E:\setup.exe


File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-02 17:39:04 ----D---- C:\rsit
2008-09-02 17:27:59 ----A---- C:\Windows\system32\VIEC3BB.exe
2008-09-02 17:27:59 ----A---- C:\Windows\system32\VIEC1B8.exe
2008-09-02 17:27:59 ----A---- C:\Windows\system32\VIEC0CE.exe
2008-09-02 17:20:49 ----A---- C:\Windows\system32\VIE2E8E.exe
2008-09-02 17:20:02 ----A---- C:\Windows\system32\VIE76E3.exe
2008-09-02 17:20:01 ----A---- C:\Windows\system32\VIE7425.exe
2008-09-02 17:17:18 ----D---- C:\Windows\system32\logs
2008-09-02 17:17:10 ----D---- C:\Users\Doug\AppData\Roaming\BitDefender
2008-09-02 17:17:09 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-02 17:16:42 ----D---- C:\ProgramData\BitDefender
2008-09-02 17:16:41 ----D---- C:\Program Files\BitDefender
2008-09-02 17:15:50 ----D---- C:\Windows\system32\URTTEMP
2008-09-02 17:04:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-02 16:58:43 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-02 16:35:51 ----D---- C:\Program Files\CCleaner
2008-09-02 16:34:44 ----A---- C:\Windows\system32\VIEEFE9.exe
2008-09-02 16:29:15 ----A---- C:\Windows\system32\ifodytyz.exe
2008-09-02 16:29:14 ----D---- C:\Program Files\PCHealthCenter
2008-09-02 15:16:15 ----D---- C:\Program Files\Trend Micro
2008-09-02 14:03:26 ----A---- C:\winlo.exe
2008-09-02 12:36:17 ----D---- C:\Program Files\MSA
2008-08-28 04:37:02 ----D---- C:\Windows\.jagex_cache_32
2008-08-28 04:36:59 ----D---- C:\Windows\Sun
2008-08-28 04:36:36 ----A---- C:\Windows\system32\javaws.exe
2008-08-28 04:36:36 ----A---- C:\Windows\system32\javaw.exe
2008-08-28 04:36:36 ----A---- C:\Windows\system32\java.exe
2008-08-28 04:35:52 ----D---- C:\Program Files\Java
2008-08-28 04:35:13 ----D---- C:\Program Files\Common Files\Java
2008-08-27 14:03:26 ----A---- C:\Windows\system32\xfcodec.dll
2008-08-27 08:28:27 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-08-27 08:28:27 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-08-27 08:28:27 ----A---- C:\Windows\system32\ff_vfw.dll
2008-08-27 08:28:26 ----D---- C:\Program Files\ffdshow
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wups2.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wucltux.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wups.dll
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wudriver.dll
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wuapi.dll
2008-08-27 03:55:34 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-27 03:55:34 ----A---- C:\Windows\system32\wuapp.exe
2008-08-25 01:41:51 ----A---- C:\Windows\BlendSettings.ini
2008-08-25 01:33:51 ----D---- C:\Program Files\Folding@Home #01
2008-08-25 00:53:57 ----D---- C:\Program Files\Bethesda Softworks
2008-08-24 19:42:06 ----HD---- C:\Windows\PIF
2008-08-24 00:34:11 ----A---- C:\Windows\system32\imagecfg.exe
2008-08-23 22:41:50 ----D---- C:\Users\Doug\AppData\Roaming\Publish Providers
2008-08-23 22:41:40 ----D---- C:\Users\Doug\AppData\Roaming\Sony
2008-08-23 22:36:19 ----D---- C:\ProgramData\Sony
2008-08-23 22:17:29 ----D---- C:\Program Files\Sony
2008-08-23 22:16:32 ----D---- C:\Program Files\Sony Setup
2008-08-23 14:09:12 ----D---- C:\Program Files\Colin Mcrae DiRT
2008-08-22 21:54:42 ----D---- C:\Program Files\GTR2
2008-08-21 14:56:32 ----D---- C:\ProgramData\NexonUS
2008-08-21 14:56:32 ----D---- C:\Program Files\Combat Arms
2008-08-20 16:00:26 ----D---- C:\Users\Doug\AppData\Roaming\GetRightToGo
2008-08-20 15:41:25 ----D---- C:\ProgramData\Test Drive Unlimited
2008-08-20 15:07:55 ----D---- C:\Program Files\UltraISO
2008-08-20 15:07:55 ----D---- C:\Program Files\Common Files\EZB Systems
2008-08-20 14:36:44 ----D---- C:\ProgramData\HlpMntAct
2008-08-20 02:35:53 ----D---- C:\ProgramData\msgchkwin
2008-08-20 00:58:48 ----D---- C:\Users\Doug\AppData\Roaming\Winamp
2008-08-19 17:01:57 ----D---- C:\ProgramData\Codemasters
2008-08-19 17:00:11 ----RA---- C:\Windows\system32\tmp1A28.tmp
2008-08-19 16:59:08 ----RA---- C:\Windows\system32\tmp1A27.tmp
2008-08-19 14:35:47 ----D---- C:\ProgramData\ChkAct
2008-08-19 14:29:55 ----HD---- C:\$AVG8.VAULT$
2008-08-19 14:29:34 ----D---- C:\ProgramData\WinWeb
2008-08-19 14:29:26 ----D---- C:\ProgramData\comproc
2008-08-19 14:23:33 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-19 14:23:18 ----D---- C:\ProgramData\avg8
2008-08-19 14:23:18 ----D---- C:\Program Files\AVG
2008-08-19 02:22:07 ----D---- C:\ProgramData\MonCmdWin
2008-08-19 02:22:06 ----D---- C:\ProgramData\dscwinsmart
2008-08-19 02:19:01 ----RA---- C:\Windows\system32\tmpE4E4.tmp
2008-08-19 02:17:29 ----RA---- C:\Windows\system32\tmpE4C3.tmp
2008-08-19 00:44:33 ----D---- C:\ProgramData\MonComApi
2008-08-19 00:44:29 ----D---- C:\ProgramData\chkcomact
2008-08-19 00:38:36 ----D---- C:\ProgramData\dscdb
2008-08-19 00:38:33 ----D---- C:\ProgramData\srvmoncfg
2008-08-19 00:34:22 ----D---- C:\Users\Doug\AppData\Roaming\Malwarebytes
2008-08-19 00:34:17 ----D---- C:\ProgramData\Malwarebytes
2008-08-19 00:34:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 00:24:35 ----D---- C:\ProgramData\msgcom
2008-08-19 00:24:32 ----D---- C:\ProgramData\mntapicmd
2008-08-19 00:20:25 ----D---- C:\ProgramData\utilhlp
2008-08-19 00:20:19 ----D---- C:\ProgramData\AdmSrv
2008-08-18 23:58:19 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-08-18 23:58:14 ----D---- C:\Users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2008-08-18 23:58:14 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-18 23:56:24 ----D---- C:\ProgramData\GenUiMon
2008-08-18 23:56:22 ----D---- C:\ProgramData\DbStr
2008-08-18 23:35:39 ----D---- C:\Program Files\Lavasoft
2008-08-18 23:35:38 ----D---- C:\ProgramData\Lavasoft
2008-08-18 23:17:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-08-18 23:17:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-18 20:39:45 ----D---- C:\Windows\Minidump
2008-08-18 20:35:43 ----RA---- C:\Windows\system32\tmpC71D.tmp
2008-08-18 20:35:43 ----D---- C:\Program Files\OpenAL
2008-08-18 20:35:43 ----A---- C:\Windows\system32\wrap_oal.dll
2008-08-18 20:35:43 ----A---- C:\Windows\system32\OpenAL32.dll
2008-08-18 20:35:42 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xinput1_3.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx10.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xinput1_2.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xinput1_1.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-08-18 20:35:35 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-08-18 20:35:26 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-08-18 20:35:26 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-08-18 20:35:25 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-08-18 20:34:42 ----RA---- C:\Windows\system32\tmpC71C.tmp
2008-08-18 20:24:35 ----D---- C:\ProgramData\ahgpifan
2008-08-18 19:54:08 ----D---- C:\Users\Doug\AppData\Roaming\WinRAR
2008-08-18 19:53:54 ----D---- C:\Program Files\WinRar
2008-08-18 16:26:34 ----D---- C:\Users\Doug\AppData\Roaming\Ventrilo
2008-08-18 14:03:15 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-08-18 13:50:12 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-08-18 12:38:15 ----D---- C:\Users\Doug\AppData\Roaming\Mozilla
2008-08-18 12:34:00 ----D---- C:\EGIS_Drive
2008-08-18 12:31:31 ----D---- C:\Users\Doug\AppData\Roaming\Xfire
2008-08-18 12:31:28 ----D---- C:\ProgramData\Xfire
2008-08-18 12:31:27 ----D---- C:\Program Files\Xfire
2008-08-18 12:31:15 ----D---- C:\Program Files\Ventrilo
2008-08-18 12:30:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 12:30:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-18 12:27:22 ----N---- C:\Windows\system32\vxblock.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxwave.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxsfs.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxmas.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxinsa64.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxhpinst.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxdrv.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxcpya64.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxafs.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\px.dll
2008-08-18 12:27:20 ----D---- C:\Program Files\Winamp
2008-08-18 12:23:12 ----AD---- C:\ProgramData\TEMP
2008-08-18 12:23:11 ----D---- C:\Program Files\Fraps
2008-08-18 12:15:51 ----D---- C:\Program Files\GameSpy Arcade
2008-08-18 12:15:08 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-08-18 12:00:12 ----D---- C:\Program Files\Sierra
2008-08-18 11:52:30 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-08-18 11:43:22 ----D---- C:\Program Files\Directx
2008-08-18 11:32:41 ----D---- C:\Program Files\WarRock
2008-08-18 11:32:10 ----D---- C:\Users\Doug\AppData\Roaming\InstallShield
2008-08-18 00:58:28 ----D---- C:\Program Files\BitLord
2008-08-18 00:56:36 ----D---- C:\Downloads
2008-08-18 00:55:24 ----D---- C:\Users\Doug\AppData\Roaming\Adobe
2008-08-18 00:54:46 ----A---- C:\Windows\system32\nvuhda.exe
2008-08-18 00:54:46 ----A---- C:\Windows\system32\nvcohda.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\Oemdspif.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atiumdva.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atiumdag.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atitmmxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atipdlxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atioglxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\ATIODE.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ATIODCLI.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\atidxx32.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ATIDEMGX.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\Ati2evxx.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\Ati2evxx.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ati2edxx.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\amdpcom32.dll
2008-08-18 00:54:36 ----A---- C:\Windows\devcon.exe
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoZht.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoZhc.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoTr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoTh.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSv.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSk.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoRu.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPtb.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPt.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoNo.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoNl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoKo.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoJa.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoIt.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoHu.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoHe.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoFr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoFi.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEsm.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEs.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoENU.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEng.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoDe.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoDa.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoCs.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoAr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\nvraidco.dll
2008-08-18 00:34:13 ----D---- C:\Users\Doug\AppData\Roaming\Leadertech
2008-08-18 00:34:13 ----D---- C:\Users\Doug\AppData\Roaming\Acer
2008-08-18 00:33:58 ----D---- C:\Users\Doug\AppData\Roaming\Macromedia
2008-08-18 00:28:00 ----A---- C:\Windows\system32\tzres.dll
2008-08-18 00:27:32 ----A---- C:\Windows\system32\msshooks.dll
2008-08-18 00:27:31 ----A---- C:\Windows\system32\msscb.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\wsepno.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-18 00:27:29 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\propsys.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\propdefs.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\msstrc.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\msshsq.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\tquery.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-18 00:27:28 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-18 00:27:28 ----A---- C:\Windows\system32\offfilt.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssvp.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssrch.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssph.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-18 00:25:18 ----D---- C:\Program Files\MSXML 4.0
2008-08-18 00:24:28 ----D---- C:\Windows\Acer_Wide
2008-08-18 00:24:28 ----D---- C:\Program Files\Acer Incorporated
2008-08-18 00:24:28 ----A---- C:\Windows\Acer(Wide).ini
2008-08-18 00:24:28 ----A---- C:\Windows\Acer(Normal).ini
2008-08-18 00:24:17 ----D---- C:\Windows\Acer_Normal
2008-08-18 00:24:10 ----A---- C:\Windows\system32\es.dll
2008-08-18 00:23:55 ----A---- C:\Windows\system32\mshtml.dll
2008-08-18 00:23:55 ----A---- C:\Windows\system32\ieframe.dll
2008-08-18 00:23:54 ----A---- C:\Windows\system32\wininet.dll
2008-08-18 00:23:54 ----A---- C:\Windows\system32\urlmon.dll
2008-08-18 00:23:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-18 00:23:51 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-18 00:23:39 ----A---- C:\Windows\system32\EncDec.dll
2008-08-18 00:23:34 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-18 00:23:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-18 00:23:26 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-18 00:23:11 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerzht.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerzhc.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServertr.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerth.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersv.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersk.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerru.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerptb.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerpt.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerpl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerno.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServernl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerko.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerja.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerit.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerhu.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerhe.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerfr.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerfi.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServeres.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerenu.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServereng.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerel.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerde.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerda.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServercs.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerar.dll
2008-08-18 00:23:05 ----A---- C:\Windows\system32\NvRaidServer.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectiontr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionru.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionptb.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardtr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardru.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardptb.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvtr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvru.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionfi.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectiones.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardfi.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvptb.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvfi.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectioneng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectioncs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\nvsataconnection.exe
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardes.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardeng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardcs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizard.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSves.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSveng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvcs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\nvraidservice.exe
2008-08-18 00:22:18 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-18 00:21:57 ----A---- C:\Windows\system32\rpcrt4.dll
2008-08-18 00:21:56 ----A---- C:\Windows\system32\pacerprf.dll
2008-08-18 00:21:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-08-18 00:21:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-08-18 00:21:56 ----A---- C:\Windows\system32\emdmgmt.dll
2008-08-18 00:21:21 ----A---- C:\Windows\system32\shell32.dll
2008-08-18 00:21:12 ----A---- C:\Windows\system32\kd1394.dll
2008-08-18 00:21:11 ----A---- C:\Windows\system32\winload.exe
2008-08-18 00:21:11 ----A---- C:\Windows\system32\ci.dll
2008-08-18 00:21:09 ----A---- C:\Windows\system32\winresume.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srdelayed.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srcore.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srclient.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\rstrui.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\kbd106n.dll
2008-08-18 00:20:50 ----A---- C:\Windows\system32\Remove_eRecovery.exe
2008-08-18 00:20:50 ----A---- C:\Windows\system32\LauncheRyAgentUser.exe
2008-08-18 00:20:50 ----A---- C:\Windows\system32\ClearEvent.exe
2008-08-18 00:20:49 ----A---- C:\Windows\system32\CheckD2DSystem.exe
2008-08-18 00:20:49 ----A---- C:\Windows\system32\Acer EULA.txt
2008-08-18 00:20:02 ----A---- C:\Windows\system32\gdi32.dll
2008-08-18 00:19:48 ----A---- C:\Windows\system32\gameux.dll
2008-08-18 00:19:46 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-08-18 00:19:44 ----A---- C:\Windows\system32\vbscript.dll
2008-08-18 00:19:43 ----A---- C:\Windows\system32\jscript.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\wshext.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\wscript.exe
2008-08-18 00:19:42 ----A---- C:\Windows\system32\scrrun.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\scrobj.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\cscript.exe
2008-08-18 00:19:39 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-18 00:19:37 ----A---- C:\Windows\system32\quartz.dll
2008-08-18 00:18:30 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-08-18 00:18:30 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-08-18 00:18:30 ----A---- C:\Windows\SkyTel.exe
2008-08-18 00:18:30 ----A---- C:\Windows\RtlUpd.exe
2008-08-18 00:18:29 ----A---- C:\Windows\system32\FMAPO.dll
2008-08-18 00:17:44 ----D---- C:\Program Files\Acer Registration
2008-08-18 00:17:44 ----D---- C:\Program Files\Acer Assist
2008-08-18 00:16:57 ----D---- C:\Users\Doug\AppData\Roaming\ATI
2008-08-18 00:16:57 ----D---- C:\ProgramData\ATI
2008-08-18 00:16:45 ----SHD---- C:\$RECYCLE.BIN
2008-08-18 00:16:27 ----D---- C:\Users\Doug\AppData\Roaming\Identities
2008-08-18 00:16:07 ----SD---- C:\Users\Doug\AppData\Roaming\Microsoft
2008-08-18 00:16:07 ----D---- C:\Users\Doug\AppData\Roaming\Media Center Programs
2008-08-18 00:16:07 ----D---- C:\Users\Doug\AppData\Roaming\Acer GameZone Console
2008-08-18 00:00:52 ----D---- C:\Program Files\ATI Technologies
2008-08-18 00:00:43 ----D---- C:\Program Files\ATI
2008-08-17 23:58:49 ----D---- C:\Windows\SoftwareDistribution

