Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Virtumonde.pfx, Trojan.vundo Help!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Maverick99

Maverick99

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 18 September 2008 - 06:56 PM

hey gang i need some help! i can barely use my laptop as i seem to keep getting infected with vrtumonde and trojan.vundo. i am looking forward to your help in getting rid of this problem. thank you in advance!

here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:36 PM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1F9C2DBE-1974-4F01-8E84-9DF9E0A9763F} - (no file)
O2 - BHO: (no name) - {359D4AEF-55CF-4374-BB57-62F4462B6A19} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E78E729-B2FC-49A8-A244-E2B971CB07FE} - (no file)
O2 - BHO: (no name) - {85A6C641-D8A6-482D-AE35-D0752AFF6BFF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95234DD6-B811-4420-B944-5CFE8872FAE5} - C:\WINDOWS\system32\opnonOEX.dll
O2 - BHO: (no name) - {A0039991-5C77-4A53-BA85-004782EEF995} - (no file)
O2 - BHO: (no name) - {e557f29a-ec23-4a7e-9226-c470c02e0bdd} - (no file)
O2 - BHO: (no name) - {F974B8C3-FE0F-4FC0-8DB1-339DCE31A7BA} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O20 - AppInit_DLLs: qcmzba.dll dwzfhh.dll ruhhxb.dll rnlsla.dll zxzwlf.dll
O20 - Winlogon Notify: opnlJyvW - C:\WINDOWS\
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13022 bytes

Edited by Maverick99, 18 September 2008 - 06:56 PM.


BC AdBot (Login to Remove)

 


#2 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 18 September 2008 - 10:07 PM

:thumbsup: sorry for some reason i didnt see the sticky about bumping, guess i was just being impatient. i will wait patiently for help.

Edited by Maverick99, 19 September 2008 - 09:39 AM.


#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 23 September 2008 - 07:53 PM

Hi Maverick99

My name is Extremeboy (or EB for short), and I will be helping you with your log.

sorry for some reason i didnt see the sticky about bumping, guess i was just being impatient. i will wait patiently for help.

No Promblem I will help you on this one :thumbsup:

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)

Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.


Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 23 September 2008 - 09:08 PM

thanks for your reply! i have been working on this myself the last few days with info i have found scouring the net so i will post my updated log and you can have a look before i do anything else. what i did was uninstalled my norton and turned off spybot and spysweeper and did an online scan with Eset online scanner and then downloaded the trial version of Eset Nod32 and here is how my log looks after that. let me know what you think? thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:42 PM, on 9/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1F9C2DBE-1974-4F01-8E84-9DF9E0A9763F} - (no file)
O2 - BHO: (no name) - {359D4AEF-55CF-4374-BB57-62F4462B6A19} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E78E729-B2FC-49A8-A244-E2B971CB07FE} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85A6C641-D8A6-482D-AE35-D0752AFF6BFF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95234DD6-B811-4420-B944-5CFE8872FAE5} - (no file)
O2 - BHO: (no name) - {A0039991-5C77-4A53-BA85-004782EEF995} - (no file)
O2 - BHO: (no name) - {e557f29a-ec23-4a7e-9226-c470c02e0bdd} - (no file)
O2 - BHO: (no name) - {F974B8C3-FE0F-4FC0-8DB1-339DCE31A7BA} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O20 - AppInit_DLLs: ruhhxb.dll rnlsla.dll zxzwlf.dll
O20 - Winlogon Notify: opnlJyvW - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11574 bytes

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 24 September 2008 - 06:52 AM

Hi.

Please follow the instructions from my previous post.

I want to see the Kasperksy online scan log and also the RSIT logs that you need to download.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 24 September 2008 - 04:36 PM

ok here are the RSIT log & info results and below them is the Kapersky scan results:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Jason at 2008-09-24 09:57:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (62%) free of 45 GB
Total RAM: 502 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:33 AM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1F9C2DBE-1974-4F01-8E84-9DF9E0A9763F} - (no file)
O2 - BHO: (no name) - {359D4AEF-55CF-4374-BB57-62F4462B6A19} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E78E729-B2FC-49A8-A244-E2B971CB07FE} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85A6C641-D8A6-482D-AE35-D0752AFF6BFF} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95234DD6-B811-4420-B944-5CFE8872FAE5} - (no file)
O2 - BHO: (no name) - {A0039991-5C77-4A53-BA85-004782EEF995} - (no file)
O2 - BHO: (no name) - {e557f29a-ec23-4a7e-9226-c470c02e0bdd} - (no file)
O2 - BHO: (no name) - {F974B8C3-FE0F-4FC0-8DB1-339DCE31A7BA} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O20 - AppInit_DLLs: ruhhxb.dll rnlsla.dll zxzwlf.dll
O20 - Winlogon Notify: opnlJyvW - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11731 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F9C2DBE-1974-4F01-8E84-9DF9E0A9763F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{359D4AEF-55CF-4374-BB57-62F4462B6A19}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E78E729-B2FC-49A8-A244-E2B971CB07FE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85A6C641-D8A6-482D-AE35-D0752AFF6BFF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95234DD6-B811-4420-B944-5CFE8872FAE5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0039991-5C77-4A53-BA85-004782EEF995}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e557f29a-ec23-4a7e-9226-c470c02e0bdd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F974B8C3-FE0F-4FC0-8DB1-339DCE31A7BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-11 180269]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 5367664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ruhhxb.dll rnlsla.dll zxzwlf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlJyvW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2008-01-04 219504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SHARP\Printer Status Monitor\Smon.exe"="C:\Program Files\SHARP\Printer Status Monitor\Smon.exe:*:Enabled:smon"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Jason\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Jason\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-09-24 09:57:12 ----D---- C:\rsit
2008-09-24 04:16:06 ----D---- C:\WINDOWS\LastGood
2008-09-22 13:38:53 ----D---- C:\Program Files\ESET
2008-09-22 13:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23:36 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-21 14:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-20 23:58:15 ----D---- C:\WINDOWS\Prefetch
2008-09-20 23:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 23:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 23:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 23:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 23:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 23:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 23:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 23:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 23:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 23:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 23:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 22:51:18 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 22:50:56 ----D---- C:\WINDOWS\l2schemas
2008-09-20 22:50:43 ----D---- C:\WINDOWS\system32\en
2008-09-20 22:50:34 ----D---- C:\WINDOWS\system32\bits
2008-09-20 22:16:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 21:27:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 20:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 20:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 20:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 20:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 20:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 19:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 19:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-20 19:23:55 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-20 19:23:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 19:23:17 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 19:23:14 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 19:23:07 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 19:23:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 19:23:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 19:22:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 19:22:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 19:22:53 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-20 19:22:48 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 19:22:42 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 19:22:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 19:22:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-20 19:21:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 19:21:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 19:21:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 19:21:22 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 19:21:12 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 19:21:01 ----A---- C:\WINDOWS\003173_.tmp
2008-09-20 19:21:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 19:20:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 19:20:41 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 19:20:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 19:20:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 19:20:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 19:20:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:20:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 19:20:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 16:22:39 ----D---- C:\Program Files\Lavasoft
2008-09-20 16:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-19 14:32:19 ----ASH---- C:\WINDOWS\system32\ldfsinmg.ini
2008-09-18 17:49:53 ----D---- C:\Program Files\Trend Micro
2008-09-18 14:54:17 ----A---- C:\WINDOWS\cookies.ini
2008-09-18 14:33:25 ----ASH---- C:\WINDOWS\system32\uwbjsisv.ini
2008-09-18 14:33:23 ----A---- C:\WINDOWS\system32\vsisjbwu.dll
2008-09-18 14:27:25 ----A---- C:\WINDOWS\system32\zxzwlf.dll
2008-09-18 14:27:23 ----A---- C:\WINDOWS\system32\okvtenky.dll
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:53:58 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-06 16:37:57 ----ASH---- C:\WINDOWS\system32\uedcvxij.ini
2008-09-06 16:35:19 ----A---- C:\WINDOWS\system32\rnlsla.dll
2008-09-06 16:35:19 ----A---- C:\WINDOWS\system32\nghrthtn.dll
2008-09-06 16:34:28 ----A---- C:\WINDOWS\system32\ruhhxb.dll
2008-09-06 16:34:26 ----A---- C:\WINDOWS\system32\wpuybses.dll
2008-09-04 12:05:33 ----ASH---- C:\WINDOWS\system32\ogtwfnnt.ini
2008-09-03 11:58:37 ----ASH---- C:\WINDOWS\system32\jrssfmve.ini
2008-09-02 11:56:43 ----ASH---- C:\WINDOWS\system32\ymgkrnxb.ini
2008-08-28 12:25:38 ----D---- C:\NSS
2008-08-28 11:07:26 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56:15 ----D---- C:\Program Files\MSXML 6.0
2008-08-28 10:09:39 ----ASH---- C:\WINDOWS\system32\ugsmadiy.ini
2008-08-27 14:51:51 ----SHD---- C:\WINDOWS\CSC
2008-08-26 07:57:20 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-08-25 07:23:00 ----ASH---- C:\WINDOWS\system32\qrtjbsfc.ini
2008-08-22 09:27:50 ----ASH---- C:\WINDOWS\system32\njhoaaqt.ini
2008-08-21 16:21:06 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-08-21 10:50:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-21 10:41:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-11 06:49:08 ----A---- C:\WINDOWS\system32\ikjusvxu.dll
2008-08-05 07:22:23 ----ASH---- C:\WINDOWS\system32\hvoivrgm.ini
2008-07-31 12:50:39 ----A---- C:\WINDOWS\system32\tmp.txt
2008-07-31 12:50:37 ----A---- C:\rapport.txt
2008-07-31 11:44:51 ----ASH---- C:\WINDOWS\system32\yvgscnko.ini
2008-07-24 17:49:52 ----A---- C:\WINDOWS\system32\WRLogonNtf.dll
2008-07-24 17:43:07 ----A---- C:\WINDOWS\system32\wrlzma.dll
2008-07-24 17:43:03 ----A---- C:\WINDOWS\system32\ssiefr.EXE
2008-07-24 17:43:02 ----A---- C:\WINDOWS\WRSetup.dll
2008-07-24 17:43:00 ----D---- C:\Documents and Settings\Jason\Application Data\Webroot
2008-07-24 17:42:59 ----D---- C:\Program Files\Webroot
2008-07-24 17:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 16:54:45 ----D---- C:\Documents and Settings\Jason\Application Data\ErrorSmart
2008-07-24 14:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-07-24 11:37:17 ----ASH---- C:\WINDOWS\system32\rwiopccp.ini
2008-07-23 11:35:58 ----ASH---- C:\WINDOWS\system32\eexsoosr.ini
2008-07-23 11:32:46 ----A---- C:\WINDOWS\system32\anqqsn.dll
2008-07-23 11:32:44 ----A---- C:\WINDOWS\system32\gmxlvmjk.dll
2008-07-22 11:22:03 ----ASH---- C:\WINDOWS\system32\gefmdowk.ini
2008-07-22 11:22:01 ----A---- C:\WINDOWS\system32\kwodmfeg.dll
2008-07-22 11:18:04 ----A---- C:\WINDOWS\system32\dlbuvbts.dll
2008-07-22 09:04:41 ----A---- C:\WINDOWS\system32\jnprunbs.dll
2008-07-22 09:03:53 ----A---- C:\WINDOWS\system32\dpmunday.dll
2008-07-22 09:02:46 ----ASH---- C:\WINDOWS\system32\ccuheruv.ini
2008-07-22 09:02:25 ----A---- C:\WINDOWS\system32\vurehucc.dll
2008-07-22 08:49:03 ----A---- C:\WINDOWS\system32\oipmhvwl.dll
2008-07-22 08:48:15 ----A---- C:\WINDOWS\system32\yymfbmlx.dll
2008-07-21 14:02:54 ----ASH---- C:\WINDOWS\system32\etfgylgr.ini
2008-07-21 14:02:36 ----A---- C:\WINDOWS\BM3f01195f.txt
2008-07-21 14:02:07 ----A---- C:\WINDOWS\system32\3711eebd-.txt
2008-07-21 14:00:24 ----ASH---- C:\WINDOWS\system32\XEOnonpo.ini2
2008-07-21 14:00:22 ----ASH---- C:\WINDOWS\system32\XEOnonpo.ini
2008-07-21 12:10:57 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-07-21 12:10:55 ----D---- C:\Program Files\Roxio
2008-07-18 10:10:16 ----D---- C:\Documents and Settings\Jason\Application Data\Roxio
2008-07-18 10:01:41 ----D---- C:\Documents and Settings\Jason\Application Data\Research In Motion
2008-07-18 09:39:15 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-18 09:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-18 09:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-18 09:31:52 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-07-18 09:22:44 ----D---- C:\Documents and Settings\Jason\Application Data\Blackberry Desktop
2008-07-18 09:21:13 ----D---- C:\Program Files\Common Files\Research In Motion
2008-07-18 09:20:05 ----D---- C:\Program Files\Research In Motion
2008-07-18 08:56:01 ----SHD---- C:\WINDOWS\ftpcache
2008-07-09 08:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-02 11:46:19 ----D---- C:\Program Files\Stardock
2008-07-02 11:46:15 ----D---- C:\Program Files\Common Files\Stardock