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-08-14 132800]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-02 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 3514368]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-16 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-09-10 1035168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-21 7629632]
S3 sysrest.sys;sysrest.sys; \??\C:\Windows\system32\sysrest.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\system32\drivers\errdev.sys []
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\system32\drivers\iastor.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\system32\drivers\megasr.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-19 655360]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 873752]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 231192]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-13 393216]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-18 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-08-15 1523712]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-09-02 17:39:45

Uninstall list

Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agatha Christie Death on the Nile-->"C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log"
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alice Greenfingers-->"C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azada-->"C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bookworm Deluxe-->"C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log"
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
Catalyst Control Center - Branding-->MsiExec.exe /I{4677674C-59CE-41B0-AA32-44A30A9D1EEB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chicken Invaders 3-->"C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log"
Chuzzle-->"C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log"
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Diner Dash Flo on the Go-->"C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
ffdshow [rev 2073] [2008-08-11]-->"C:\Program Files\ffdshow\unins000.exe"
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
Folding@Home Services-->MsiExec.exe /I{DFD1CBF6-8C2B-4047-88B6-7E9FC4E0A14C}
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GTR 2 1.0.0.0-->"C:\Program Files\GTR2\Support\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Kick N Rush-->"C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log"
Mahjong Escape Ancient China-->"C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log"
Mahjongg Artifacts-->"C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Huntsville-->"C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log"
Mystery Solitaire - Secret Island-->"C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log"
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UltraISO Premium V9.3-->"C:\Program Files\UltraISO\unins000.exe"
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

Security center information

AV: AVG Anti-Virus Free
AV: BitDefender Antivirus
FW: BitDefender Firewall
AS: BitDefender Antispyware
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 02 September 2008 - 09:43 PM

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 02 September 2008 - 11:53 PM

ComboFix 08-09-01.04 - Doug 2008-09-02 21:36:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2079 [GMT -7:00]
Running from: C:\Users\Doug\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-09-02 21:42 . 2008-09-02 21:42 256,725,174 --a------ C:\Windows\MEMORY.DMP
2008-09-02 21:30 . 2008-09-02 21:33 <DIR> d-------- C:\327882R2FWJFW
2008-09-02 21:25 . 2008-09-01 10:41 29,184 --a------ C:\Windows\System32\VIEBD2.exe
2008-09-02 21:25 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIEB94.exe
2008-09-02 21:25 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE1100.exe
2008-09-02 17:39 . 2008-09-02 17:39 <DIR> d-------- C:\rsit
2008-09-02 17:20 . 2008-09-02 17:20 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-02 17:20 . 2008-09-02 17:20 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-02 17:17 . 2008-09-02 17:17 <DIR> d-------- C:\Windows\System32\logs
2008-09-02 17:17 . 2008-09-02 17:17 <DIR> d-------- C:\Users\Doug\AppData\Roaming\BitDefender
2008-09-02 17:16 . 2008-09-02 17:20 <DIR> d-------- C:\Users\All Users\BitDefender
2008-09-02 17:16 . 2008-09-02 17:20 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-02 17:16 . 2008-09-02 17:17 <DIR> d-------- C:\Program Files\BitDefender
2008-09-02 17:15 . 2008-09-02 17:15 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-02 17:04 . 2008-09-02 17:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-02 16:35 . 2008-09-02 16:35 <DIR> d-------- C:\Program Files\CCleaner
2008-09-02 16:35 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\1.ico
2008-09-02 16:32 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\2.ico
2008-09-02 16:29 . 2008-09-02 16:29 90,112 --a------ C:\Windows\System32\ifodytyz.exe
2008-09-02 15:16 . 2008-09-02 15:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 14:03 . 2008-09-02 16:34 1,220,180 --a------ C:\winlo.exe
2008-09-02 12:36 . 2008-09-02 21:06 <DIR> d-------- C:\Program Files\MSA
2008-08-28 04:37 . 2008-08-28 04:37 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-08-28 04:37 . 2008-09-01 06:02 24 --a------ C:\Users\Doug\jagex_runescape_preferences.dat
2008-08-28 04:36 . 2008-08-28 04:36 <DIR> d-------- C:\Windows\Sun
2008-08-28 04:35 . 2008-08-28 04:36 <DIR> d-------- C:\Program Files\Java
2008-08-28 04:35 . 2008-08-28 04:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\ffdshow
2008-08-27 08:28 . 2008-06-08 23:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-08-27 08:28 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-08-27 08:28 . 2008-06-12 20:37 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-08-27 08:28 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-08-27 03:55 . 2008-07-18 22:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 03:55 . 2008-07-18 20:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 03:55 . 2008-07-18 22:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 03:55 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 03:55 . 2008-07-18 20:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 03:55 . 2008-07-18 22:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 03:55 . 2008-07-18 22:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 03:55 . 2008-07-18 22:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 03:55 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 01:41 . 2008-09-01 08:58 23 --a------ C:\Windows\BlendSettings.ini
2008-08-25 01:33 . 2008-08-25 01:33 <DIR> d-------- C:\Program Files\Folding@Home #01
2008-08-25 00:53 . 2008-08-25 00:53 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-24 19:42 . 2008-08-24 19:42 <DIR> d--h----- C:\Windows\PIF
2008-08-24 00:34 . 2008-08-24 00:11 51,472 --a------ C:\Windows\System32\imagecfg.exe
2008-08-23 22:41 . 2008-08-24 23:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Sony
2008-08-23 22:41 . 2008-08-23 22:41 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Publish Providers
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\Users\All Users\Sony
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\ProgramData\Sony
2008-08-23 22:17 . 2008-08-23 22:35 <DIR> d-------- C:\Program Files\Sony
2008-08-23 22:16 . 2008-08-23 22:16 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-23 14:09 . 2008-08-23 14:10 <DIR> d-------- C:\Program Files\Colin Mcrae DiRT
2008-08-22 21:54 . 2008-08-22 22:01 <DIR> d-------- C:\Program Files\GTR2
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\Users\All Users\NexonUS
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\ProgramData\NexonUS
2008-08-21 14:56 . 2008-08-21 15:19 <DIR> d-------- C:\Program Files\Combat Arms
2008-08-20 16:00 . 2008-08-20 16:02 <DIR> d-------- C:\Users\Doug\AppData\Roaming\GetRightToGo
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\UltraISO
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\Users\All Users\HlpMntAct
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\ProgramData\HlpMntAct
2008-08-20 02:35 . 2008-08-20 02:35 <DIR> d-------- C:\Users\All Users\msgchkwin
2008-08-20 02:35 . 2008-08-20 02:35 <DIR> d-------- C:\ProgramData\msgchkwin
2008-08-20 00:58 . 2008-08-20 00:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Winamp
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\Users\All Users\Codemasters
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\ProgramData\Codemasters
2008-08-19 17:00 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A28.tmp
2008-08-19 16:59 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A27.tmp
2008-08-19 14:35 . 2008-08-19 14:45 <DIR> d-------- C:\Users\All Users\ChkAct
2008-08-19 14:35 . 2008-08-19 14:45 <DIR> d-------- C:\ProgramData\ChkAct
2008-08-19 14:29 . 2008-08-20 19:34 <DIR> d-------- C:\Users\All Users\WinWeb
2008-08-19 14:29 . 2008-08-19 14:30 <DIR> d-------- C:\Users\All Users\comproc
2008-08-19 14:29 . 2008-08-20 19:34 <DIR> d-------- C:\ProgramData\WinWeb
2008-08-19 14:29 . 2008-08-19 14:30 <DIR> d-------- C:\ProgramData\comproc
2008-08-19 14:29 . 2008-09-02 17:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-19 14:23 . 2008-09-02 16:46 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\Users\All Users\avg8
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\ProgramData\avg8
2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Program Files\AVG
2008-08-19 14:23 . 2008-08-19 14:23 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-19 14:23 . 2008-08-19 14:23 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-19 14:23 . 2008-08-19 14:23 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-19 02:22 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\MonCmdWin
2008-08-19 02:22 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\dscwinsmart
2008-08-19 02:22 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\MonCmdWin
2008-08-19 02:22 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\dscwinsmart
2008-08-19 02:19 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4E4.tmp
2008-08-19 02:17 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4C3.tmp
2008-08-19 00:44 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\MonComApi
2008-08-19 00:44 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\chkcomact
2008-08-19 00:44 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\MonComApi
2008-08-19 00:44 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\chkcomact
2008-08-19 00:38 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\srvmoncfg
2008-08-19 00:38 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\dscdb
2008-08-19 00:38 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\srvmoncfg
2008-08-19 00:38 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\dscdb
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 00:34 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-19 00:34 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-19 00:24 . 2008-08-19 00:27 <DIR> d-------- C:\Users\All Users\msgcom
2008-08-19 00:24 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\mntapicmd
2008-08-19 00:24 . 2008-08-19 00:27 <DIR> d-------- C:\ProgramData\msgcom
2008-08-19 00:24 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\mntapicmd
2008-08-19 00:20 . 2008-08-19 00:22 <DIR> d-------- C:\Users\All Users\utilhlp
2008-08-19 00:20 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\AdmSrv
2008-08-19 00:20 . 2008-08-19 00:22 <DIR> d-------- C:\ProgramData\utilhlp
2008-08-19 00:20 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\AdmSrv
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-18 23:56 . 2008-08-19 00:18 <DIR> d-------- C:\Users\All Users\GenUiMon
2008-08-18 23:56 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\DbStr
2008-08-18 23:56 . 2008-08-19 00:18 <DIR> d-------- C:\ProgramData\GenUiMon
2008-08-18 23:56 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\DbStr
2008-08-18 23:35 . 2008-08-18 23:36 <DIR> d-------- C:\Users\All Users\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 12:56 --------- d-----w C:\Program Files\Microsoft Games
2008-08-19 21:35 --------- d-----w C:\ProgramData\McAfee
2008-08-19 21:33 --------- d-----w C:\ProgramData\SiteAdvisor
2008-08-19 05:07 --------- d-----w C:\Program Files\Acer GameZone
2008-08-18 07:54 1,908 ----a-w C:\Windows\CLEANUP.CMD
2008-08-18 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-08-18 07:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-18 06:58 --------- d-----w C:\ProgramData\NVIDIA
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"enweb"="C:\Windows\system32\ifodytyz.exe" [2008-09-02 90112]
"\VIEB94.exe"="C:\Windows\System32\VIEB94.exe" [2008-09-01 28160]
"\VIEBD2.exe"="C:\Windows\System32\VIEBD2.exe" [2008-09-01 29184]
"\VIE1100.exe"="C:\Windows\System32\VIE1100.exe" [2008-09-01 28160]
"\VIE361C.exe"="C:\Windows\System32\VIE361C.exe" [2008-09-01 28160]
"\VIE3699.exe"="C:\Windows\System32\VIE3699.exe" [2008-09-01 29184]
"\VIE3938.exe"="C:\Windows\System32\VIE3938.exe" [2008-09-01 28160]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2008-05-06 196128]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"\VIEB94.exe"="C:\Windows\System32\VIEB94.exe" [2008-09-01 28160]
"\VIEBD2.exe"="C:\Windows\System32\VIEBD2.exe" [2008-09-01 29184]
"\VIE1100.exe"="C:\Windows\System32\VIE1100.exe" [2008-09-01 28160]
"\VIE361C.exe"="C:\Windows\System32\VIE361C.exe" [2008-09-01 28160]
"\VIE3699.exe"="C:\Windows\System32\VIE3699.exe" [2008-09-01 29184]
"\VIE3938.exe"="C:\Windows\System32\VIE3938.exe" [2008-09-01 28160]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"GMjjswgBGk"="C:\ProgramData\ahgpifan\gzsnazgj.exe" [2008-08-18 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{32C14809-E5AC-4CD1-9E7A-EC8CCFFC87F8}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{B0E533A6-85D9-45BF-8B0D-18949D2D1B67}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{CE3F4E9B-D427-4C2A-BDFD-A928AE8A5FE1}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2C433DAA-1D38-411B-84CA-B93F59A425F7}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{1A9BC495-426C-45E5-A6F5-653D0884BBEB}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2053B656-5265-4180-9670-A7C6CF9E1CDB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B744ECB9-933A-4748-A222-60234CDB9BD7}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3A5CE14E-A820-4EBE-BF93-662EA4E45A05}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{35D997C2-5515-450F-8BEC-8068B64F8489}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{F7B4024B-5C88-4CEA-ADC1-ACAB56F5CDEF}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{4A960BCE-ACF1-49F0-9906-A99661028900}C:\\program files\\sierra\\fear\\fearserver.exe"= UDP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"UDP Query User{ADC0EEB1-EAF1-45DB-8B0E-BFAC75F10049}C:\\program files\\sierra\\fear\\fearserver.exe"= TCP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"TCP Query User{FD875219-A417-4AED-A55B-9F2D10224AE1}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{9FF5877E-A931-46CD-BF8B-C34EBEFBAB7A}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{8F8A8B9E-0696-4055-B1F7-E488D1FBC060}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A5FA40E3-8A07-45FB-9420-F78EBE8C5EF9}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{872C824B-2414-4B0F-B167-34F029638338}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"{13835EFA-AC2F-4405-9053-BE9DA9A568D9}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{54B9B6E3-3589-4F73-9783-C86CA22BFDBC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D716586D-11E6-415B-AB83-48596E27E165}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{2C0FD4CD-E93B-41A0-9925-84F866B1A19B}"= UDP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable
"{B5501CE6-B90F-4B86-8965-D42A0904941E}"= TCP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Combat Arms\\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Program Files\\Combat Arms\\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2008-05-06 132128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-19 96520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 231192]
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 3514368]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-19 69128]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
S2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee6e65d-6cf2-11dd-9cb8-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\VIEEFE9.exe - C:\Windows\System32\VIEEFE9.exe
HKCU-Run-\VIE7425.exe - C:\Windows\System32\VIE7425.exe
HKCU-Run-\VIE76E3.exe - C:\Windows\System32\VIE76E3.exe
HKCU-Run-\VIE2E8E.exe - C:\Windows\System32\VIE2E8E.exe
HKCU-Run-\VIEC1B8.exe - C:\Windows\System32\VIEC1B8.exe
HKCU-Run-\VIEC0CE.exe - C:\Windows\System32\VIEC0CE.exe
HKCU-Run-\VIEC3BB.exe - C:\Windows\System32\VIEC3BB.exe
HKCU-Run-\VIEC300.exe - C:\Windows\System32\VIEC300.exe
HKCU-Run-\VIEC35D.exe - C:\Windows\System32\VIEC35D.exe
HKCU-Run-\VIEC5ED.exe - C:\Windows\System32\VIEC5ED.exe
HKCU-Run-\VIEB0E7.exe - C:\Windows\System32\VIEB0E7.exe
HKCU-Run-\VIEB1E0.exe - C:\Windows\System32\VIEB1E0.exe
HKCU-Run-\VIEB450.exe - C:\Windows\System32\VIEB450.exe
HKLM-Run-\VIEEFE9.exe - C:\Windows\System32\VIEEFE9.exe
HKLM-Run-\VIE7425.exe - C:\Windows\System32\VIE7425.exe
HKLM-Run-\VIE76E3.exe - C:\Windows\System32\VIE76E3.exe
HKLM-Run-\VIE2E8E.exe - C:\Windows\System32\VIE2E8E.exe
HKLM-Run-\VIEC1B8.exe - C:\Windows\System32\VIEC1B8.exe
HKLM-Run-\VIEC0CE.exe - C:\Windows\System32\VIEC0CE.exe
HKLM-Run-\VIEC3BB.exe - C:\Windows\System32\VIEC3BB.exe
HKLM-Run-\VIEC300.exe - C:\Windows\System32\VIEC300.exe
HKLM-Run-\VIEC35D.exe - C:\Windows\System32\VIEC35D.exe
HKLM-Run-\VIEC5ED.exe - C:\Windows\System32\VIEC5ED.exe
HKLM-Run-\VIEB0E7.exe - C:\Windows\System32\VIEB0E7.exe
HKLM-Run-\VIEB1E0.exe - C:\Windows\System32\VIEB1E0.exe
HKLM-Run-\VIEB450.exe - C:\Windows\System32\VIEB450.exe
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{5D4CDD46-2A9A-468B-B31F-94F8AEA3C613} - (no file)
SSODL-CmdWeb-{5D386E3A-132D-E4F4-F9E6-050A6A1D78D4} - (no file)
SSODL-RKxlMsYla-{58F66F2B-F25C-C581-4D37-874676113A67} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\nug3iwj8.default\
FF -: plugin - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 21:42:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\1952298d-5bf2-4720-8aee-094f6a45599e.tmp 0 bytes
C:\Users\Doug\AppData\Local\Temp\WPDNSE

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIEEFE9.exe"="C:\\Windows\\System32\\VIEEFE9.exe"
"\\VIE7425.exe"="C:\\Windows\\System32\\VIE7425.exe"
"\\VIE76E3.exe"="C:\\Windows\\System32\\VIE76E3.exe"
"\\VIE2E8E.exe"="C:\\Windows\\System32\\VIE2E8E.exe"
"\\VIEC1B8.exe"="C:\\Windows\\System32\\VIEC1B8.exe"
"\\VIEC0CE.exe"="C:\\Windows\\System32\\VIEC0CE.exe"
"\\VIEC3BB.exe"="C:\\Windows\\System32\\VIEC3BB.exe"
"\\VIEC300.exe"="C:\\Windows\\System32\\VIEC300.exe"
"\\VIEC35D.exe"="C:\\Windows\\System32\\VIEC35D.exe"
"\\VIEC5ED.exe"="C:\\Windows\\System32\\VIEC5ED.exe"
"\\VIEB0E7.exe"="C:\\Windows\\System32\\VIEB0E7.exe"
"\\VIEB1E0.exe"="C:\\Windows\\System32\\VIEB1E0.exe"
"\\VIEB450.exe"="C:\\Windows\\System32\\VIEB450.exe"
"\\VIEB94.exe"="C:\\Windows\\System32\\VIEB94.exe"
"\\VIEBD2.exe"="C:\\Windows\\System32\\VIEBD2.exe"
"\\VIE1100.exe"="C:\\Windows\\System32\\VIE1100.exe"
"\\VIE361C.exe"="C:\\Windows\\System32\\VIE361C.exe"
"\\VIE3699.exe"="C:\\Windows\\System32\\VIE3699.exe"
"\\VIE3938.exe"="C:\\Windows\\System32\\VIE3938.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIEEFE9.exe"="C:\\Windows\\System32\\VIEEFE9.exe"
"\\VIE7425.exe"="C:\\Windows\\System32\\VIE7425.exe"
"\\VIE76E3.exe"="C:\\Windows\\System32\\VIE76E3.exe"
"\\VIE2E8E.exe"="C:\\Windows\\System32\\VIE2E8E.exe"
"\\VIEC1B8.exe"="C:\\Windows\\System32\\VIEC1B8.exe"
"\\VIEC0CE.exe"="C:\\Windows\\System32\\VIEC0CE.exe"
"\\VIEC3BB.exe"="C:\\Windows\\System32\\VIEC3BB.exe"
"\\VIEC300.exe"="C:\\Windows\\System32\\VIEC300.exe"
"\\VIEC35D.exe"="C:\\Windows\\System32\\VIEC35D.exe"
"\\VIEC5ED.exe"="C:\\Windows\\System32\\VIEC5ED.exe"
"\\VIEB0E7.exe"="C:\\Windows\\System32\\VIEB0E7.exe"
"\\VIEB1E0.exe"="C:\\Windows\\System32\\VIEB1E0.exe"
"\\VIEB450.exe"="C:\\Windows\\System32\\VIEB450.exe"
"\\VIEB94.exe"="C:\\Windows\\System32\\VIEB94.exe"
"\\VIEBD2.exe"="C:\\Windows\\System32\\VIEBD2.exe"
"\\VIE1100.exe"="C:\\Windows\\System32\\VIE1100.exe"
"\\VIE361C.exe"="C:\\Windows\\System32\\VIE361C.exe"
"\\VIE3699.exe"="C:\\Windows\\System32\\VIE3699.exe"
"\\VIE3938.exe"="C:\\Windows\\System32\\VIE3938.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Folding@Home #01\Folding@Home #01\FahCore_82.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-09-02 21:49:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 04:48:32

Pre-Run: 24,420,245,504 bytes free
Post-Run: 24,087,461,888 bytes free

421 --- E O F --- 2008-09-03 00:31:35



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:31 PM, on 02/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\ProgramData\ahgpifan\gzsnazgj.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\VIEB94.exe
C:\Windows\System32\VIEBD2.exe
C:\Windows\System32\VIE1100.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\ifodytyz.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [\VIEB94.exe] C:\Windows\System32\VIEB94.exe
O4 - HKLM\..\Run: [\VIEBD2.exe] C:\Windows\System32\VIEBD2.exe
O4 - HKLM\..\Run: [\VIE1100.exe] C:\Windows\System32\VIE1100.exe
O4 - HKLM\..\Run: [\VIE361C.exe] C:\Windows\System32\VIE361C.exe
O4 - HKLM\..\Run: [\VIE3699.exe] C:\Windows\System32\VIE3699.exe
O4 - HKLM\..\Run: [\VIE3938.exe] C:\Windows\System32\VIE3938.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [enweb] C:\Windows\system32\ifodytyz.exe
O4 - HKCU\..\Run: [\VIEB94.exe] C:\Windows\System32\VIEB94.exe
O4 - HKCU\..\Run: [\VIEBD2.exe] C:\Windows\System32\VIEBD2.exe
O4 - HKCU\..\Run: [\VIE1100.exe] C:\Windows\System32\VIE1100.exe
O4 - HKCU\..\Run: [\VIE361C.exe] C:\Windows\System32\VIE361C.exe
O4 - HKCU\..\Run: [\VIE3699.exe] C:\Windows\System32\VIE3699.exe
O4 - HKCU\..\Run: [\VIE3938.exe] C:\Windows\System32\VIE3938.exe
O4 - HKLM\..\Policies\Explorer\Run: [GMjjswgBGk] C:\ProgramData\ahgpifan\gzsnazgj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9531 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 03 September 2008 - 04:59 AM

If you are using 2 antivirus programs please uninstall one before proceedong
=======================================
Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/167070/not-sure-what-kind-of-infection-malware/?p=932935

Collect::
C:\Windows\System32\VIEBD2.exe
C:\Windows\System32\VIEB94.exe
C:\Windows\System32\VIE1100.exe
C:\Windows\System32\ifodytyz.exe
C:\Windows\System32\VIE361C.exe
C:\Windows\System32\VIE3699.exe
C:\Windows\System32\VIE3938.exe
C:\winlo.exe
C:\ProgramData\ahgpifan\gzsnazgj.exe
DirLook::
C:\Users\All Users\msgchkwin
C:\ProgramData\msgchkwin
C:\Users\All Users\ChkAct
C:\ProgramData\ChkAct
C:\Users\All Users\WinWeb
C:\Users\All Users\comproc
C:\ProgramData\WinWeb
C:\ProgramData\comproc
C:\Users\All Users\MonCmdWin
C:\Users\All Users\dscwinsmart
C:\ProgramData\MonCmdWin
C:\ProgramData\dscwinsmart
C:\Users\All Users\MonComApi
C:\Users\All Users\chkcomact
C:\ProgramData\MonComApi
C:\ProgramData\chkcomact
C:\Users\All Users\srvmoncfg
C:\Users\All Users\dscdb
C:\ProgramData\srvmoncfg
C:\ProgramData\dscdb
C:\Users\All Users\msgcom
C:\Users\All Users\mntapicmd
C:\ProgramData\msgcom
C:\ProgramData\mntapicmd
C:\Users\All Users\utilhlp
C:\Users\All Users\AdmSrv
C:\ProgramData\utilhlp
C:\ProgramData\AdmSrv
C:\Users\All Users\GenUiMon
C:\Users\All Users\DbStr
C:\ProgramData\GenUiMon
C:\ProgramData\DbStr

Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 03 September 2008 - 09:55 AM

Ok it looks like you looked at my system processes and told it to delete the processes folders that were there. I did that exact same thing before I came here, but once you delete all those folders and then do a reboot they come back, just like they did now. The problem is still on here. Thanks for the help so far. :)

My AVG keeps finding the problems but is also unable to delete the destination or locate it most the time, yet it finds the problem. So I follow the path that avg gives me to the folders and I'm also unable to delete them. Could this have something to do with the problem?