======List of files/folders modified in the last 3 months======

2008-09-24 09:56:35 ----D---- C:\WINDOWS\Temp
2008-09-24 09:52:19 ----D---- C:\Program Files\Mozilla Firefox
2008-09-24 04:16:13 ----AD---- C:\WINDOWS\system32
2008-09-24 04:16:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-24 04:16:06 ----HD---- C:\WINDOWS\inf
2008-09-24 04:16:06 ----AD---- C:\WINDOWS
2008-09-23 22:24:49 ----A---- C:\WINDOWS\hpbafd.ini
2008-09-23 22:22:52 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-23 14:56:18 ----D---- C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-23 10:16:32 ----A---- C:\WINDOWS\win.ini
2008-09-23 10:14:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-23 10:11:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-23 08:55:17 ----D---- C:\WINDOWS\Help
2008-09-22 15:46:21 ----RD---- C:\Program Files
2008-09-22 13:40:06 ----SHD---- C:\WINDOWS\Installer
2008-09-22 13:39:48 ----AD---- C:\WINDOWS\system32\drivers
2008-09-22 13:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 11:23:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-22 11:13:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-22 10:57:03 ----D---- C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-22 10:22:49 ----D---- C:\WINDOWS\system32\wbem
2008-09-22 10:22:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-21 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 00:02:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-21 00:00:09 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 23:57:04 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 23:57:04 ----D---- C:\WINDOWS\AppPatch
2008-09-20 23:57:00 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 23:32:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-20 23:31:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:24:43 ----AD---- C:\i386
2008-09-20 23:24:07 ----D---- C:\WINDOWS\security
2008-09-20 23:20:52 ----D---- C:\Program Files\Messenger
2008-09-20 23:02:31 ----D---- C:\WINDOWS\WinSxS
2008-09-20 22:56:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 22:56:29 ----D---- C:\WINDOWS\ime
2008-09-20 22:51:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 22:51:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 22:50:33 ----D---- C:\WINDOWS\PeerNet
2008-09-20 22:50:27 ----D---- C:\Program Files\Movie Maker
2008-09-20 22:11:46 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 22:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-20 22:11:42 ----D---- C:\WINDOWS\mui
2008-09-20 22:11:13 ----D---- C:\WINDOWS\msagent
2008-09-20 22:10:48 ----D---- C:\WINDOWS\srchasst
2008-09-20 22:09:36 ----D---- C:\Program Files\NetMeeting
2008-09-20 22:09:05 ----D---- C:\WINDOWS\system32\Com
2008-09-20 22:08:29 ----D---- C:\Program Files\Windows Media Player
2008-09-20 22:08:18 ----D---- C:\Program Files\Windows NT
2008-09-20 22:08:16 ----D---- C:\Program Files\Outlook Express
2008-09-20 22:07:23 ----D---- C:\Program Files\Common Files\System
2008-09-20 22:04:28 ----AD---- C:\WINDOWS\system32\oobe
2008-09-20 22:04:21 ----AD---- C:\WINDOWS\system
2008-09-20 21:40:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 21:20:36 ----D---- C:\WINDOWS\ehome
2008-09-20 20:05:30 ----D---- C:\Program Files\Internet Explorer
2008-09-20 20:05:12 ----D---- C:\WINDOWS\ie7updates
2008-09-20 19:53:18 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-20 16:21:27 ----D---- C:\Program Files\Common Files
2008-09-19 23:05:09 ----A---- C:\WINDOWS\wininit.ini
2008-09-19 08:55:31 ----SHD---- C:\System Volume Information
2008-08-28 10:45:03 ----D---- C:\WINDOWS\Debug
2008-08-28 09:46:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-28 09:45:57 ----D---- C:\Program Files\NewTech Infosystems
2008-08-28 09:44:31 ----D---- C:\Program Files\palmOne
2008-08-28 09:42:57 ----D---- C:\Program Files\TELUS eCare
2008-08-28 09:41:13 ----D---- C:\WINDOWS\Motive
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-25 09:10:16 ----D---- C:\WINDOWS\Minidump
2008-08-21 08:14:13 ----SD---- C:\WINDOWS\Tasks
2008-08-20 10:57:00 ----D---- C:\WINDOWS\Registration
2008-07-24 09:50:52 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-07-23 08:25:04 ----D---- C:\WINDOWS\system32\config
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 09:32:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-07 14:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-06 21275]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DLPORTIO;DLPORTIO; \??\C:\WINDOWS\DLPORTIO.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-10 6144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; C:\WINDOWS\system32\drivers\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; C:\WINDOWS\system32\drivers\eLock2FSCTLDriver.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-11-02 32512]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-20 611664]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.02 2008-09-24 09:57:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Acoustica MP3 CD Burner-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
Canon PIXMA iP3000-->C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Documents To Go-->MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
Printer Status Monitor Version 4.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SHARP\Printer Status Monitor\Uninst.isu"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SHARP MX-2300/2700/3500/4500 Series PCL/PS Printer Driver-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\usn0.isu -cC:\WINDOWS\system32\usn0.dll
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------