I can also choose a desktop background now...!! That's a step forward :thumbsup:

ComboFix 08-09-01.04 - Doug 2008-09-03 7:35:53.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2029 [GMT -7:00]
Running from: C:\Users\Doug\Desktop\ComboFix.exe
Command switches used :: C:\Users\Doug\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sc.html
C:\ProgramData\ahgpifan\gzsnazgj.exe
C:\Windows\System32\ifodytyz.exe
C:\Windows\System32\VIE361C.exe
C:\Windows\System32\VIE3699.exe
C:\Windows\System32\VIE3938.exe
C:\winlo.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-09-03 07:26 . 2008-09-03 07:26 <DIR> d-------- C:\Program Files\zbtzmdb
2008-09-03 07:26 . 2008-09-03 07:26 86,016 --a------ C:\Windows\System32\hadkdwzm.exe
2008-09-03 07:26 . 2008-09-01 10:41 29,184 --a------ C:\Windows\System32\VIEF862.exe
2008-09-03 07:25 . 2008-09-01 10:41 29,184 --a------ C:\Windows\System32\VIE64AB.exe
2008-09-03 07:25 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE693D.exe
2008-09-03 07:25 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE6306.exe
2008-09-02 21:42 . 2008-09-02 21:42 256,725,174 --a------ C:\Windows\MEMORY.DMP
2008-09-02 17:39 . 2008-09-02 17:39 <DIR> d-------- C:\rsit
2008-09-02 17:20 . 2008-09-02 17:20 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-02 17:20 . 2008-09-02 17:20 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-02 17:17 . 2008-09-02 17:17 <DIR> d-------- C:\Windows\System32\logs
2008-09-02 17:17 . 2008-09-02 17:17 <DIR> d-------- C:\Users\Doug\AppData\Roaming\BitDefender
2008-09-02 17:16 . 2008-09-02 17:20 <DIR> d-------- C:\Users\All Users\BitDefender
2008-09-02 17:16 . 2008-09-02 17:20 <DIR> d-------- C:\ProgramData\BitDefender
2008-09-02 17:16 . 2008-09-02 17:17 <DIR> d-------- C:\Program Files\BitDefender
2008-09-02 17:15 . 2008-09-02 17:15 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-02 17:04 . 2008-09-02 17:16 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-02 16:35 . 2008-09-02 16:35 <DIR> d-------- C:\Program Files\CCleaner
2008-09-02 16:35 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\1.ico
2008-09-02 16:32 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\2.ico
2008-09-02 15:16 . 2008-09-02 15:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 12:36 . 2008-09-03 07:26 <DIR> d-------- C:\Program Files\MSA
2008-08-28 04:37 . 2008-08-28 04:37 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-08-28 04:37 . 2008-09-01 06:02 24 --a------ C:\Users\Doug\jagex_runescape_preferences.dat
2008-08-28 04:36 . 2008-08-28 04:36 <DIR> d-------- C:\Windows\Sun
2008-08-28 04:35 . 2008-08-28 04:36 <DIR> d-------- C:\Program Files\Java
2008-08-28 04:35 . 2008-08-28 04:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\ffdshow
2008-08-27 08:28 . 2008-06-08 23:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-08-27 08:28 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-08-27 08:28 . 2008-06-12 20:37 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-08-27 08:28 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-08-27 03:55 . 2008-07-18 22:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 03:55 . 2008-07-18 20:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 03:55 . 2008-07-18 22:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 03:55 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 03:55 . 2008-07-18 20:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 03:55 . 2008-07-18 22:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 03:55 . 2008-07-18 22:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 03:55 . 2008-07-18 22:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 03:55 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 01:41 . 2008-09-01 08:58 23 --a------ C:\Windows\BlendSettings.ini
2008-08-25 01:33 . 2008-08-25 01:33 <DIR> d-------- C:\Program Files\Folding@Home #01
2008-08-25 00:53 . 2008-08-25 00:53 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-24 19:42 . 2008-08-24 19:42 <DIR> d--h----- C:\Windows\PIF
2008-08-24 00:34 . 2008-08-24 00:11 51,472 --a------ C:\Windows\System32\imagecfg.exe
2008-08-23 22:41 . 2008-08-24 23:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Sony
2008-08-23 22:41 . 2008-08-23 22:41 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Publish Providers
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\Users\All Users\Sony
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\ProgramData\Sony
2008-08-23 22:17 . 2008-08-23 22:35 <DIR> d-------- C:\Program Files\Sony
2008-08-23 22:16 . 2008-08-23 22:16 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-23 14:09 . 2008-08-23 14:10 <DIR> d-------- C:\Program Files\Colin Mcrae DiRT
2008-08-22 21:54 . 2008-08-22 22:01 <DIR> d-------- C:\Program Files\GTR2
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\Users\All Users\NexonUS
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\ProgramData\NexonUS
2008-08-21 14:56 . 2008-08-21 15:19 <DIR> d-------- C:\Program Files\Combat Arms
2008-08-20 16:00 . 2008-08-20 16:02 <DIR> d-------- C:\Users\Doug\AppData\Roaming\GetRightToGo
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\UltraISO
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\Users\All Users\HlpMntAct
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\ProgramData\HlpMntAct
2008-08-20 02:35 . 2008-08-20 02:35 <DIR> d-------- C:\Users\All Users\msgchkwin
2008-08-20 02:35 . 2008-08-20 02:35 <DIR> d-------- C:\ProgramData\msgchkwin
2008-08-20 00:58 . 2008-08-20 00:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Winamp
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\Users\All Users\Codemasters
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\ProgramData\Codemasters
2008-08-19 17:00 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A28.tmp
2008-08-19 16:59 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A27.tmp
2008-08-19 14:35 . 2008-08-19 14:45 <DIR> d-------- C:\Users\All Users\ChkAct
2008-08-19 14:35 . 2008-08-19 14:45 <DIR> d-------- C:\ProgramData\ChkAct
2008-08-19 14:29 . 2008-08-20 19:34 <DIR> d-------- C:\Users\All Users\WinWeb
2008-08-19 14:29 . 2008-08-19 14:30 <DIR> d-------- C:\Users\All Users\comproc
2008-08-19 14:29 . 2008-08-20 19:34 <DIR> d-------- C:\ProgramData\WinWeb
2008-08-19 14:29 . 2008-08-19 14:30 <DIR> d-------- C:\ProgramData\comproc
2008-08-19 14:29 . 2008-09-03 07:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-19 14:23 . 2008-09-02 16:46 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\Users\All Users\avg8
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\ProgramData\avg8
2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Program Files\AVG
2008-08-19 14:23 . 2008-08-19 14:23 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-19 14:23 . 2008-08-19 14:23 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-19 14:23 . 2008-08-19 14:23 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-19 02:22 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\MonCmdWin
2008-08-19 02:22 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\dscwinsmart
2008-08-19 02:22 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\MonCmdWin
2008-08-19 02:22 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\dscwinsmart
2008-08-19 02:19 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4E4.tmp
2008-08-19 02:17 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4C3.tmp
2008-08-19 00:44 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\MonComApi
2008-08-19 00:44 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\chkcomact
2008-08-19 00:44 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\MonComApi
2008-08-19 00:44 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\chkcomact
2008-08-19 00:38 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\srvmoncfg
2008-08-19 00:38 . 2008-08-19 14:27 <DIR> d-------- C:\Users\All Users\dscdb
2008-08-19 00:38 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\srvmoncfg
2008-08-19 00:38 . 2008-08-19 14:27 <DIR> d-------- C:\ProgramData\dscdb
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 00:34 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-19 00:34 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-19 00:24 . 2008-08-19 00:27 <DIR> d-------- C:\Users\All Users\msgcom
2008-08-19 00:24 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\mntapicmd
2008-08-19 00:24 . 2008-08-19 00:27 <DIR> d-------- C:\ProgramData\msgcom
2008-08-19 00:24 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\mntapicmd
2008-08-19 00:20 . 2008-08-19 00:22 <DIR> d-------- C:\Users\All Users\utilhlp
2008-08-19 00:20 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\AdmSrv
2008-08-19 00:20 . 2008-08-19 00:22 <DIR> d-------- C:\ProgramData\utilhlp
2008-08-19 00:20 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\AdmSrv
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-18 23:56 . 2008-08-19 00:18 <DIR> d-------- C:\Users\All Users\GenUiMon
2008-08-18 23:56 . 2008-08-21 04:15 <DIR> d-------- C:\Users\All Users\DbStr
2008-08-18 23:56 . 2008-08-19 00:18 <DIR> d-------- C:\ProgramData\GenUiMon
2008-08-18 23:56 . 2008-08-21 04:15 <DIR> d-------- C:\ProgramData\DbStr
2008-08-18 23:35 . 2008-08-18 23:36 <DIR> d-------- C:\Users\All Users\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 12:56 --------- d-----w C:\Program Files\Microsoft Games
2008-08-20 00:00 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-08-20 00:00 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-08-19 21:35 --------- d-----w C:\ProgramData\McAfee
2008-08-19 21:33 --------- d-----w C:\ProgramData\SiteAdvisor
2008-08-19 05:07 --------- d-----w C:\Program Files\Acer GameZone
2008-08-18 07:54 1,908 ----a-w C:\Windows\CLEANUP.CMD
2008-08-18 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-08-18 07:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-18 06:58 --------- d-----w C:\ProgramData\NVIDIA
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\ProgramData\AdmSrv ----


---- Directory of C:\ProgramData\ChkAct ----


---- Directory of C:\ProgramData\chkcomact ----


---- Directory of C:\ProgramData\comproc ----


---- Directory of C:\ProgramData\DbStr ----


---- Directory of C:\ProgramData\dscdb ----


---- Directory of C:\ProgramData\dscwinsmart ----


---- Directory of C:\ProgramData\GenUiMon ----


---- Directory of C:\ProgramData\mntapicmd ----


---- Directory of C:\ProgramData\MonCmdWin ----


---- Directory of C:\ProgramData\MonComApi ----


---- Directory of C:\ProgramData\msgchkwin ----


---- Directory of C:\ProgramData\msgcom ----


---- Directory of C:\ProgramData\srvmoncfg ----


---- Directory of C:\ProgramData\utilhlp ----


---- Directory of C:\ProgramData\WinWeb ----


---- Directory of C:\Users\All Users\AdmSrv ----


---- Directory of C:\Users\All Users\ChkAct ----


---- Directory of C:\Users\All Users\chkcomact ----


---- Directory of C:\Users\All Users\comproc ----


---- Directory of C:\Users\All Users\DbStr ----


---- Directory of C:\Users\All Users\dscdb ----


---- Directory of C:\Users\All Users\dscwinsmart ----


---- Directory of C:\Users\All Users\GenUiMon ----


---- Directory of C:\Users\All Users\mntapicmd ----


---- Directory of C:\Users\All Users\MonCmdWin ----


---- Directory of C:\Users\All Users\MonComApi ----


---- Directory of C:\Users\All Users\msgchkwin ----


---- Directory of C:\Users\All Users\msgcom ----


---- Directory of C:\Users\All Users\srvmoncfg ----


---- Directory of C:\Users\All Users\utilhlp ----


---- Directory of C:\Users\All Users\WinWeb ----



((((((((((((((((((((((((((((( snapshot@2008-09-02_21.47.03.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-03 00:15:50 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-09-03 14:31:13 8,192 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-09-03 00:15:47 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-09-03 14:31:15 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-09-03 00:15:46 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-09-03 14:31:22 720,896 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-09-03 00:15:46 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-09-03 14:31:15 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-09-03 00:15:50 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-09-03 14:31:20 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2008-09-03 00:15:50 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-09-03 14:31:19 303,104 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-09-03 00:15:47 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-09-03 14:31:21 1,294,336 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2008-09-03 00:15:47 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-09-03 14:31:14 1,703,936 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-09-03 00:15:47 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-09-03 14:31:22 90,112 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-09-03 00:15:48 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-09-03 14:31:19 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-09-03 00:15:48 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-09-03 14:31:16 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-09-03 00:15:48 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-09-03 14:31:16 66,560 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2008-09-03 00:15:48 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-09-03 14:31:20 372,736 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-09-03 00:15:48 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-09-03 14:31:22 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-09-03 00:15:48 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-09-03 14:31:19 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-09-03 00:15:49 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-09-03 14:31:16 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-09-03 00:15:49 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-09-03 14:31:18 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-09-03 00:15:49 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-09-03 14:31:21 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-09-03 00:15:50 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-09-03 14:31:12 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-09-03 00:15:49 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-09-03 14:31:16 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-09-03 00:15:49 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-09-03 14:31:14 573,440 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-09-03 00:15:49 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-09-03 14:31:21 1,257,472 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-09-03 00:15:49 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-09-03 14:31:17 2,052,096 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-09-03 00:15:49 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-09-03 14:31:20 1,339,392 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2008-09-03 00:15:48 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-03 14:31:22 1,224,704 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-09-03 14:31:27 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_550211f8\CustomMarshalers.dll
+ 2008-09-03 14:32:15 118,784 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_89baebe1\CustomMarshalers.dll
+ 2008-09-03 14:32:07 3,379,200 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6b7be062\mscorlib.dll
+ 2008-09-03 14:32:25 8,880,128 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8f6b0baa\mscorlib.dll
+ 2008-09-03 14:32:22 3,395,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3e792e89\System.Design.dll
+ 2008-09-03 14:31:44 1,466,368 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_bf61e584\System.Design.dll
+ 2008-09-03 14:31:28 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_86c5cf76\System.Drawing.Design.dll
+ 2008-09-03 14:32:17 192,512 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c8d32140\System.Drawing.Design.dll
+ 2008-09-03 14:32:23 2,244,608 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4a5553fc\System.Drawing.dll
+ 2008-09-03 14:31:55 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b95cb599\System.Drawing.dll
+ 2008-09-03 14:32:20 7,880,704 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8384e14f\System.Windows.Forms.dll
+ 2008-09-03 14:31:40 3,014,656 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_8431bf74\System.Windows.Forms.dll
+ 2008-09-03 14:31:43 2,088,960 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_390adaec\System.Xml.dll
+ 2008-09-03 14:32:21 5,505,024 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fdd9c3d9\System.Xml.dll
+ 2008-09-03 14:32:10 4,763,648 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_483be490\System.dll
+ 2008-09-03 14:31:26 1,953,792 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f2a889ac\System.dll
- 2003-02-21 02:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-15 08:49:16 258,048 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 02:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 08:49:18 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 02:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 08:49:26 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 02:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 08:49:22 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 02:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-15 07:32:22 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 17:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 18:23:28 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 17:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 18:23:44 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 02:06:20 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 07:24:30 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 21:30:14 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 14:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 21:31:00 8,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 14:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 21:31:04 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 02:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 07:35:30 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 14:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 21:28:58 720,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 14:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 21:28:56 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 14:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 21:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 14:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 21:28:50 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 02:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 07:32:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 02:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 07:32:46 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 02:06:32 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 07:25:06 315,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 02:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-15 07:33:04 102,400 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 14:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 21:29:02 2,138,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 02:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 07:33:22 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 02:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 07:33:24 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 02:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-15 07:26:52 2,510,848 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 02:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-15 07:28:34 2,502,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 23:20:00 106,496 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 02:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 07:34:50 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 14:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 21:28:48 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-21 02:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 07:35:04 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 14:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 21:32:00 1,294,336 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 14:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 21:31:14 303,104 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 14:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 21:29:02 1,703,936 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 14:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 21:28:54 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 14:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 21:31:16 1,224,704 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 14:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 21:28:58 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 14:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 21:28:56 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 02:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 07:35:12 66,560 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 14:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 21:31:58 372,736 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 14:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 21:31:12 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 14:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 21:28:58 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 14:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 21:31:54 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 14:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 21:28:52 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 14:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 21:28:54 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 14:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 21:29:00 1,257,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 14:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 21:28:58 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 14:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 21:28:52 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 14:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 21:31:16 573,440 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 14:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 21:32:02 2,052,096 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 14:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 21:29:00 1,339,392 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 20:51:38 53,248 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 17:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 18:23:20 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 12:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 15:15:14 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 03:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 09:11:56 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2008-09-03 14:25:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-03 14:25:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-03 04:42:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-03 14:27:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-03 14:27:28 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-03 04:43:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-03 14:27:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-03 14:27:22 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-03 04:39:56 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-03 04:49:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-03 04:39:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-03 04:49:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-03 04:39:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-03 04:49:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-03 04:28:44 109,474 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-03 14:31:01 105,078 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-03 04:28:44 608,710 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-03 14:31:01 595,748 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-03 04:27:23 7,200 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1565921426-3047039732-3707147988-1000_UserData.bin
+ 2008-09-03 14:27:50 7,502 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1565921426-3047039732-3707147988-1000_UserData.bin
- 2008-09-03 04:27:23 75,448 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 14:27:50 75,806 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-03 04:27:23 54,286 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 14:27:48 55,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"\VIE64AB.exe"="C:\Windows\System32\VIE64AB.exe" [2008-09-01 29184]
"\VIE6306.exe"="C:\Windows\System32\VIE6306.exe" [2008-09-01 28160]
"\VIE693D.exe"="C:\Windows\System32\VIE693D.exe" [2008-09-01 28160]
"MonStrChk"="C:\Windows\system32\hadkdwzm.exe" [2008-09-03 86016]
"\VIEF862.exe"="C:\Windows\System32\VIEF862.exe" [2008-09-01 29184]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2008-05-06 196128]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-14 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"\VIE64AB.exe"="C:\Windows\System32\VIE64AB.exe" [2008-09-01 29184]
"\VIE6306.exe"="C:\Windows\System32\VIE6306.exe" [2008-09-01 28160]
"\VIE693D.exe"="C:\Windows\System32\VIE693D.exe" [2008-09-01 28160]
"\VIEF862.exe"="C:\Windows\System32\VIEF862.exe" [2008-09-01 29184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MsgUtil"= {4DB75B2D-DBA1-3EE0-DABA-041A755BC4B2} - C:\Program Files\zbtzmdb\MsgUtil.dll [2008-09-03 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{32C14809-E5AC-4CD1-9E7A-EC8CCFFC87F8}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{B0E533A6-85D9-45BF-8B0D-18949D2D1B67}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{CE3F4E9B-D427-4C2A-BDFD-A928AE8A5FE1}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2C433DAA-1D38-411B-84CA-B93F59A425F7}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{1A9BC495-426C-45E5-A6F5-653D0884BBEB}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2053B656-5265-4180-9670-A7C6CF9E1CDB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B744ECB9-933A-4748-A222-60234CDB9BD7}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3A5CE14E-A820-4EBE-BF93-662EA4E45A05}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{35D997C2-5515-450F-8BEC-8068B64F8489}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{F7B4024B-5C88-4CEA-ADC1-ACAB56F5CDEF}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{4A960BCE-ACF1-49F0-9906-A99661028900}C:\\program files\\sierra\\fear\\fearserver.exe"= UDP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"UDP Query User{ADC0EEB1-EAF1-45DB-8B0E-BFAC75F10049}C:\\program files\\sierra\\fear\\fearserver.exe"= TCP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"TCP Query User{FD875219-A417-4AED-A55B-9F2D10224AE1}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{9FF5877E-A931-46CD-BF8B-C34EBEFBAB7A}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{8F8A8B9E-0696-4055-B1F7-E488D1FBC060}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A5FA40E3-8A07-45FB-9420-F78EBE8C5EF9}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{872C824B-2414-4B0F-B167-34F029638338}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"{13835EFA-AC2F-4405-9053-BE9DA9A568D9}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{54B9B6E3-3589-4F73-9783-C86CA22BFDBC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D716586D-11E6-415B-AB83-48596E27E165}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{2C0FD4CD-E93B-41A0-9925-84F866B1A19B}"= UDP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable
"{B5501CE6-B90F-4B86-8965-D42A0904941E}"= TCP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Combat Arms\\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Program Files\\Combat Arms\\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2008-05-06 132128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-19 96520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 231192]
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 3514368]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-19 69128]
R3 bdfm;BDFM;C:\Windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
S2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee6e65d-6cf2-11dd-9cb8-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-enweb - C:\Windows\system32\ifodytyz.exe
HKCU-Run-\VIEB94.exe - C:\Windows\System32\VIEB94.exe
HKCU-Run-\VIEBD2.exe - C:\Windows\System32\VIEBD2.exe
HKCU-Run-\VIE1100.exe - C:\Windows\System32\VIE1100.exe
HKCU-Run-\VIE361C.exe - C:\Windows\System32\VIE361C.exe
HKCU-Run-\VIE3699.exe - C:\Windows\System32\VIE3699.exe
HKCU-Run-\VIE3938.exe - C:\Windows\System32\VIE3938.exe
HKLM-Run-\VIEB94.exe - C:\Windows\System32\VIEB94.exe
HKLM-Run-\VIEBD2.exe - C:\Windows\System32\VIEBD2.exe
HKLM-Run-\VIE1100.exe - C:\Windows\System32\VIE1100.exe
HKLM-Run-\VIE361C.exe - C:\Windows\System32\VIE361C.exe
HKLM-Run-\VIE3699.exe - C:\Windows\System32\VIE3699.exe
HKLM-Run-\VIE3938.exe - C:\Windows\System32\VIE3938.exe
HKLM-Explorer_Run-GMjjswgBGk - C:\ProgramData\ahgpifan\gzsnazgj.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 07:41:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIEB94.exe"="C:\\Windows\\System32\\VIEB94.exe"
"\\VIEBD2.exe"="C:\\Windows\\System32\\VIEBD2.exe"
"\\VIE1100.exe"="C:\\Windows\\System32\\VIE1100.exe"
"\\VIE361C.exe"="C:\\Windows\\System32\\VIE361C.exe"
"\\VIE3699.exe"="C:\\Windows\\System32\\VIE3699.exe"
"\\VIE3938.exe"="C:\\Windows\\System32\\VIE3938.exe"
"\\VIE64AB.exe"="C:\\Windows\\System32\\VIE64AB.exe"
"\\VIE6306.exe"="C:\\Windows\\System32\\VIE6306.exe"
"\\VIE693D.exe"="C:\\Windows\\System32\\VIE693D.exe"
"\\VIEF862.exe"="C:\\Windows\\System32\\VIEF862.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIEB94.exe"="C:\\Windows\\System32\\VIEB94.exe"
"\\VIEBD2.exe"="C:\\Windows\\System32\\VIEBD2.exe"
"\\VIE1100.exe"="C:\\Windows\\System32\\VIE1100.exe"
"\\VIE361C.exe"="C:\\Windows\\System32\\VIE361C.exe"
"\\VIE3699.exe"="C:\\Windows\\System32\\VIE3699.exe"
"\\VIE3938.exe"="C:\\Windows\\System32\\VIE3938.exe"
"\\VIE64AB.exe"="C:\\Windows\\System32\\VIE64AB.exe"
"\\VIE6306.exe"="C:\\Windows\\System32\\VIE6306.exe"
"\\VIE693D.exe"="C:\\Windows\\System32\\VIE693D.exe"
"\\VIEF862.exe"="C:\\Windows\\System32\\VIEF862.exe"
.
Completion time: 2008-09-03 7:43:36
ComboFix-quarantined-files.txt 2008-09-03 14:43:32
ComboFix2.txt 2008-09-03 04:49:27

Pre-Run: 23,388,786,688 bytes free
Post-Run: 23,383,351,296 bytes free

599 --- E O F --- 2008-09-03 14:31:25




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:55 AM, on 03/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [\VIE64AB.exe] C:\Windows\System32\VIE64AB.exe
O4 - HKLM\..\Run: [\VIE6306.exe] C:\Windows\System32\VIE6306.exe
O4 - HKLM\..\Run: [\VIE693D.exe] C:\Windows\System32\VIE693D.exe
O4 - HKLM\..\Run: [\VIEF862.exe] C:\Windows\System32\VIEF862.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\VIE64AB.exe] C:\Windows\System32\VIE64AB.exe
O4 - HKCU\..\Run: [\VIE6306.exe] C:\Windows\System32\VIE6306.exe
O4 - HKCU\..\Run: [\VIE693D.exe] C:\Windows\System32\VIE693D.exe
O4 - HKCU\..\Run: [MonStrChk] C:\Windows\system32\hadkdwzm.exe
O4 - HKCU\..\Run: [\VIEF862.exe] C:\Windows\System32\VIEF862.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: MsgUtil - {4DB75B2D-DBA1-3EE0-DABA-041A755BC4B2} - C:\Program Files\zbtzmdb\MsgUtil.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8948 bytes

Edited by enticle, 03 September 2008 - 10:18 AM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 03 September 2008 - 12:25 PM

It is very important to uninstall one of the Anti-Virus programs you haqve running.
I recommend keeping AVG.

Please do so before proceeding.

========================
After uninstalling one of the antivirus programs do the following:

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\Windows\System32\hadkdwzm.exe
C:\Windows\System32\VIEF862.exe
C:\Windows\System32\VIE64AB.exe
C:\Windows\System32\VIE693D.exe
C:\Windows\System32\VIE6306.exe
C:\Windows\System32\VIEB94.exe
C:\Windows\System32\VIEBD2.exe
C:\Windows\System32\VIE1100.exe
C:\Windows\System32\VIE361C.exe
C:\Windows\System32\VIE3699.exe
C:\Windows\System32\VIE3938.exe
C:\Windows\System32\VIE64AB.exe
C:\Windows\System32\VIE6306.exe
C:\Windows\System32\VIE693D.exe
C:\Windows\System32\VIEF862.exe

Folder::
C:\Program Files\zbtzmdb
C:\Users\All Users\msgchkwin
C:\ProgramData\msgchkwin
C:\Users\All Users\ChkAct
C:\ProgramData\ChkAct
C:\Users\All Users\WinWeb
C:\Users\All Users\comproc
C:\ProgramData\WinWeb
C:\ProgramData\comproc
C:\Users\All Users\MonCmdWin
C:\Users\All Users\dscwinsmart
C:\ProgramData\MonCmdWin
C:\ProgramData\dscwinsmart
C:\Users\All Users\MonComApi
C:\Users\All Users\chkcomact
C:\ProgramData\MonComApi
C:\ProgramData\chkcomact
C:\Users\All Users\srvmoncfg
C:\Users\All Users\dscdb
C:\ProgramData\srvmoncfg
C:\ProgramData\dscdb
C:\Users\All Users\msgcom
C:\Users\All Users\mntapicmd
C:\ProgramData\msgcom
C:\ProgramData\mntapicmd
C:\Users\All Users\utilhlp
C:\Users\All Users\AdmSrv
C:\ProgramData\utilhlp
C:\ProgramData\AdmSrv
C:\Users\All Users\GenUiMon
C:\Users\All Users\DbStr
C:\ProgramData\GenUiMon
C:\ProgramData\DbStr


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE64AB.exe"=-
"\VIE6306.exe"=-
"\VIE693D.exe"=-
"MonStrChk"=-
"\VIEF862.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE64AB.exe"=-
"\VIE6306.exe"=-
"\VIE693D.exe"=-
"\VIEF862.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MsgUtil"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIEB94.exe"=-
"\\VIEBD2.exe"=-
"\\VIE1100.exe"=-
"\\VIE361C.exe"=-
"\\VIE3699.exe"=-
"\\VIE3938.exe"=-
"\\VIE64AB.exe"=-
"\\VIE6306.exe"=-
"\\VIE693D.exe"=-
"\\VIEF862.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIEB94.exe"=-
"\\VIEBD2.exe"=-
"\\VIE1100.exe"=-
"\\VIE361C.exe"=-
"\\VIE3699.exe"=-
"\\VIE3938.exe"=-
"\\VIE64AB.exe"=-
"\\VIE6306.exe"=-
"\\VIE693D.exe"=-
"\\VIEF862.exe"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by kahdah, 03 September 2008 - 12:25 PM.
bb code

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 03 September 2008 - 01:46 PM

Can you please tell me what the other anti virus program is? I have so much anti everything I'm not sure what is what now.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 03 September 2008 - 02:26 PM

You have Bit Defender and AVG 8.0 running uninstall one or the other thanks. :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 03 September 2008 - 03:07 PM

Ok thanks, I got rid of bit defender. Now most of the problem seems to be gone, I just have the VIE****.exe processes running now which causes just 1 popup telling me I need to buy there product and creating icons on my desktop. I can close them and use my computer normally since they don't come back until I restart, but that doesn't make them gone. :thumbsup: Thanks for the help so far :)