Kapersky results:

Wednesday, September 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 16:26:54
Records in database: 1255995
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 71017
Threat name 2
Infected objects 111
Suspicious objects 0
Duration of the scan 04:29:01

File name Threat name Threats count
C:\WINDOWS\system32\ruhhxb.dll/C:\WINDOWS\system32\ruhhxb.dll Infected: Trojan.Win32.Monderb.lvo 49
C:\WINDOWS\system32\rnlsla.dll/C:\WINDOWS\system32\rnlsla.dll Infected: Trojan.Win32.Monderb.lvo 48
C:\WINDOWS\System32\ruhhxb.dll/C:\WINDOWS\System32\ruhhxb.dll Infected: Trojan.Win32.Monderb.lvo 4
C:\WINDOWS\System32\rnlsla.dll/C:\WINDOWS\System32\rnlsla.dll Infected: Trojan.Win32.Monderb.lvo 4
C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\RECYCLER\S-1-5-21-1622665955-2544304383-2871109432-1005\Dc1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\system32\nghrthtn.dll Infected: Trojan.Win32.Monderb.lvo 1
C:\WINDOWS\system32\rnlsla.dll Infected: Trojan.Win32.Monderb.lvo 1
C:\WINDOWS\system32\ruhhxb.dll Infected: Trojan.Win32.Monderb.lvo 1
C:\WINDOWS\system32\wpuybses.dll Infected: Trojan.Win32.Monderb.lvo 1
The selected area was scanned.

please advise. Thank you!

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 25 September 2008 - 02:27 PM

Hi Maverick99 and welcome to Bleepingcomputer :thumbsup:

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Please follow the instructions for running Combofix from here
  • Please read the guide carefully and follow every instructions percisly and remeber to install the Recovery Console first.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It
    is a simple procedure that will only take a few moments of your time.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan.

    Posted Image
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log
-Fresh RSIT logs <-Run this after combofix.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 25 September 2008 - 03:42 PM

ok here is combofix log with fresh RSIT (only the log.txt popped up, the info.txt never opened this time) following it:

ComboFix 08-09-25.03 - Jason 2008-09-25 14:14:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.183 [GMT -6:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jason\Cookies\jason@ehg.fedex[1].txt
C:\Documents and Settings\Jason\Cookies\jason@insightexpressai[2].txt
C:\Documents and Settings\Jason\Cookies\jason@revsci[2].txt
C:\Documents and Settings\Jason\Cookies\jason@web.nautilusinc[2].txt
C:\WINDOWS\BM3f01195f.txt
C:\WINDOWS\BM3f01195f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DDTums.1.0.0.12\dinerdash.exe
C:\WINDOWS\system32\anqqsn.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dlbuvbts.dll
C:\WINDOWS\system32\dpmunday.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\gefmdowk.ini
C:\WINDOWS\system32\gmxlvmjk.dll
C:\WINDOWS\system32\hvoivrgm.ini
C:\WINDOWS\system32\ikjusvxu.dll
C:\WINDOWS\system32\jnprunbs.dll
C:\WINDOWS\system32\jrssfmve.ini
C:\WINDOWS\system32\kwodmfeg.dll
C:\WINDOWS\system32\ldfsinmg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\njhoaaqt.ini
C:\WINDOWS\system32\ogtwfnnt.ini
C:\WINDOWS\system32\oipmhvwl.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qrtjbsfc.ini
C:\WINDOWS\system32\uedcvxij.ini
C:\WINDOWS\system32\ugsmadiy.ini
C:\WINDOWS\system32\uwbjsisv.ini
C:\WINDOWS\system32\vurehucc.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\XEOnonpo.ini
C:\WINDOWS\system32\ymgkrnxb.ini
C:\WINDOWS\system32\yvgscnko.ini
C:\WINDOWS\system32\yymfbmlx.dll
C:\WINDOWS\temp\perflib_perfdata_1cc.dat
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NPF
-------\Service_Iprip
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 )))))))))))))))))))))))))))))))
.

2008-09-24 09:57 . 2008-09-24 09:57 <DIR> d-------- C:\rsit
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Program Files\ESET
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23 . 2008-09-22 13:22 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-20 22:51 . 2008-09-20 22:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 22:50 . 2008-09-20 22:50 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 22:50 . 2008-09-20 22:50 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 22:50 . 2008-09-20 22:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 22:16 . 2008-09-20 23:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-20 19:22 . 2008-04-13 18:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:21 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-20 19:20 . 2008-04-13 18:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:01 . 2008-04-11 13:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-20 16:22 . 2008-09-20 16:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 16:22 . 2008-09-20 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21 . 2008-09-20 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 17:49 . 2008-09-18 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 16:12 . 2008-09-18 16:12 268 --ah----- C:\sqmdata19.sqm
2008-09-18 16:12 . 2008-09-18 16:12 244 --ah----- C:\sqmnoopt19.sqm
2008-09-18 14:27 . 2008-09-18 14:27 112,640 --a------ C:\WINDOWS\system32\zxzwlf.dll
2008-09-18 14:27 . 2008-09-18 14:27 112,640 --a------ C:\WINDOWS\system32\okvtenky.dll
2008-09-06 16:54 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:54 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:53 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-06 16:35 . 2008-09-06 16:35 96,256 --a------ C:\WINDOWS\system32\rnlsla.dll
2008-09-06 16:35 . 2008-09-06 16:35 96,256 --a------ C:\WINDOWS\system32\nghrthtn.dll
2008-09-06 16:34 . 2008-09-06 16:34 96,256 --a------ C:\WINDOWS\system32\wpuybses.dll
2008-09-06 16:34 . 2008-09-06 16:34 96,256 --a------ C:\WINDOWS\system32\ruhhxb.dll
2008-09-04 15:34 . 2008-09-04 15:34 268 --ah----- C:\sqmdata18.sqm
2008-09-04 15:34 . 2008-09-04 15:34 244 --ah----- C:\sqmnoopt18.sqm
2008-09-02 18:43 . 2008-09-02 18:43 268 --ah----- C:\sqmdata17.sqm
2008-09-02 18:43 . 2008-09-02 18:43 244 --ah----- C:\sqmnoopt17.sqm
2008-09-02 17:18 . 2008-09-02 17:18 268 --ah----- C:\sqmdata16.sqm
2008-09-02 17:18 . 2008-09-02 17:18 244 --ah----- C:\sqmnoopt16.sqm
2008-08-28 12:25 . 2008-08-28 12:26 <DIR> d-------- C:\NSS
2008-08-28 11:07 . 2008-08-28 13:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56 . 2008-08-28 10:56 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 20:24 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-22 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-22 16:57 --------- d-----w C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-21 01:53 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-20 05:14 603,290 --sha-w C:\WINDOWS\system32\XEOnonpo.ini2
2008-09-02 16:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-02 16:58 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-28 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 15:45 --------- d-----w C:\Program Files\NewTech Infosystems
2008-08-28 15:44 --------- d-----w C:\Program Files\palmOne
2008-08-28 15:42 --------- d-----w C:\Program Files\TELUS eCare
2008-08-21 16:50 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 19:03 4,492 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-25 04:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 04:05 164 ----a-w C:\install.dat
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-25 00:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-04 20:53 60,968 ----a-w C:\Documents and Settings\Jason\GoToAssistDownloadHelper.exe
2007-03-05 21:42 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-03 19:46 23,552 ----a-w C:\Program Files\mozilla firefox\plugins\DrvMgt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-08-10 28672]
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe [2008-05-06 180313]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ruhhxb.dll rnlsla.dll zxzwlf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SHARP\\Printer Status Monitor\\Smon.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 DLPORTIO;DLPORTIO;C:\WINDOWS\DLPORTIO.sys [2008-05-18 3584]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 78208]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
- - - - ORPHANS REMOVED - - - -