ComboFix 08-09-01.04 - Doug 2008-09-03 12:52:00.3 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.2326 [GMT -7:00]
Running from: C:\Users\Doug\Desktop\ComboFix.exe
Command switches used :: C:\Users\Doug\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\zbtzmdb
C:\Program Files\zbtzmdb\MsgUtil.dll
C:\ProgramData\AdmSrv
C:\ProgramData\ChkAct
C:\ProgramData\chkcomact
C:\ProgramData\comproc
C:\ProgramData\DbStr
C:\ProgramData\dscdb
C:\ProgramData\dscwinsmart
C:\ProgramData\GenUiMon
C:\ProgramData\mntapicmd
C:\ProgramData\MonCmdWin
C:\ProgramData\MonComApi
C:\ProgramData\msgchkwin
C:\ProgramData\msgcom
C:\ProgramData\srvmoncfg
C:\ProgramData\utilhlp
C:\ProgramData\WinWeb
C:\Windows\System32\hadkdwzm.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-09-03 13:01 . 2008-09-01 10:41 29,184 --a------ C:\Windows\System32\VIE7E43.exe
2008-09-03 13:01 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE80D2.exe
2008-09-03 13:01 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE7E14.exe
2008-09-03 12:51 . 2008-09-03 12:51 <DIR> d-------- C:\327882R2FWJFW
2008-09-03 12:46 . 2008-09-01 10:41 29,184 --a------ C:\Windows\System32\VIE737A.exe
2008-09-03 12:46 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE7686.exe
2008-09-03 12:46 . 2008-09-01 10:41 28,160 --a------ C:\Windows\System32\VIE7280.exe
2008-09-02 21:42 . 2008-09-03 07:57 258,863,286 --a------ C:\Windows\MEMORY.DMP
2008-09-02 17:39 . 2008-09-02 17:39 <DIR> d-------- C:\rsit
2008-09-02 17:20 . 2008-09-02 17:20 850 --a------ C:\Windows\System32\ProductTweaks.xml
2008-09-02 17:20 . 2008-09-02 17:20 385 --a------ C:\Windows\System32\user_gensett.xml
2008-09-02 17:17 . 2008-09-02 17:17 <DIR> d-------- C:\Windows\System32\logs
2008-09-02 17:16 . 2008-09-03 12:43 <DIR> d-------- C:\Program Files\BitDefender
2008-09-02 17:15 . 2008-09-02 17:15 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-09-02 17:04 . 2008-09-03 12:43 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-02 16:58 . 2008-09-02 16:58 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-02 16:35 . 2008-09-02 16:35 <DIR> d-------- C:\Program Files\CCleaner
2008-09-02 16:35 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\1.ico
2008-09-02 16:32 . 2008-08-28 15:57 3,262 --a------ C:\Windows\System32\2.ico
2008-09-02 15:16 . 2008-09-02 15:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 12:36 . 2008-09-03 07:26 <DIR> d-------- C:\Program Files\MSA
2008-08-28 04:37 . 2008-08-28 04:37 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-08-28 04:37 . 2008-09-01 06:02 24 --a------ C:\Users\Doug\jagex_runescape_preferences.dat
2008-08-28 04:36 . 2008-08-28 04:36 <DIR> d-------- C:\Windows\Sun
2008-08-28 04:35 . 2008-08-28 04:36 <DIR> d-------- C:\Program Files\Java
2008-08-28 04:35 . 2008-08-28 04:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-27 14:03 . 2008-08-27 14:03 42,320 --a------ C:\Windows\System32\xfcodec.dll
2008-08-27 08:28 . 2008-08-27 08:28 <DIR> d-------- C:\Program Files\ffdshow
2008-08-27 08:28 . 2008-06-08 23:58 60,273 --a------ C:\Windows\System32\pthreadGC2.dll
2008-08-27 08:28 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-08-27 08:28 . 2008-06-12 20:37 6,144 --a------ C:\Windows\System32\ff_acm.acm
2008-08-27 08:28 . 2007-07-10 18:10 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-08-27 03:55 . 2008-07-18 22:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-27 03:55 . 2008-07-18 20:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-27 03:55 . 2008-07-18 22:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-27 03:55 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-27 03:55 . 2008-07-18 20:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-27 03:55 . 2008-07-18 22:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-27 03:55 . 2008-07-18 22:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-27 03:55 . 2008-07-18 22:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-27 03:55 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 01:41 . 2008-09-01 08:58 23 --a------ C:\Windows\BlendSettings.ini
2008-08-25 01:33 . 2008-08-25 01:33 <DIR> d-------- C:\Program Files\Folding@Home #01
2008-08-25 00:53 . 2008-08-25 00:53 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-08-24 19:42 . 2008-08-24 19:42 <DIR> d--h----- C:\Windows\PIF
2008-08-24 00:34 . 2008-08-24 00:11 51,472 --a------ C:\Windows\System32\imagecfg.exe
2008-08-23 22:41 . 2008-08-24 23:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Sony
2008-08-23 22:41 . 2008-08-23 22:41 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Publish Providers
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\Users\All Users\Sony
2008-08-23 22:36 . 2008-08-23 22:36 <DIR> d-------- C:\ProgramData\Sony
2008-08-23 22:17 . 2008-08-23 22:35 <DIR> d-------- C:\Program Files\Sony
2008-08-23 22:16 . 2008-08-23 22:16 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-23 14:09 . 2008-08-23 14:10 <DIR> d-------- C:\Program Files\Colin Mcrae DiRT
2008-08-22 21:54 . 2008-08-22 22:01 <DIR> d-------- C:\Program Files\GTR2
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\Users\All Users\NexonUS
2008-08-21 14:56 . 2008-08-21 15:20 <DIR> d-------- C:\ProgramData\NexonUS
2008-08-21 14:56 . 2008-08-21 15:19 <DIR> d-------- C:\Program Files\Combat Arms
2008-08-20 16:00 . 2008-08-20 16:02 <DIR> d-------- C:\Users\Doug\AppData\Roaming\GetRightToGo
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-08-20 15:41 . 2008-08-30 11:06 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\UltraISO
2008-08-20 15:07 . 2008-08-20 15:07 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\Users\All Users\HlpMntAct
2008-08-20 14:36 . 2008-08-20 14:36 <DIR> d-------- C:\ProgramData\HlpMntAct
2008-08-20 00:58 . 2008-08-20 00:59 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Winamp
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\Users\All Users\Codemasters
2008-08-19 17:01 . 2008-08-20 15:03 <DIR> d-------- C:\ProgramData\Codemasters
2008-08-19 17:00 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A28.tmp
2008-08-19 16:59 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1A27.tmp
2008-08-19 14:29 . 2008-09-03 12:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-19 14:23 . 2008-09-02 16:46 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\Users\All Users\avg8
2008-08-19 14:23 . 2008-08-23 20:44 <DIR> d-------- C:\ProgramData\avg8
2008-08-19 14:23 . 2008-08-19 14:23 <DIR> d-------- C:\Program Files\AVG
2008-08-19 14:23 . 2008-08-19 14:23 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-19 14:23 . 2008-08-19 14:23 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-19 14:23 . 2008-08-19 14:23 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-19 02:19 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4E4.tmp
2008-08-19 02:17 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpE4C3.tmp
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-19 00:34 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-19 00:34 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-18 23:58 . 2008-08-18 23:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-18 23:35 . 2008-08-18 23:36 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-18 23:35 . 2008-08-18 23:36 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-18 23:35 . 2008-08-18 23:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-18 23:17 . 2008-09-02 12:51 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-18 23:17 . 2008-09-02 12:51 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-18 23:17 . 2008-09-02 12:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 20:35 . 2008-08-18 20:35 <DIR> d-------- C:\Program Files\OpenAL
2008-08-18 20:34 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmpC71C.tmp
2008-08-18 20:24 . 2008-09-03 07:36 <DIR> d-------- C:\Users\All Users\ahgpifan
2008-08-18 20:24 . 2008-09-03 07:36 <DIR> d-------- C:\ProgramData\ahgpifan
2008-08-18 16:26 . 2008-08-25 02:44 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Ventrilo
2008-08-18 14:47 . 2008-08-18 14:51 9,573 --a------ C:\Windows\System32\pbgame.htm
2008-08-18 14:47 . 2008-08-18 14:47 39 --a------ C:\Windows\System32\pbuser.htm
2008-08-18 14:03 . 2008-08-18 14:03 98,304 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-18 13:50 . 2008-09-03 08:56 162,008 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-18 13:50 . 2008-09-03 08:56 111,928 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-18 12:34 . 2008-08-18 12:34 <DIR> d-------- C:\EGIS_Drive
2008-08-18 12:31 . 2008-09-02 15:43 <DIR> d-------- C:\Users\Doug\AppData\Roaming\Xfire
2008-08-18 12:31 . 2008-09-02 16:28 <DIR> d-------- C:\Users\All Users\Xfire
2008-08-18 12:31 . 2008-09-02 16:28 <DIR> d-------- C:\ProgramData\Xfire
2008-08-18 12:31 . 2008-09-02 16:28 <DIR> d-------- C:\Program Files\Xfire
2008-08-18 12:31 . 2008-08-18 12:31 <DIR> d-------- C:\Program Files\Ventrilo
2008-08-18 12:30 . 2008-08-18 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 12:27 . 2008-08-20 00:59 <DIR> d-------- C:\Program Files\Winamp
2008-08-18 12:27 . 2007-03-07 16:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-08-18 12:23 . 2008-08-30 10:53 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-18 12:23 . 2008-08-30 10:53 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-18 12:23 . 2008-08-25 04:02 <DIR> d-------- C:\Program Files\Fraps
2008-08-18 12:15 . 2008-08-19 14:58 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-08-18 12:00 . 2008-08-18 12:00 <DIR> d-------- C:\Program Files\Sierra
2008-08-18 11:52 . 2008-08-18 11:52 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-18 11:43 . 2008-08-18 11:44 <DIR> d-------- C:\Program Files\Directx
2008-08-18 11:32 . 2008-08-18 11:32 <DIR> d-------- C:\Users\Doug\AppData\Roaming\InstallShield
2008-08-18 11:32 . 2008-09-01 17:06 <DIR> d-------- C:\Program Files\WarRock
2008-08-18 00:58 . 2008-08-18 14:30 <DIR> d-------- C:\Program Files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 12:56 --------- d-----w C:\Program Files\Microsoft Games
2008-08-19 21:35 --------- d-----w C:\ProgramData\McAfee
2008-08-19 21:33 --------- d-----w C:\ProgramData\SiteAdvisor
2008-08-19 05:07 --------- d-----w C:\Program Files\Acer GameZone
2008-08-18 07:54 1,908 ----a-w C:\Windows\CLEANUP.CMD
2008-08-18 07:31 --------- d-----w C:\Program Files\Windows Mail
2008-08-18 07:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-18 06:58 --------- d-----w C:\ProgramData\NVIDIA
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-09-03_ 7.42.26.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-03 14:27:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-03 20:01:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-03 20:01:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-09-03 14:27:22 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-03 20:01:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-03 20:01:00 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-03 04:49:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-03 19:50:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-03 04:49:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-03 19:50:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-03 04:49:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-03 19:50:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-03 14:31:01 105,078 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-03 19:51:08 109,474 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-03 14:31:01 595,748 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-03 19:51:08 608,710 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-03 14:27:50 7,502 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1565921426-3047039732-3707147988-1000_UserData.bin
+ 2008-09-03 19:48:17 7,674 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1565921426-3047039732-3707147988-1000_UserData.bin
- 2008-09-03 14:27:50 75,806 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 19:48:17 77,058 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-03 14:27:48 55,026 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-03 19:48:16 55,780 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 23:38 121392 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"\VIE737A.exe"="C:\Windows\System32\VIE737A.exe" [2008-09-01 29184]
"\VIE7280.exe"="C:\Windows\System32\VIE7280.exe" [2008-09-01 28160]
"\VIE7686.exe"="C:\Windows\System32\VIE7686.exe" [2008-09-01 28160]
"\VIE7E14.exe"="C:\Windows\System32\VIE7E14.exe" [2008-09-01 28160]
"\VIE7E43.exe"="C:\Windows\System32\VIE7E43.exe" [2008-09-01 29184]
"\VIE80D2.exe"="C:\Windows\System32\VIE80D2.exe" [2008-09-01 28160]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2008-05-06 196128]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"\VIE737A.exe"="C:\Windows\System32\VIE737A.exe" [2008-09-01 29184]
"\VIE7280.exe"="C:\Windows\System32\VIE7280.exe" [2008-09-01 28160]
"\VIE7686.exe"="C:\Windows\System32\VIE7686.exe" [2008-09-01 28160]
"\VIE7E14.exe"="C:\Windows\System32\VIE7E14.exe" [2008-09-01 28160]
"\VIE7E43.exe"="C:\Windows\System32\VIE7E43.exe" [2008-09-01 29184]
"\VIE80D2.exe"="C:\Windows\System32\VIE80D2.exe" [2008-09-01 28160]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-03-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{479ECCE8-031F-4BCF-B7EB-31702685CE3A}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{8E5AC746-02CF-4513-9F72-04A74B446FFC}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{92E72A5C-B72B-4379-94AE-F07E353CAB52}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{39863CA9-3184-4F99-9510-39E313EE846B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{94063567-A94D-492C-A5FE-C8A914B9B6F4}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{6A4CAF56-9623-4AFA-854B-D47483B10A3B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{A95B326A-DD98-4550-8653-CE41D482B8FA}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{70441C18-3E53-4EFF-B676-D2C732DCB557}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{32C14809-E5AC-4CD1-9E7A-EC8CCFFC87F8}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{B0E533A6-85D9-45BF-8B0D-18949D2D1B67}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{CE3F4E9B-D427-4C2A-BDFD-A928AE8A5FE1}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2C433DAA-1D38-411B-84CA-B93F59A425F7}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{1A9BC495-426C-45E5-A6F5-653D0884BBEB}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{2053B656-5265-4180-9670-A7C6CF9E1CDB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B744ECB9-933A-4748-A222-60234CDB9BD7}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{3A5CE14E-A820-4EBE-BF93-662EA4E45A05}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{35D997C2-5515-450F-8BEC-8068B64F8489}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{F7B4024B-5C88-4CEA-ADC1-ACAB56F5CDEF}C:\\downloads\\ghjgjh\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\ghjgjh\tdu\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{4A960BCE-ACF1-49F0-9906-A99661028900}C:\\program files\\sierra\\fear\\fearserver.exe"= UDP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"UDP Query User{ADC0EEB1-EAF1-45DB-8B0E-BFAC75F10049}C:\\program files\\sierra\\fear\\fearserver.exe"= TCP:C:\program files\sierra\fear\fearserver.exe:F.E.A.R. Stand-Alone Server
"TCP Query User{FD875219-A417-4AED-A55B-9F2D10224AE1}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= UDP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{9FF5877E-A931-46CD-BF8B-C34EBEFBAB7A}C:\\downloads\\tdu dont delete\\tdu\\testdriveunlimited.exe"= TCP:C:\downloads\tdu dont delete\tdu\testdriveunlimited.exe:Test Drive Unlimited
"{8F8A8B9E-0696-4055-B1F7-E488D1FBC060}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{A5FA40E3-8A07-45FB-9420-F78EBE8C5EF9}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{872C824B-2414-4B0F-B167-34F029638338}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"{13835EFA-AC2F-4405-9053-BE9DA9A568D9}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{54B9B6E3-3589-4F73-9783-C86CA22BFDBC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D716586D-11E6-415B-AB83-48596E27E165}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{2C0FD4CD-E93B-41A0-9925-84F866B1A19B}"= UDP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable
"{B5501CE6-B90F-4B86-8965-D42A0904941E}"= TCP:C:\Users\Doug\AppData\Local\Temp\.tt5D6D.tmp:enable

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"C:\\Program Files\\Combat Arms\\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Program Files\\Combat Arms\\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2008-05-06 132128]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-19 96520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 873752]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 231192]
R2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 3514368]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-19 69128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
S2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee6e65d-6cf2-11dd-9cb8-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\setup.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\VIE8535.exe - C:\Windows\System32\VIE8535.exe
HKCU-Run-\VIE846B.exe - C:\Windows\System32\VIE846B.exe
HKCU-Run-\VIE87E4.exe - C:\Windows\System32\VIE87E4.exe
HKCU-Run-\VIE643E.exe - C:\Windows\System32\VIE643E.exe
HKCU-Run-\VIE6556.exe - C:\Windows\System32\VIE6556.exe
HKCU-Run-\VIE6759.exe - C:\Windows\System32\VIE6759.exe
HKLM-Run-\VIE8535.exe - C:\Windows\System32\VIE8535.exe
HKLM-Run-\VIE846B.exe - C:\Windows\System32\VIE846B.exe
HKLM-Run-\VIE87E4.exe - C:\Windows\System32\VIE87E4.exe
HKLM-Run-\VIE643E.exe - C:\Windows\System32\VIE643E.exe
HKLM-Run-\VIE6556.exe - C:\Windows\System32\VIE6556.exe
HKLM-Run-\VIE6759.exe - C:\Windows\System32\VIE6759.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 13:01:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIE8535.exe"="C:\\Windows\\System32\\VIE8535.exe"
"\\VIE846B.exe"="C:\\Windows\\System32\\VIE846B.exe"
"\\VIE87E4.exe"="C:\\Windows\\System32\\VIE87E4.exe"
"\\VIE643E.exe"="C:\\Windows\\System32\\VIE643E.exe"
"\\VIE6556.exe"="C:\\Windows\\System32\\VIE6556.exe"
"\\VIE6759.exe"="C:\\Windows\\System32\\VIE6759.exe"
"\\VIE737A.exe"="C:\\Windows\\System32\\VIE737A.exe"
"\\VIE7280.exe"="C:\\Windows\\System32\\VIE7280.exe"
"\\VIE7686.exe"="C:\\Windows\\System32\\VIE7686.exe"
"\\VIE7E14.exe"="C:\\Windows\\System32\\VIE7E14.exe"
"\\VIE7E43.exe"="C:\\Windows\\System32\\VIE7E43.exe"
"\\VIE80D2.exe"="C:\\Windows\\System32\\VIE80D2.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIE8535.exe"="C:\\Windows\\System32\\VIE8535.exe"
"\\VIE846B.exe"="C:\\Windows\\System32\\VIE846B.exe"
"\\VIE87E4.exe"="C:\\Windows\\System32\\VIE87E4.exe"
"\\VIE643E.exe"="C:\\Windows\\System32\\VIE643E.exe"
"\\VIE6556.exe"="C:\\Windows\\System32\\VIE6556.exe"
"\\VIE6759.exe"="C:\\Windows\\System32\\VIE6759.exe"
"\\VIE737A.exe"="C:\\Windows\\System32\\VIE737A.exe"
"\\VIE7280.exe"="C:\\Windows\\System32\\VIE7280.exe"
"\\VIE7686.exe"="C:\\Windows\\System32\\VIE7686.exe"
"\\VIE7E14.exe"="C:\\Windows\\System32\\VIE7E14.exe"
"\\VIE7E43.exe"="C:\\Windows\\System32\\VIE7E43.exe"
"\\VIE80D2.exe"="C:\\Windows\\System32\\VIE80D2.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FahCore_82.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-09-03 13:05:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 20:05:22
ComboFix2.txt 2008-09-03 14:43:39
ComboFix3.txt 2008-09-03 04:49:27

Pre-Run: 26,331,353,088 bytes free
Post-Run: 26,067,763,200 bytes free

402 --- E O F --- 2008-09-03 14:31:25



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:04 PM, on 03/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\VIE737A.exe
C:\Windows\System32\VIE7280.exe
C:\Windows\System32\VIE7686.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKLM\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKLM\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKLM\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKLM\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKLM\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKCU\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKCU\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKCU\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKCU\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKCU\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8094 bytes

Edited by enticle, 03 September 2008 - 03:12 PM.


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 03 September 2008 - 07:30 PM

Hi are you familiar with this file > O4 - Global Startup: ASETRES.EXE?
-----------------------
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\System32\1.ico
    C:\Windows\System32\2.ico
    C:\Windows\System32\tmp1A28.tmp
    C:\Windows\System32\tmp1A27.tmp
    C:\Windows\System32\tmpC71C.tmp
    C:\Users\All Users\ahgpifan
    C:\ProgramData\ahgpifan
    C:\Windows\System32\VIE737A.exe
    C:\Windows\System32\VIE7280.exe
    C:\Windows\System32\VIE7686.exe
    C:\Windows\System32\VIE7E14.exe
    C:\Windows\System32\VIE7E43.exe
    C:\Windows\System32\VIE80D2.exe
    C:\Windows\System32\VIE737A.exe
    C:\Windows\System32\VIE7280.exe
    C:\Windows\System32\VIE7686.exe
    C:\Windows\System32\VIE7E14.exe
    C:\Windows\System32\VIE7E43.exe
    C:\Windows\System32\VIE80D2.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe
    C:\\Windows\\System32\\VIE8535.exe
    C:\\Windows\\System32\\VIE846B.exe
    C:\\Windows\\System32\\VIE87E4.exe
    C:\\Windows\\System32\\VIE643E.exe
    C:\\Windows\\System32\\VIE6556.exe
    C:\\Windows\\System32\\VIE6759.exe
    C:\\Windows\\System32\\VIE737A.exe
    C:\\Windows\\System32\\VIE7280.exe
    C:\\Windows\\System32\\VIE7686.exe
    C:\\Windows\\System32\\VIE7E14.exe
    C:\\Windows\\System32\\VIE7E43.exe
    C:\\Windows\\System32\\VIE80D2.exe
    C:\\Windows\\System32\\VIE8535.exe
    C:\\Windows\\System32\\VIE846B.exe
    C:\\Windows\\System32\\VIE87E4.exe
    C:\\Windows\\System32\\VIE643E.exe
    C:\\Windows\\System32\\VIE6556.exe
    C:\\Windows\\System32\\VIE6759.exe
    C:\\Windows\\System32\\VIE737A.exe
    C:\\Windows\\System32\\VIE7280.exe
    C:\\Windows\\System32\\VIE7686.exe
    C:\\Windows\\System32\\VIE7E14.exe
    C:\\Windows\\System32\\VIE7E43.exe
    C:\\Windows\\System32\\VIE80D2.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==================
Post that log and a new Rsit log please and we will go from there.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 03 September 2008 - 11:23 PM

Ok I rebooted my computer and I'm getting no problems like before. I also checked my processes and I have nothing weird starting up in there. I think you fixed it!!! This is so awesome, thanks so much. :thumbsup:

C:\Windows\System32\1.ico moved successfully.
C:\Windows\System32\2.ico moved successfully.
C:\Windows\System32\tmp1A28.tmp moved successfully.
C:\Windows\System32\tmp1A27.tmp moved successfully.
C:\Windows\System32\tmpC71C.tmp moved successfully.
C:\Users\All Users\ahgpifan moved successfully.
File/Folder C:\ProgramData\ahgpifan not found.
C:\Windows\System32\VIE737A.exe moved successfully.
C:\Windows\System32\VIE7280.exe moved successfully.
C:\Windows\System32\VIE7686.exe moved successfully.
C:\Windows\System32\VIE7E14.exe moved successfully.
C:\Windows\System32\VIE7E43.exe moved successfully.
C:\Windows\System32\VIE80D2.exe moved successfully.
File/Folder C:\Windows\System32\VIE737A.exe not found.
File/Folder C:\Windows\System32\VIE7280.exe not found.
File/Folder C:\Windows\System32\VIE7686.exe not found.
File/Folder C:\Windows\System32\VIE7E14.exe not found.
File/Folder C:\Windows\System32\VIE7E43.exe not found.
File/Folder C:\Windows\System32\VIE80D2.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE737A.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7280.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7686.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E14.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE7E43.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\VIE80D2.exe not found.
File/Folder C:\\Windows\\System32\\VIE8535.exe not found.
File/Folder C:\\Windows\\System32\\VIE846B.exe not found.
File/Folder C:\\Windows\\System32\\VIE87E4.exe not found.
File/Folder C:\\Windows\\System32\\VIE643E.exe not found.
File/Folder C:\\Windows\\System32\\VIE6556.exe not found.
File/Folder C:\\Windows\\System32\\VIE6759.exe not found.
File/Folder C:\\Windows\\System32\\VIE737A.exe not found.
File/Folder C:\\Windows\\System32\\VIE7280.exe not found.
File/Folder C:\\Windows\\System32\\VIE7686.exe not found.
File/Folder C:\\Windows\\System32\\VIE7E14.exe not found.
File/Folder C:\\Windows\\System32\\VIE7E43.exe not found.
File/Folder C:\\Windows\\System32\\VIE80D2.exe not found.
File/Folder C:\\Windows\\System32\\VIE8535.exe not found.
File/Folder C:\\Windows\\System32\\VIE846B.exe not found.
File/Folder C:\\Windows\\System32\\VIE87E4.exe not found.
File/Folder C:\\Windows\\System32\\VIE643E.exe not found.
File/Folder C:\\Windows\\System32\\VIE6556.exe not found.
File/Folder C:\\Windows\\System32\\VIE6759.exe not found.
File/Folder C:\\Windows\\System32\\VIE737A.exe not found.
File/Folder C:\\Windows\\System32\\VIE7280.exe not found.
File/Folder C:\\Windows\\System32\\VIE7686.exe not found.
File/Folder C:\\Windows\\System32\\VIE7E14.exe not found.
File/Folder C:\\Windows\\System32\\VIE7E43.exe not found.
File/Folder C:\\Windows\\System32\\VIE80D2.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE8535.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE846B.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE87E4.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE643E.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6556.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE6759.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE737A.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7280.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7686.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E14.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE7E43.exe not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\VIE80D2.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09032008_212206




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:44 PM, on 03/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKLM\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKLM\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKLM\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKLM\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKLM\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKCU\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKCU\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKCU\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKCU\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKCU\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8557 bytes

Edited by enticle, 03 September 2008 - 11:28 PM.


#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:46 AM

Posted 04 September 2008 - 04:49 AM

Hi good :thumbsup:
=========
Let's see for sure though.



Pleaseright click on Hijackthis and choose "Run as Administrator"
Then choose "Do a system scan only"
Then place a check mark next to these entries below:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKLM\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKLM\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKLM\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKLM\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKLM\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe
O4 - HKCU\..\Run: [\VIE737A.exe] C:\Windows\System32\VIE737A.exe
O4 - HKCU\..\Run: [\VIE7280.exe] C:\Windows\System32\VIE7280.exe
O4 - HKCU\..\Run: [\VIE7686.exe] C:\Windows\System32\VIE7686.exe
O4 - HKCU\..\Run: [\VIE7E14.exe] C:\Windows\System32\VIE7E14.exe
O4 - HKCU\..\Run: [\VIE7E43.exe] C:\Windows\System32\VIE7E43.exe
O4 - HKCU\..\Run: [\VIE80D2.exe] C:\Windows\System32\VIE80D2.exe



Now click on Fix Checked and then close Hijackthis.
==================================
Reboot and post a new Rsit log (it was the first program I had you download).
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 enticle

enticle
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 04 September 2008 - 11:20 AM

Logfile of random's system information tool (written by random/random)
Run by Doug at 2008-09-04 09:19:48
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 34 GB (14%) free of 234 GB
Total RAM: 3071 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:57 AM, on 04/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Doug\Desktop\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\Doug.exe
C:\Windows\system32\wbem\unsecapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7781 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-21 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-21 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-21 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-10-15 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-05-06 196128]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-19 1232152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ASETRES.EXE
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee6e65d-6cf2-11dd-9cb8-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe
shell\directx\command - E:\DirectX9\dxsetup.exe
shell\setup\command - E:\setup.exe