BHO-{1F9C2DBE-1974-4F01-8E84-9DF9E0A9763F} - (no file)
BHO-{359D4AEF-55CF-4374-BB57-62F4462B6A19} - (no file)
BHO-{7E78E729-B2FC-49A8-A244-E2B971CB07FE} - (no file)
BHO-{85A6C641-D8A6-482D-AE35-D0752AFF6BFF} - (no file)
BHO-{95234DD6-B811-4420-B944-5CFE8872FAE5} - (no file)
BHO-{A0039991-5C77-4A53-BA85-004782EEF995} - (no file)
BHO-{e557f29a-ec23-4a7e-9226-c470c02e0bdd} - (no file)
BHO-{F974B8C3-FE0F-4FC0-8DB1-339DCE31A7BA} - (no file)
Notify-opnlJyvW - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lijmwthn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_fastbid2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npskilljamloader.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npssp32.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 14:25:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-09-25 14:34:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-25 20:34:35

Pre-Run: 29,064,418,816 bytes free
Post-Run: 28,964,012,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

566 --- E O F --- 2008-09-21 20:19:51


RSIT:, only the log.txt popped up, not the info.txt

Logfile of random's system information tool 1.02 (written by random/random)
Run by Jason at 2008-09-25 14:40:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (62%) free of 45 GB
Total RAM: 502 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:51 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_0
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O20 - AppInit_DLLs: ruhhxb.dll rnlsla.dll zxzwlf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10540 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-11 180269]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 5367664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ruhhxb.dll rnlsla.dll zxzwlf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2008-01-04 219504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SHARP\Printer Status Monitor\Smon.exe"="C:\Program Files\SHARP\Printer Status Monitor\Smon.exe:*:Enabled:smon"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-09-25 14:34:44 ----A---- C:\ComboFix.txt
2008-09-25 14:14:04 ----A---- C:\Boot.bak
2008-09-25 14:13:54 ----D---- C:\cmdcons
2008-09-25 14:12:46 ----D---- C:\WINDOWS\erdnt
2008-09-25 14:11:18 ----D---- C:\QooBox
2008-09-25 14:11:11 ----A---- C:\WINDOWS\zip.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\sed.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\grep.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\fdsv.exe
2008-09-24 09:57:12 ----D---- C:\rsit
2008-09-22 13:38:53 ----D---- C:\Program Files\ESET
2008-09-22 13:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23:36 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-21 14:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-20 23:58:15 ----D---- C:\WINDOWS\Prefetch
2008-09-20 23:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 23:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 23:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 23:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 23:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 23:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 23:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 23:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 23:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 23:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 23:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 22:51:18 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 22:50:56 ----D---- C:\WINDOWS\l2schemas
2008-09-20 22:50:43 ----D---- C:\WINDOWS\system32\en
2008-09-20 22:50:34 ----D---- C:\WINDOWS\system32\bits
2008-09-20 22:16:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 21:27:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 20:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 20:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 20:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 20:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 20:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 19:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 19:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-20 19:23:55 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-20 19:23:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 19:23:17 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 19:23:14 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 19:23:07 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 19:23:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 19:23:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 19:22:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 19:22:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 19:22:53 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-20 19:22:48 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 19:22:42 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 19:22:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 19:22:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-20 19:21:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 19:21:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 19:21:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 19:21:22 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 19:21:12 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 19:21:01 ----A---- C:\WINDOWS\003173_.tmp
2008-09-20 19:21:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 19:20:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 19:20:41 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 19:20:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 19:20:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 19:20:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 19:20:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:20:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 19:20:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 16:22:39 ----D---- C:\Program Files\Lavasoft
2008-09-20 16:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 17:49:53 ----D---- C:\Program Files\Trend Micro
2008-09-18 14:27:25 ----A---- C:\WINDOWS\system32\zxzwlf.dll
2008-09-18 14:27:23 ----A---- C:\WINDOWS\system32\okvtenky.dll
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:53:58 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-06 16:35:19 ----A---- C:\WINDOWS\system32\rnlsla.dll
2008-09-06 16:35:19 ----A---- C:\WINDOWS\system32\nghrthtn.dll
2008-09-06 16:34:28 ----A---- C:\WINDOWS\system32\ruhhxb.dll
2008-09-06 16:34:26 ----A---- C:\WINDOWS\system32\wpuybses.dll
2008-08-28 12:25:38 ----D---- C:\NSS
2008-08-28 11:07:26 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56:15 ----D---- C:\Program Files\MSXML 6.0
2008-08-27 14:51:51 ----SHD---- C:\WINDOWS\CSC
2008-08-21 16:21:06 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-08-21 10:50:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-21 10:41:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:50:39 ----A---- C:\WINDOWS\system32\tmp.txt
2008-07-31 12:50:37 ----A---- C:\rapport.txt
2008-07-24 17:49:52 ----A---- C:\WINDOWS\system32\WRLogonNtf.dll
2008-07-24 17:43:07 ----A---- C:\WINDOWS\system32\wrlzma.dll
2008-07-24 17:43:03 ----A---- C:\WINDOWS\system32\ssiefr.EXE
2008-07-24 17:43:02 ----A---- C:\WINDOWS\WRSetup.dll
2008-07-24 17:43:00 ----D---- C:\Documents and Settings\Jason\Application Data\Webroot
2008-07-24 17:42:59 ----D---- C:\Program Files\Webroot
2008-07-24 17:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 16:54:45 ----D---- C:\Documents and Settings\Jason\Application Data\ErrorSmart
2008-07-24 14:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-07-24 11:37:17 ----ASH---- C:\WINDOWS\system32\rwiopccp.ini
2008-07-23 11:35:58 ----ASH---- C:\WINDOWS\system32\eexsoosr.ini
2008-07-22 09:02:46 ----ASH---- C:\WINDOWS\system32\ccuheruv.ini
2008-07-21 14:02:54 ----ASH---- C:\WINDOWS\system32\etfgylgr.ini
2008-07-21 14:02:07 ----A---- C:\WINDOWS\system32\3711eebd-.txt
2008-07-21 14:00:24 ----ASH---- C:\WINDOWS\system32\XEOnonpo.ini2
2008-07-21 12:10:57 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-07-21 12:10:55 ----D---- C:\Program Files\Roxio
2008-07-18 10:10:16 ----D---- C:\Documents and Settings\Jason\Application Data\Roxio
2008-07-18 10:01:41 ----D---- C:\Documents and Settings\Jason\Application Data\Research In Motion
2008-07-18 09:39:15 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-18 09:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-18 09:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-18 09:31:52 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-07-18 09:22:44 ----D---- C:\Documents and Settings\Jason\Application Data\Blackberry Desktop
2008-07-18 09:21:13 ----D---- C:\Program Files\Common Files\Research In Motion
2008-07-18 09:20:05 ----D---- C:\Program Files\Research In Motion
2008-07-18 08:56:01 ----SHD---- C:\WINDOWS\ftpcache
2008-07-09 08:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-02 11:46:19 ----D---- C:\Program Files\Stardock
2008-07-02 11:46:15 ----D---- C:\Program Files\Common Files\Stardock