List of files/folders created in the last three months

2008-09-03 21:22:06 ----D---- C:\_OTMoveIt
2008-09-03 13:57:38 ----D---- C:\Users\Doug\AppData\Roaming\Apple Computer
2008-09-03 13:57:28 ----D---- C:\Program Files\iPod
2008-09-03 13:57:27 ----D---- C:\Program Files\iTunes
2008-09-03 13:57:08 ----D---- C:\Program Files\Bonjour
2008-09-03 13:56:34 ----D---- C:\Program Files\QuickTime
2008-09-03 13:56:33 ----D---- C:\ProgramData\Apple Computer
2008-09-03 13:56:23 ----D---- C:\Program Files\Apple Software Update
2008-09-03 13:55:34 ----D---- C:\ProgramData\Apple
2008-09-03 13:55:34 ----D---- C:\Program Files\Common Files\Apple
2008-09-03 13:05:31 ----A---- C:\ComboFix.txt
2008-09-03 12:54:30 ----A---- C:\Windows\PSEXESVC.EXE
2008-09-03 12:54:22 ----D---- C:\Windows\temp
2008-09-03 12:51:20 ----D---- C:\ComboFix
2008-09-03 12:51:20 ----A---- C:\Windows\swreg.exe
2008-09-03 12:51:03 ----D---- C:\327882R2FWJFW
2008-09-02 21:35:21 ----D---- C:\Windows\erdnt
2008-09-02 21:34:07 ----D---- C:\QooBox
2008-09-02 21:33:56 ----A---- C:\Windows\Nircmd.exe
2008-09-02 21:33:48 ----A---- C:\Windows\zip.exe
2008-09-02 21:33:48 ----A---- C:\Windows\VFind.exe
2008-09-02 21:33:48 ----A---- C:\Windows\swsc.exe
2008-09-02 21:33:48 ----A---- C:\Windows\sed.exe
2008-09-02 21:33:48 ----A---- C:\Windows\grep.exe
2008-09-02 21:33:48 ----A---- C:\Windows\fdsv.exe
2008-09-02 21:31:25 ----A---- C:\Windows\swxcacls.exe
2008-09-02 17:39:04 ----D---- C:\rsit
2008-09-02 17:17:18 ----D---- C:\Windows\system32\logs
2008-09-02 17:17:09 ----D---- C:\Program Files\Common Files\MSSoap
2008-09-02 17:16:41 ----D---- C:\Program Files\BitDefender
2008-09-02 17:15:50 ----D---- C:\Windows\system32\URTTEMP
2008-09-02 17:04:25 ----D---- C:\Program Files\Common Files\BitDefender
2008-09-02 16:58:43 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-02 16:35:51 ----D---- C:\Program Files\CCleaner
2008-09-02 15:16:15 ----D---- C:\Program Files\Trend Micro
2008-09-02 12:36:17 ----D---- C:\Program Files\MSA
2008-08-28 04:37:02 ----D---- C:\Windows\.jagex_cache_32
2008-08-28 04:36:59 ----D---- C:\Windows\Sun
2008-08-28 04:36:36 ----A---- C:\Windows\system32\javaws.exe
2008-08-28 04:36:36 ----A---- C:\Windows\system32\javaw.exe
2008-08-28 04:36:36 ----A---- C:\Windows\system32\java.exe
2008-08-28 04:35:52 ----D---- C:\Program Files\Java
2008-08-28 04:35:13 ----D---- C:\Program Files\Common Files\Java
2008-08-27 14:03:26 ----A---- C:\Windows\system32\xfcodec.dll
2008-08-27 08:28:27 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-08-27 08:28:27 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-08-27 08:28:27 ----A---- C:\Windows\system32\ff_vfw.dll
2008-08-27 08:28:26 ----D---- C:\Program Files\ffdshow
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wups2.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wucltux.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-27 03:55:51 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wups.dll
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wudriver.dll
2008-08-27 03:55:37 ----A---- C:\Windows\system32\wuapi.dll
2008-08-27 03:55:34 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-27 03:55:34 ----A---- C:\Windows\system32\wuapp.exe
2008-08-25 01:41:51 ----A---- C:\Windows\BlendSettings.ini
2008-08-25 01:33:51 ----D---- C:\Program Files\Folding@Home #01
2008-08-25 00:53:57 ----D---- C:\Program Files\Bethesda Softworks
2008-08-24 19:42:06 ----HD---- C:\Windows\PIF
2008-08-24 00:34:11 ----A---- C:\Windows\system32\imagecfg.exe
2008-08-23 22:41:50 ----D---- C:\Users\Doug\AppData\Roaming\Publish Providers
2008-08-23 22:41:40 ----D---- C:\Users\Doug\AppData\Roaming\Sony
2008-08-23 22:36:19 ----D---- C:\ProgramData\Sony
2008-08-23 22:17:29 ----D---- C:\Program Files\Sony
2008-08-23 22:16:32 ----D---- C:\Program Files\Sony Setup
2008-08-23 14:09:12 ----D---- C:\Program Files\Colin Mcrae DiRT
2008-08-22 21:54:42 ----D---- C:\Program Files\GTR2
2008-08-21 14:56:32 ----D---- C:\ProgramData\NexonUS
2008-08-21 14:56:32 ----D---- C:\Program Files\Combat Arms
2008-08-20 16:00:26 ----D---- C:\Users\Doug\AppData\Roaming\GetRightToGo
2008-08-20 15:41:25 ----D---- C:\ProgramData\Test Drive Unlimited
2008-08-20 15:07:55 ----D---- C:\Program Files\UltraISO
2008-08-20 15:07:55 ----D---- C:\Program Files\Common Files\EZB Systems
2008-08-20 14:36:44 ----D---- C:\ProgramData\HlpMntAct
2008-08-20 00:58:48 ----D---- C:\Users\Doug\AppData\Roaming\Winamp
2008-08-19 17:01:57 ----D---- C:\ProgramData\Codemasters
2008-08-19 14:29:55 ----HD---- C:\$AVG8.VAULT$
2008-08-19 14:23:33 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-19 14:23:18 ----D---- C:\ProgramData\avg8
2008-08-19 14:23:18 ----D---- C:\Program Files\AVG
2008-08-19 02:19:01 ----RA---- C:\Windows\system32\tmpE4E4.tmp
2008-08-19 02:17:29 ----RA---- C:\Windows\system32\tmpE4C3.tmp
2008-08-19 00:34:22 ----D---- C:\Users\Doug\AppData\Roaming\Malwarebytes
2008-08-19 00:34:17 ----D---- C:\ProgramData\Malwarebytes
2008-08-19 00:34:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 23:58:19 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-08-18 23:58:14 ----D---- C:\Users\Doug\AppData\Roaming\SUPERAntiSpyware.com
2008-08-18 23:58:14 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-18 23:35:39 ----D---- C:\Program Files\Lavasoft
2008-08-18 23:35:38 ----D---- C:\ProgramData\Lavasoft
2008-08-18 23:17:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-08-18 23:17:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-18 20:39:45 ----D---- C:\Windows\Minidump
2008-08-18 20:35:43 ----RA---- C:\Windows\system32\tmpC71D.tmp
2008-08-18 20:35:43 ----D---- C:\Program Files\OpenAL
2008-08-18 20:35:43 ----A---- C:\Windows\system32\wrap_oal.dll
2008-08-18 20:35:43 ----A---- C:\Windows\system32\OpenAL32.dll
2008-08-18 20:35:42 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-08-18 20:35:41 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-08-18 20:35:40 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-08-18 20:35:39 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xinput1_3.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-08-18 20:35:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-18 20:35:37 ----A---- C:\Windows\system32\d3dx10.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xinput1_2.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xinput1_1.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-08-18 20:35:36 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-08-18 20:35:35 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-08-18 20:35:27 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-08-18 20:35:26 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-08-18 20:35:26 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-08-18 20:35:25 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-08-18 19:54:08 ----D---- C:\Users\Doug\AppData\Roaming\WinRAR
2008-08-18 19:53:54 ----D---- C:\Program Files\WinRar
2008-08-18 16:26:34 ----D---- C:\Users\Doug\AppData\Roaming\Ventrilo
2008-08-18 14:03:15 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-08-18 13:50:12 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-08-18 12:38:15 ----D---- C:\Users\Doug\AppData\Roaming\Mozilla
2008-08-18 12:34:00 ----D---- C:\EGIS_Drive
2008-08-18 12:31:31 ----D---- C:\Users\Doug\AppData\Roaming\Xfire
2008-08-18 12:31:28 ----D---- C:\ProgramData\Xfire
2008-08-18 12:31:27 ----D---- C:\Program Files\Xfire
2008-08-18 12:31:15 ----D---- C:\Program Files\Ventrilo
2008-08-18 12:30:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 12:30:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-18 12:27:22 ----N---- C:\Windows\system32\vxblock.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxwave.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxsfs.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxmas.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxinsa64.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxhpinst.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxdrv.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxcpya64.exe
2008-08-18 12:27:22 ----N---- C:\Windows\system32\pxafs.dll
2008-08-18 12:27:22 ----N---- C:\Windows\system32\px.dll
2008-08-18 12:27:20 ----D---- C:\Program Files\Winamp
2008-08-18 12:23:12 ----AD---- C:\ProgramData\TEMP
2008-08-18 12:23:11 ----D---- C:\Program Files\Fraps
2008-08-18 12:15:51 ----D---- C:\Program Files\GameSpy Arcade
2008-08-18 12:15:08 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-08-18 12:00:12 ----D---- C:\Program Files\Sierra
2008-08-18 11:52:30 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-08-18 11:43:22 ----D---- C:\Program Files\Directx
2008-08-18 11:32:41 ----D---- C:\Program Files\WarRock
2008-08-18 11:32:10 ----D---- C:\Users\Doug\AppData\Roaming\InstallShield
2008-08-18 00:58:28 ----D---- C:\Program Files\BitLord
2008-08-18 00:56:36 ----D---- C:\Downloads
2008-08-18 00:55:24 ----D---- C:\Users\Doug\AppData\Roaming\Adobe
2008-08-18 00:54:46 ----A---- C:\Windows\system32\nvuhda.exe
2008-08-18 00:54:46 ----A---- C:\Windows\system32\nvcohda.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\Oemdspif.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atiumdva.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atiumdag.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atitmmxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atipdlxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\atioglxx.dll
2008-08-18 00:54:45 ----A---- C:\Windows\system32\ATIODE.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ATIODCLI.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\atidxx32.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ATIDEMGX.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\Ati2evxx.exe
2008-08-18 00:54:44 ----A---- C:\Windows\system32\Ati2evxx.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\ati2edxx.dll
2008-08-18 00:54:44 ----A---- C:\Windows\system32\amdpcom32.dll
2008-08-18 00:54:36 ----A---- C:\Windows\devcon.exe
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoZht.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoZhc.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoTr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoTh.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSv.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoSk.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoRu.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPtb.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPt.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoPl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoNo.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoNl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoKo.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoJa.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoIt.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoHu.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoHe.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoFr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoFi.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEsm.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEs.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoENU.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEng.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoEl.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoDe.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoDa.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoCs.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\NvRCoAr.dll
2008-08-18 00:54:35 ----A---- C:\Windows\system32\nvraidco.dll
2008-08-18 00:34:13 ----D---- C:\Users\Doug\AppData\Roaming\Leadertech
2008-08-18 00:34:13 ----D---- C:\Users\Doug\AppData\Roaming\Acer
2008-08-18 00:33:58 ----D---- C:\Users\Doug\AppData\Roaming\Macromedia
2008-08-18 00:28:00 ----A---- C:\Windows\system32\tzres.dll
2008-08-18 00:27:32 ----A---- C:\Windows\system32\msshooks.dll
2008-08-18 00:27:31 ----A---- C:\Windows\system32\msscb.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\wsepno.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-18 00:27:29 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\propsys.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\propdefs.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\msstrc.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\msshsq.dll
2008-08-18 00:27:29 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\tquery.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-18 00:27:28 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-18 00:27:28 ----A---- C:\Windows\system32\offfilt.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssvp.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssrch.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mssph.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-18 00:27:28 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-18 00:25:18 ----D---- C:\Program Files\MSXML 4.0
2008-08-18 00:24:28 ----D---- C:\Windows\Acer_Wide
2008-08-18 00:24:28 ----D---- C:\Program Files\Acer Incorporated
2008-08-18 00:24:28 ----A---- C:\Windows\Acer(Wide).ini
2008-08-18 00:24:28 ----A---- C:\Windows\Acer(Normal).ini
2008-08-18 00:24:17 ----D---- C:\Windows\Acer_Normal
2008-08-18 00:24:10 ----A---- C:\Windows\system32\es.dll
2008-08-18 00:23:55 ----A---- C:\Windows\system32\mshtml.dll
2008-08-18 00:23:55 ----A---- C:\Windows\system32\ieframe.dll
2008-08-18 00:23:54 ----A---- C:\Windows\system32\wininet.dll
2008-08-18 00:23:54 ----A---- C:\Windows\system32\urlmon.dll
2008-08-18 00:23:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-18 00:23:51 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-18 00:23:39 ----A---- C:\Windows\system32\EncDec.dll
2008-08-18 00:23:34 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-18 00:23:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-18 00:23:26 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-18 00:23:11 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerzht.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerzhc.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServertr.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerth.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersv.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServersk.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerru.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerptb.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerpt.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerpl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerno.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServernl.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerko.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerja.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerit.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerhu.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerhe.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerfr.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerfi.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServeres.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerenu.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServereng.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerel.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerde.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerda.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServercs.dll
2008-08-18 00:23:06 ----A---- C:\Windows\system32\NvRaidServerar.dll
2008-08-18 00:23:05 ----A---- C:\Windows\system32\NvRaidServer.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectiontr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionru.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvSataConnectionptb.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardtr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardru.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidWizardptb.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvzht.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvzhc.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvtr.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvth.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsv.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsl.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvsk.dll
2008-08-18 00:23:04 ----A---- C:\Windows\system32\NvRaidSvru.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectionfi.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvSataConnectiones.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidWizardfi.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvptb.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvpt.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvpl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvno.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvnl.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvko.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvja.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvit.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvhu.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvhe.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvfr.dll
2008-08-18 00:23:03 ----A---- C:\Windows\system32\NvRaidSvfi.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectioneng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectioncs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvSataConnectionar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\nvsataconnection.exe
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardes.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardeng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardcs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizardar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidWizard.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSves.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvenu.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSveng.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvel.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvde.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvda.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvcs.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\NvRaidSvar.dll
2008-08-18 00:23:02 ----A---- C:\Windows\system32\nvraidservice.exe
2008-08-18 00:22:18 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-18 00:21:57 ----A---- C:\Windows\system32\rpcrt4.dll
2008-08-18 00:21:56 ----A---- C:\Windows\system32\pacerprf.dll
2008-08-18 00:21:56 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-08-18 00:21:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-08-18 00:21:56 ----A---- C:\Windows\system32\emdmgmt.dll
2008-08-18 00:21:21 ----A---- C:\Windows\system32\shell32.dll
2008-08-18 00:21:12 ----A---- C:\Windows\system32\kd1394.dll
2008-08-18 00:21:11 ----A---- C:\Windows\system32\winload.exe
2008-08-18 00:21:11 ----A---- C:\Windows\system32\ci.dll
2008-08-18 00:21:09 ----A---- C:\Windows\system32\winresume.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srdelayed.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srcore.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\srclient.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-08-18 00:20:55 ----A---- C:\Windows\system32\rstrui.exe
2008-08-18 00:20:55 ----A---- C:\Windows\system32\kbd106n.dll
2008-08-18 00:20:50 ----A---- C:\Windows\system32\Remove_eRecovery.exe
2008-08-18 00:20:50 ----A---- C:\Windows\system32\LauncheRyAgentUser.exe
2008-08-18 00:20:50 ----A---- C:\Windows\system32\ClearEvent.exe
2008-08-18 00:20:49 ----A---- C:\Windows\system32\CheckD2DSystem.exe
2008-08-18 00:20:49 ----A---- C:\Windows\system32\Acer EULA.txt
2008-08-18 00:20:02 ----A---- C:\Windows\system32\gdi32.dll
2008-08-18 00:19:48 ----A---- C:\Windows\system32\gameux.dll
2008-08-18 00:19:46 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-08-18 00:19:44 ----A---- C:\Windows\system32\vbscript.dll
2008-08-18 00:19:43 ----A---- C:\Windows\system32\jscript.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\wshext.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\wscript.exe
2008-08-18 00:19:42 ----A---- C:\Windows\system32\scrrun.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\scrobj.dll
2008-08-18 00:19:42 ----A---- C:\Windows\system32\cscript.exe
2008-08-18 00:19:39 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-18 00:19:37 ----A---- C:\Windows\system32\quartz.dll
2008-08-18 00:18:30 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-08-18 00:18:30 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-08-18 00:18:30 ----A---- C:\Windows\SkyTel.exe
2008-08-18 00:18:30 ----A---- C:\Windows\RtlUpd.exe
2008-08-18 00:18:29 ----A---- C:\Windows\system32\FMAPO.dll
2008-08-18 00:17:44 ----D---- C:\Program Files\Acer Registration
2008-08-18 00:17:44 ----D---- C:\Program Files\Acer Assist
2008-08-18 00:16:57 ----D---- C:\Users\Doug\AppData\Roaming\ATI
2008-08-18 00:16:57 ----D---- C:\ProgramData\ATI
2008-08-18 00:16:45 ----SHD---- C:\$RECYCLE.BIN
2008-08-18 00:16:27 ----D---- C:\Users\Doug\AppData\Roaming\Identities
2008-08-18 00:16:07 ----SD---- C:\Users\Doug\AppData\Roaming\Microsoft
2008-08-18 00:16:07 ----D---- C:\Users\Doug\AppData\Roaming\Media Center Programs
2008-08-18 00:16:07 ----D---- C:\Users\Doug\AppData\Roaming\Acer GameZone Console
2008-08-18 00:00:52 ----D---- C:\Program Files\ATI Technologies
2008-08-18 00:00:43 ----D---- C:\Program Files\ATI
2008-08-17 23:58:49 ----D---- C:\Windows\SoftwareDistribution

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-02 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-19 3514368]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-16 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-09-10 1035168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-21 7629632]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\system32\drivers\errdev.sys []
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\system32\drivers\iastor.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\system32\drivers\megasr.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-18 611664]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-19 655360]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 873752]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 231192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 FAH-01;Folding Service #01; C:\Program Files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-18 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-20 33800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users