======List of files/folders modified in the last 3 months======

2008-09-25 14:40:23 ----D---- C:\WINDOWS\Temp
2008-09-25 14:35:58 ----D---- C:\Program Files\Mozilla Firefox
2008-09-25 14:35:12 ----AD---- C:\WINDOWS\system32
2008-09-25 14:35:10 ----AD---- C:\WINDOWS\system32\drivers
2008-09-25 14:34:55 ----AD---- C:\WINDOWS
2008-09-25 14:29:35 ----A---- C:\WINDOWS\win.ini
2008-09-25 14:27:47 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-25 14:25:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-25 14:24:22 ----A---- C:\WINDOWS\system.ini
2008-09-25 14:24:02 ----D---- C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-25 14:22:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-25 14:20:51 ----D---- C:\WINDOWS\system32\config
2008-09-25 14:18:24 ----D---- C:\WINDOWS\AppPatch
2008-09-25 14:18:24 ----D---- C:\Program Files\Common Files
2008-09-25 14:17:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-25 14:14:04 ----RASH---- C:\boot.ini
2008-09-24 04:16:06 ----HD---- C:\WINDOWS\inf
2008-09-23 22:24:49 ----A---- C:\WINDOWS\hpbafd.ini
2008-09-23 10:14:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-23 08:55:17 ----D---- C:\WINDOWS\Help
2008-09-22 15:46:21 ----RD---- C:\Program Files
2008-09-22 13:40:06 ----SHD---- C:\WINDOWS\Installer
2008-09-22 13:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 11:13:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-22 10:57:03 ----D---- C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-22 10:22:49 ----D---- C:\WINDOWS\system32\wbem
2008-09-22 10:22:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-21 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 00:02:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-21 00:00:09 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 23:57:04 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 23:57:00 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 23:32:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-20 23:31:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:24:43 ----AD---- C:\i386
2008-09-20 23:24:07 ----D---- C:\WINDOWS\security
2008-09-20 23:20:52 ----D---- C:\Program Files\Messenger
2008-09-20 23:02:31 ----D---- C:\WINDOWS\WinSxS
2008-09-20 22:56:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 22:56:29 ----D---- C:\WINDOWS\ime
2008-09-20 22:51:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 22:51:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 22:50:33 ----D---- C:\WINDOWS\PeerNet
2008-09-20 22:50:27 ----D---- C:\Program Files\Movie Maker
2008-09-20 22:11:46 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 22:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-20 22:11:42 ----D---- C:\WINDOWS\mui
2008-09-20 22:11:13 ----D---- C:\WINDOWS\msagent
2008-09-20 22:10:48 ----D---- C:\WINDOWS\srchasst
2008-09-20 22:09:36 ----D---- C:\Program Files\NetMeeting
2008-09-20 22:09:05 ----D---- C:\WINDOWS\system32\Com
2008-09-20 22:08:29 ----D---- C:\Program Files\Windows Media Player
2008-09-20 22:08:18 ----D---- C:\Program Files\Windows NT
2008-09-20 22:08:16 ----D---- C:\Program Files\Outlook Express
2008-09-20 22:07:23 ----D---- C:\Program Files\Common Files\System
2008-09-20 22:04:28 ----AD---- C:\WINDOWS\system32\oobe
2008-09-20 22:04:21 ----AD---- C:\WINDOWS\system
2008-09-20 21:40:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 21:20:36 ----D---- C:\WINDOWS\ehome
2008-09-20 20:05:30 ----D---- C:\Program Files\Internet Explorer
2008-09-20 20:05:12 ----D---- C:\WINDOWS\ie7updates
2008-09-20 19:53:18 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-19 23:05:09 ----A---- C:\WINDOWS\wininit.ini
2008-09-19 08:55:31 ----SHD---- C:\System Volume Information
2008-08-28 10:45:03 ----D---- C:\WINDOWS\Debug
2008-08-28 09:46:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-28 09:45:57 ----D---- C:\Program Files\NewTech Infosystems
2008-08-28 09:44:31 ----D---- C:\Program Files\palmOne
2008-08-28 09:42:57 ----D---- C:\Program Files\TELUS eCare
2008-08-28 09:41:13 ----D---- C:\WINDOWS\Motive
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-25 09:10:16 ----D---- C:\WINDOWS\Minidump
2008-08-21 08:14:13 ----SD---- C:\WINDOWS\Tasks
2008-08-20 10:57:00 ----D---- C:\WINDOWS\Registration
2008-07-24 09:50:52 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 09:32:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-07 14:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-06 21275]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DLPORTIO;DLPORTIO; \??\C:\WINDOWS\DLPORTIO.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-10 6144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; C:\WINDOWS\system32\drivers\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; C:\WINDOWS\system32\drivers\eLock2FSCTLDriver.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-20 611664]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 25 September 2008 - 03:49 PM

Hi Maverick99.

The info.txt can be found in C:\Rsit folder.

Navigate to that folder and post the info.txt as well.

Edit: Also add in anything you like, how is your computer running now?

Thanks :thumbsup:

With Regards,
Extremeboy

Edited by extremeboy, 25 September 2008 - 03:50 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 25 September 2008 - 03:55 PM

ok here is the info.txt from RSIT. my laptop is running way better, what a difference!! how does the logs look?


info.txt logfile of random's system information tool 1.02 2008-09-24 09:57:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Acoustica MP3 CD Burner-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
Canon PIXMA iP3000-->C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Documents To Go-->MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
Printer Status Monitor Version 4.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SHARP\Printer Status Monitor\Uninst.isu"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SHARP MX-2300/2700/3500/4500 Series PCL/PS Printer Driver-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\usn0.isu -cC:\WINDOWS\system32\usn0.dll
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 26 September 2008 - 07:53 AM

Hi Maverick99. Log looks better :thumbsup:

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)


    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.
Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\zxzwlf.dll
    C:\WINDOWS\system32\okvtenky.dll
    C:\WINDOWS\system32\rnlsla.dll
    C:\WINDOWS\system32\nghrthtn.dll
    C:\WINDOWS\system32\wpuybses.dll
    C:\WINDOWS\system32\ruhhxb.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

For your next reply please provide the following:
  • Combofix log
  • Kaspersky online scan log
  • Fresh RSIT logs <-Run this at the end.
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 26 September 2008 - 01:29 PM

ok, here are the new Combofix Log then Kapersky log followed by RSIT logs.
Kapersky says im still infected....

ComboFix 08-09-25.03 - Jason 2008-09-26 9:52:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.224 [GMT -6:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\nghrthtn.dll
C:\WINDOWS\system32\okvtenky.dll
C:\WINDOWS\system32\rnlsla.dll
C:\WINDOWS\system32\ruhhxb.dll
C:\WINDOWS\system32\wpuybses.dll
C:\WINDOWS\system32\zxzwlf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nghrthtn.dll
C:\WINDOWS\system32\okvtenky.dll
C:\WINDOWS\system32\wpuybses.dll
C:\WINDOWS\system32\zxzwlf.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-24 09:57 . 2008-09-24 09:57 <DIR> d-------- C:\rsit
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Program Files\ESET
2008-09-22 13:38 . 2008-09-22 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23 . 2008-09-22 13:22 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-09-20 22:51 . 2008-09-20 22:51 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 22:50 . 2008-09-20 22:50 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 22:50 . 2008-09-20 22:50 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 22:50 . 2008-09-20 22:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 22:16 . 2008-09-20 23:01 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-20 19:22 . 2008-04-13 18:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:21 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-20 19:20 . 2008-04-13 18:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:01 . 2008-04-11 13:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-20 16:22 . 2008-09-20 16:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-20 16:22 . 2008-09-20 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21 . 2008-09-20 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 17:49 . 2008-09-18 17:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 16:12 . 2008-09-18 16:12 268 --ah----- C:\sqmdata19.sqm
2008-09-18 16:12 . 2008-09-18 16:12 244 --ah----- C:\sqmnoopt19.sqm
2008-09-06 16:54 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:54 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:53 . 2008-09-06 16:54 <DIR> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-09-04 15:34 . 2008-09-04 15:34 268 --ah----- C:\sqmdata18.sqm
2008-09-04 15:34 . 2008-09-04 15:34 244 --ah----- C:\sqmnoopt18.sqm
2008-09-02 18:43 . 2008-09-02 18:43 268 --ah----- C:\sqmdata17.sqm
2008-09-02 18:43 . 2008-09-02 18:43 244 --ah----- C:\sqmnoopt17.sqm
2008-09-02 17:18 . 2008-09-02 17:18 268 --ah----- C:\sqmdata16.sqm
2008-09-02 17:18 . 2008-09-02 17:18 244 --ah----- C:\sqmnoopt16.sqm
2008-08-28 12:25 . 2008-08-28 12:26 <DIR> d-------- C:\NSS
2008-08-28 11:07 . 2008-08-28 13:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56 . 2008-08-28 10:56 <DIR> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 15:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-26 15:13 --------- d-----w C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-22 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-22 16:57 --------- d-----w C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-21 01:53 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-20 05:14 603,290 --sha-w C:\WINDOWS\system32\XEOnonpo.ini2
2008-09-02 16:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-02 16:58 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-28 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 15:45 --------- d-----w C:\Program Files\NewTech Infosystems
2008-08-28 15:44 --------- d-----w C:\Program Files\palmOne
2008-08-28 15:42 --------- d-----w C:\Program Files\TELUS eCare
2008-08-21 16:50 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-31 19:03 4,492 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-25 04:05 164 ----a-w C:\install.dat
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-04 20:53 60,968 ----a-w C:\Documents and Settings\Jason\GoToAssistDownloadHelper.exe
2007-03-05 21:42 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-03 19:46 23,552 ----a-w C:\Program Files\mozilla firefox\plugins\DrvMgt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-25_14.33.34.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-25 20:27:47 224,363 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-26 15:58:35 224,366 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-26 15:57:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat
+ 2008-09-26 15:58:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f70.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-11 180269]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 45056]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-08-10 28672]
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe [2008-05-06 180313]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SHARP\\Printer Status Monitor\\Smon.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 DLPORTIO;DLPORTIO;C:\WINDOWS\DLPORTIO.sys [2008-05-18 3584]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 78208]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 09:58:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
.
**************************************************************************
.
Completion time: 2008-09-26 10:08:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 16:08:27
ComboFix2.txt 2008-09-25 20:34:44

Pre-Run: 28,946,723,840 bytes free
Post-Run: 28,913,104,896 bytes free

209 --- E O F --- 2008-09-21 20:19:51





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 16:59:20
Records in database: 1263761
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 70835
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:32:39


File name / Threat name / Threats count
C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nghrthtn.dll.vir Infected: Trojan.Win32.Monderb.lvo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wpuybses.dll.vir Infected: Trojan.Win32.Monderb.lvo 1

The selected area was scanned.




Logfile of random's system information tool 1.02 (written by random/random)
Run by Jason at 2008-09-26 12:26:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (61%) free of 45 GB
Total RAM: 502 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:41 PM, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10313 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-11 180269]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 5367664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2008-01-04 219504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SHARP\Printer Status Monitor\Smon.exe"="C:\Program Files\SHARP\Printer Status Monitor\Smon.exe:*:Enabled:smon"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-09-26 12:23:49 ----SHD---- C:\RECYCLER
2008-09-26 10:08:39 ----A---- C:\ComboFix.txt
2008-09-25 14:14:04 ----A---- C:\Boot.bak
2008-09-25 14:13:54 ----D---- C:\cmdcons
2008-09-25 14:12:46 ----D---- C:\WINDOWS\erdnt
2008-09-25 14:11:18 ----D---- C:\QooBox
2008-09-25 14:11:11 ----A---- C:\WINDOWS\zip.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\sed.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\grep.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\fdsv.exe
2008-09-24 09:57:12 ----D---- C:\rsit
2008-09-22 13:38:53 ----D---- C:\Program Files\ESET
2008-09-22 13:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23:36 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-21 14:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-20 23:58:15 ----D---- C:\WINDOWS\Prefetch
2008-09-20 23:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 23:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 23:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 23:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 23:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 23:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 23:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 23:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 23:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 23:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 23:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 22:51:18 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 22:50:56 ----D---- C:\WINDOWS\l2schemas
2008-09-20 22:50:43 ----D---- C:\WINDOWS\system32\en
2008-09-20 22:50:34 ----D---- C:\WINDOWS\system32\bits
2008-09-20 22:16:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 21:27:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 20:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 20:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 20:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 20:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 20:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 19:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 19:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-20 19:23:55 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-20 19:23:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 19:23:17 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 19:23:14 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 19:23:07 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 19:23:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 19:23:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 19:22:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 19:22:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 19:22:53 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-20 19:22:48 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 19:22:42 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 19:22:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 19:22:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-20 19:21:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 19:21:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 19:21:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 19:21:22 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 19:21:12 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 19:21:01 ----A---- C:\WINDOWS\003173_.tmp
2008-09-20 19:21:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 19:20:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 19:20:41 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 19:20:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 19:20:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 19:20:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 19:20:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:20:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 19:20:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 16:22:39 ----D---- C:\Program Files\Lavasoft
2008-09-20 16:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 17:49:53 ----D---- C:\Program Files\Trend Micro
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:53:58 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-08-28 12:25:38 ----D---- C:\NSS
2008-08-28 11:07:26 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56:15 ----D---- C:\Program Files\MSXML 6.0
2008-08-27 14:51:51 ----SHD---- C:\WINDOWS\CSC
2008-08-21 16:21:06 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-08-21 10:50:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-21 10:41:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:50:39 ----A---- C:\WINDOWS\system32\tmp.txt
2008-07-31 12:50:37 ----A---- C:\rapport.txt
2008-07-24 17:49:52 ----A---- C:\WINDOWS\system32\WRLogonNtf.dll
2008-07-24 17:43:07 ----A---- C:\WINDOWS\system32\wrlzma.dll
2008-07-24 17:43:03 ----A---- C:\WINDOWS\system32\ssiefr.EXE
2008-07-24 17:43:02 ----A---- C:\WINDOWS\WRSetup.dll
2008-07-24 17:43:00 ----D---- C:\Documents and Settings\Jason\Application Data\Webroot
2008-07-24 17:42:59 ----D---- C:\Program Files\Webroot
2008-07-24 17:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 16:54:45 ----D---- C:\Documents and Settings\Jason\Application Data\ErrorSmart
2008-07-24 14:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-07-24 11:37:17 ----ASH---- C:\WINDOWS\system32\rwiopccp.ini
2008-07-23 11:35:58 ----ASH---- C:\WINDOWS\system32\eexsoosr.ini
2008-07-22 09:02:46 ----ASH---- C:\WINDOWS\system32\ccuheruv.ini
2008-07-21 14:02:54 ----ASH---- C:\WINDOWS\system32\etfgylgr.ini
2008-07-21 14:02:07 ----A---- C:\WINDOWS\system32\3711eebd-.txt
2008-07-21 14:00:24 ----ASH---- C:\WINDOWS\system32\XEOnonpo.ini2
2008-07-21 12:10:57 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-07-21 12:10:55 ----D---- C:\Program Files\Roxio
2008-07-18 10:10:16 ----D---- C:\Documents and Settings\Jason\Application Data\Roxio
2008-07-18 10:01:41 ----D---- C:\Documents and Settings\Jason\Application Data\Research In Motion
2008-07-18 09:39:15 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-18 09:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-18 09:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-18 09:31:52 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-07-18 09:22:44 ----D---- C:\Documents and Settings\Jason\Application Data\Blackberry Desktop
2008-07-18 09:21:13 ----D---- C:\Program Files\Common Files\Research In Motion
2008-07-18 09:20:05 ----D---- C:\Program Files\Research In Motion
2008-07-18 08:56:01 ----SHD---- C:\WINDOWS\ftpcache
2008-07-09 08:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-02 11:46:19 ----D---- C:\Program Files\Stardock
2008-07-02 11:46:15 ----D---- C:\Program Files\Common Files\Stardock

======List of files/folders modified in the last 3 months======

2008-09-26 12:22:50 ----D---- C:\WINDOWS\Temp
2008-09-26 12:20:08 ----D---- C:\Program Files\Mozilla Firefox
2008-09-26 10:08:57 ----AD---- C:\WINDOWS\system32
2008-09-26 10:08:56 ----AD---- C:\WINDOWS\system32\drivers
2008-09-26 10:08:45 ----AD---- C:\WINDOWS
2008-09-26 10:03:02 ----A---- C:\WINDOWS\win.ini
2008-09-26 10:01:52 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-26 09:59:25 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 09:58:08 ----A---- C:\WINDOWS\system.ini
2008-09-26 09:56:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 09:55:22 ----D---- C:\Program Files\Common Files
2008-09-26 09:55:21 ----D---- C:\WINDOWS\AppPatch
2008-09-26 09:13:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-26 09:13:14 ----D---- C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-25 14:20:51 ----D---- C:\WINDOWS\system32\config
2008-09-25 14:17:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-25 14:14:04 ----RASH---- C:\boot.ini
2008-09-24 04:16:06 ----HD---- C:\WINDOWS\inf
2008-09-23 22:24:49 ----A---- C:\WINDOWS\hpbafd.ini
2008-09-23 10:14:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-23 08:55:17 ----D---- C:\WINDOWS\Help
2008-09-22 15:46:21 ----RD---- C:\Program Files
2008-09-22 13:40:06 ----SHD---- C:\WINDOWS\Installer
2008-09-22 13:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 11:13:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-22 10:57:03 ----D---- C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-22 10:22:49 ----D---- C:\WINDOWS\system32\wbem
2008-09-22 10:22:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-21 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 00:02:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-21 00:00:09 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 23:57:04 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 23:57:00 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 23:32:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-20 23:31:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:24:43 ----AD---- C:\i386
2008-09-20 23:24:07 ----D---- C:\WINDOWS\security
2008-09-20 23:20:52 ----D---- C:\Program Files\Messenger
2008-09-20 23:02:31 ----D---- C:\WINDOWS\WinSxS
2008-09-20 22:56:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 22:56:29 ----D---- C:\WINDOWS\ime
2008-09-20 22:51:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 22:51:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 22:50:33 ----D---- C:\WINDOWS\PeerNet
2008-09-20 22:50:27 ----D---- C:\Program Files\Movie Maker
2008-09-20 22:11:46 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 22:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-20 22:11:42 ----D---- C:\WINDOWS\mui
2008-09-20 22:11:13 ----D---- C:\WINDOWS\msagent
2008-09-20 22:10:48 ----D---- C:\WINDOWS\srchasst
2008-09-20 22:09:36 ----D---- C:\Program Files\NetMeeting
2008-09-20 22:09:05 ----D---- C:\WINDOWS\system32\Com
2008-09-20 22:08:29 ----D---- C:\Program Files\Windows Media Player
2008-09-20 22:08:18 ----D---- C:\Program Files\Windows NT
2008-09-20 22:08:16 ----D---- C:\Program Files\Outlook Express
2008-09-20 22:07:23 ----D---- C:\Program Files\Common Files\System
2008-09-20 22:04:28 ----AD---- C:\WINDOWS\system32\oobe
2008-09-20 22:04:21 ----AD---- C:\WINDOWS\system
2008-09-20 21:40:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 21:20:36 ----D---- C:\WINDOWS\ehome
2008-09-20 20:05:30 ----D---- C:\Program Files\Internet Explorer
2008-09-20 20:05:12 ----D---- C:\WINDOWS\ie7updates
2008-09-20 19:53:18 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-19 23:05:09 ----A---- C:\WINDOWS\wininit.ini
2008-09-19 08:55:31 ----SHD---- C:\System Volume Information
2008-08-28 10:45:03 ----D---- C:\WINDOWS\Debug
2008-08-28 09:46:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-28 09:45:57 ----D---- C:\Program Files\NewTech Infosystems
2008-08-28 09:44:31 ----D---- C:\Program Files\palmOne
2008-08-28 09:42:57 ----D---- C:\Program Files\TELUS eCare
2008-08-28 09:41:13 ----D---- C:\WINDOWS\Motive
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-25 09:10:16 ----D---- C:\WINDOWS\Minidump
2008-08-21 08:14:13 ----SD---- C:\WINDOWS\Tasks
2008-08-20 10:57:00 ----D---- C:\WINDOWS\Registration
2008-07-24 09:50:52 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 09:32:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-07 14:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-06 21275]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DLPORTIO;DLPORTIO; \??\C:\WINDOWS\DLPORTIO.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-10 6144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; C:\WINDOWS\system32\drivers\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; C:\WINDOWS\system32\drivers\eLock2FSCTLDriver.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-20 611664]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.02 2008-09-26 12:28:44

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Acoustica MP3 CD Burner-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
Canon PIXMA iP3000-->C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Documents To Go-->MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
Printer Status Monitor Version 4.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SHARP\Printer Status Monitor\Uninst.isu"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SHARP MX-2300/2700/3500/4500 Series PCL/PS Printer Driver-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\usn0.isu -cC:\WINDOWS\system32\usn0.dll
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 26 September 2008 - 02:01 PM

Hi again.

Fix HijackThis Entries
  • Double click the HijackThis icon on your desktop.
  • Close all other open windows.
  • Select Do a System Scan Only.
  • To the left of each entry you will see a box.Put a checkmark next to the following entries:


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


    If you no longer see some of the entries, don't worry. It is possible that the uninstaller or removal tool already took care of it. If it is marked " (file missing) ", put a check mark next to its box anyways.
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • Close HijackThis.

Update Java to Version 6 Update 7

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
The older version of java that needs to be removed are:
  • J2SE Runtime Environment 5.0 Update 10
  • J2SE Runtime Environment 5.0 Update 11
  • J2SE Runtime Environment 5.0 Update 3
  • J2SE Runtime Environment 5.0 Update 6
  • J2SE Runtime Environment 5.0 Update 9
  • Java™ 6 Update 3
  • Java™ 6 Update 5Java™ 6 Update 6-
-----------------------------------------------------
Please post back with the fresh RSIT logs.

Any Problems left?
If so please tell me in your next reply.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Maverick99

Maverick99
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 26 September 2008 - 05:03 PM

ok i did as instructed and also did another Kapersky scan, still says infected (in quarantine?). here is the Kapersky log followed by RSIT logs:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, September 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 26, 2008 20:07:23
Records in database: 1264047
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 66885
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:18:36


File name / Threat name / Threats count
C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nghrthtn.dll.vir Infected: Trojan.Win32.Monderb.lvo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wpuybses.dll.vir Infected: Trojan.Win32.Monderb.lvo 1

The selected area was scanned.



Logfile of random's system information tool 1.02 (written by random/random)
Run by Jason at 2008-09-26 15:56:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (62%) free of 45 GB
Total RAM: 502 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:11 PM, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0BCADE60-1E93-11D8-ABDA-0004759647B3} (FastBid1 Class) - http://www.bxwa.com/fastbid/fastbidx1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {32322460-3E7D-11D7-ABD8-0001029A9BA6} (FastBid2 Class) - http://www.bxwa.com/fastbid/fastbidx2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jasonwnorton.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/realarcade-webgam...nerDashTums.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10182 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"Acer ePresentation HPD"=C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [2006-03-31 204800]
"ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-04-04 421888]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-04-28 401408]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-11 180269]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 5367664]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Printer Status Monitor.lnk - C:\Program Files\SHARP\Printer Status Monitor\Smon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2008-01-04 219504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SHARP\Printer Status Monitor\Smon.exe"="C:\Program Files\SHARP\Printer Status Monitor\Smon.exe:*:Enabled:smon"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-09-26 13:43:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-26 13:43:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-26 13:43:06 ----A---- C:\WINDOWS\system32\java.exe
2008-09-26 13:39:41 ----D---- C:\Program Files\Common Files\Java
2008-09-26 12:23:49 ----SHD---- C:\RECYCLER
2008-09-26 10:08:39 ----A---- C:\ComboFix.txt
2008-09-25 14:14:04 ----A---- C:\Boot.bak
2008-09-25 14:13:54 ----D---- C:\cmdcons
2008-09-25 14:12:46 ----D---- C:\WINDOWS\erdnt
2008-09-25 14:11:18 ----D---- C:\QooBox
2008-09-25 14:11:11 ----A---- C:\WINDOWS\zip.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\sed.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\grep.exe
2008-09-25 14:11:11 ----A---- C:\WINDOWS\fdsv.exe
2008-09-24 09:57:12 ----D---- C:\rsit
2008-09-22 13:38:53 ----D---- C:\Program Files\ESET
2008-09-22 13:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-22 11:23:36 ----D---- C:\Program Files\EsetOnlineScanner
2008-09-21 14:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-20 23:58:15 ----D---- C:\WINDOWS\Prefetch
2008-09-20 23:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 23:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 23:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 23:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 23:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 23:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 23:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 23:21:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 23:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 23:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 23:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 22:51:18 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 22:50:56 ----D---- C:\WINDOWS\l2schemas
2008-09-20 22:50:43 ----D---- C:\WINDOWS\system32\en
2008-09-20 22:50:34 ----D---- C:\WINDOWS\system32\bits
2008-09-20 22:16:09 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 21:27:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 20:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-09-20 20:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-09-20 20:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-20 20:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-09-20 20:06:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-20 20:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-09-20 20:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-09-20 19:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-20 19:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-20 19:23:55 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-20 19:23:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-20 19:23:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 19:23:33 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 19:23:17 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 19:23:14 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 19:23:12 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 19:23:07 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 19:23:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 19:23:00 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 19:22:57 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 19:22:56 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 19:22:55 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 19:22:53 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-20 19:22:48 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 19:22:42 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 19:22:31 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 19:22:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 19:22:05 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 19:22:04 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 19:22:00 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-20 19:21:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 19:21:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 19:21:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 19:21:43 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 19:21:22 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 19:21:12 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 19:21:01 ----A---- C:\WINDOWS\003173_.tmp
2008-09-20 19:21:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 19:20:56 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 19:20:50 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 19:20:48 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 19:20:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 19:20:41 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 19:20:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 19:20:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 19:20:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 19:20:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 19:20:19 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 19:20:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-20 16:22:39 ----D---- C:\Program Files\Lavasoft
2008-09-20 16:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-20 16:21:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 17:49:53 ----D---- C:\Program Files\Trend Micro
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2008-09-06 16:54:07 ----A---- C:\WINDOWS\system32\libusbd-9x.exe
2008-09-06 16:53:58 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-08-28 12:25:38 ----D---- C:\NSS
2008-08-28 11:07:26 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-28 10:56:15 ----D---- C:\Program Files\MSXML 6.0
2008-08-27 14:51:51 ----SHD---- C:\WINDOWS\CSC
2008-08-21 16:21:06 ----D---- C:\WINDOWS\system32\N360_BACKUP
2008-08-21 10:50:58 ----D---- C:\Program Files\Windows Sidebar
2008-08-21 10:41:32 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:50:39 ----A---- C:\WINDOWS\system32\tmp.txt
2008-07-31 12:50:37 ----A---- C:\rapport.txt
2008-07-24 17:49:52 ----A---- C:\WINDOWS\system32\WRLogonNtf.dll
2008-07-24 17:43:07 ----A---- C:\WINDOWS\system32\wrlzma.dll
2008-07-24 17:43:03 ----A---- C:\WINDOWS\system32\ssiefr.EXE
2008-07-24 17:43:02 ----A---- C:\WINDOWS\WRSetup.dll
2008-07-24 17:43:00 ----D---- C:\Documents and Settings\Jason\Application Data\Webroot
2008-07-24 17:42:59 ----D---- C:\Program Files\Webroot
2008-07-24 17:42:59 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-24 16:54:45 ----D---- C:\Documents and Settings\Jason\Application Data\ErrorSmart
2008-07-24 14:26:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-07-24 11:37:17 ----ASH---- C:\WINDOWS\system32\rwiopccp.ini
2008-07-23 11:35:58 ----ASH---- C:\WINDOWS\system32\eexsoosr.ini
2008-07-22 09:02:46 ----ASH---- C:\WINDOWS\system32\ccuheruv.ini
2008-07-21 14:02:54 ----ASH---- C:\WINDOWS\system32\etfgylgr.ini
2008-07-21 14:02:07 ----A---- C:\WINDOWS\system32\3711eebd-.txt
2008-07-21 14:00:24 ----ASH---- C:\WINDOWS\system32\XEOnonpo.ini2
2008-07-21 12:10:57 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-07-21 12:10:55 ----D---- C:\Program Files\Roxio
2008-07-18 10:10:16 ----D---- C:\Documents and Settings\Jason\Application Data\Roxio
2008-07-18 10:01:41 ----D---- C:\Documents and Settings\Jason\Application Data\Research In Motion
2008-07-18 09:39:15 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-18 09:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-18 09:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-07-18 09:31:52 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-07-18 09:22:44 ----D---- C:\Documents and Settings\Jason\Application Data\Blackberry Desktop
2008-07-18 09:21:13 ----D---- C:\Program Files\Common Files\Research In Motion
2008-07-18 09:20:05 ----D---- C:\Program Files\Research In Motion
2008-07-18 08:56:01 ----SHD---- C:\WINDOWS\ftpcache
2008-07-09 08:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-02 11:46:19 ----D---- C:\Program Files\Stardock
2008-07-02 11:46:15 ----D---- C:\Program Files\Common Files\Stardock

======List of files/folders modified in the last 3 months======

2008-09-26 15:36:23 ----D---- C:\WINDOWS\Temp
2008-09-26 13:43:40 ----D---- C:\Program Files\Mozilla Firefox
2008-09-26 13:43:11 ----SHD---- C:\WINDOWS\Installer
2008-09-26 13:43:06 ----AD---- C:\WINDOWS\system32
2008-09-26 13:43:02 ----D---- C:\Program Files\Java
2008-09-26 13:39:46 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-26 13:39:41 ----D---- C:\Program Files\Common Files
2008-09-26 13:37:33 ----A---- C:\WINDOWS\win.ini
2008-09-26 13:36:34 ----AD---- C:\WINDOWS
2008-09-26 13:36:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 13:34:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 10:08:56 ----AD---- C:\WINDOWS\system32\drivers
2008-09-26 09:58:08 ----A---- C:\WINDOWS\system.ini
2008-09-26 09:55:21 ----D---- C:\WINDOWS\AppPatch
2008-09-26 09:13:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-26 09:13:14 ----D---- C:\Documents and Settings\Jason\Application Data\AdobeUM
2008-09-25 14:20:51 ----D---- C:\WINDOWS\system32\config
2008-09-25 14:17:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-25 14:14:04 ----RASH---- C:\boot.ini
2008-09-24 04:16:06 ----HD---- C:\WINDOWS\inf
2008-09-23 22:24:49 ----A---- C:\WINDOWS\hpbafd.ini
2008-09-23 10:14:03 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-09-23 08:55:17 ----D---- C:\WINDOWS\Help
2008-09-22 15:46:21 ----RD---- C:\Program Files
2008-09-22 13:36:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 11:13:50 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-22 10:57:03 ----D---- C:\Documents and Settings\Jason\Application Data\Symantec
2008-09-22 10:22:49 ----D---- C:\WINDOWS\system32\wbem
2008-09-22 10:22:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-21 13:27:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-21 00:02:31 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-21 00:00:09 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 23:57:04 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 23:57:00 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 23:32:29 ----A---- C:\WINDOWS\imsins.BAK
2008-09-20 23:31:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:24:43 ----AD---- C:\i386
2008-09-20 23:24:07 ----D---- C:\WINDOWS\security
2008-09-20 23:20:52 ----D---- C:\Program Files\Messenger
2008-09-20 23:02:31 ----D---- C:\WINDOWS\WinSxS
2008-09-20 22:56:35 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 22:56:29 ----D---- C:\WINDOWS\ime
2008-09-20 22:51:57 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 22:51:51 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 22:50:33 ----D---- C:\WINDOWS\PeerNet
2008-09-20 22:50:27 ----D---- C:\Program Files\Movie Maker
2008-09-20 22:11:46 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 22:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-20 22:11:42 ----D---- C:\WINDOWS\mui
2008-09-20 22:11:13 ----D---- C:\WINDOWS\msagent
2008-09-20 22:10:48 ----D---- C:\WINDOWS\srchasst
2008-09-20 22:09:36 ----D---- C:\Program Files\NetMeeting
2008-09-20 22:09:05 ----D---- C:\WINDOWS\system32\Com
2008-09-20 22:08:29 ----D---- C:\Program Files\Windows Media Player
2008-09-20 22:08:18 ----D---- C:\Program Files\Windows NT
2008-09-20 22:08:16 ----D---- C:\Program Files\Outlook Express
2008-09-20 22:07:23 ----D---- C:\Program Files\Common Files\System
2008-09-20 22:04:28 ----AD---- C:\WINDOWS\system32\oobe
2008-09-20 22:04:21 ----AD---- C:\WINDOWS\system
2008-09-20 21:40:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 21:20:36 ----D---- C:\WINDOWS\ehome
2008-09-20 20:05:30 ----D---- C:\Program Files\Internet Explorer
2008-09-20 20:05:12 ----D---- C:\WINDOWS\ie7updates
2008-09-20 19:53:18 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-19 23:05:09 ----A---- C:\WINDOWS\wininit.ini
2008-09-19 08:55:31 ----SHD---- C:\System Volume Information
2008-08-28 10:45:03 ----D---- C:\WINDOWS\Debug
2008-08-28 09:46:11 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-28 09:45:57 ----D---- C:\Program Files\NewTech Infosystems
2008-08-28 09:44:31 ----D---- C:\Program Files\palmOne
2008-08-28 09:42:57 ----D---- C:\Program Files\TELUS eCare
2008-08-28 09:41:13 ----D---- C:\WINDOWS\Motive
2008-08-26 13:28:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-25 09:10:16 ----D---- C:\WINDOWS\Minidump
2008-08-21 08:14:13 ----SD---- C:\WINDOWS\Tasks
2008-08-20 10:57:00 ----D---- C:\WINDOWS\Registration
2008-07-24 09:50:52 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 09:32:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-07-07 14:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-08-06 21275]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DLPORTIO;DLPORTIO; \??\C:\WINDOWS\DLPORTIO.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-04-10 6144]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; C:\WINDOWS\system32\drivers\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; C:\WINDOWS\system32\drivers\eLock2FSCTLDriver.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-22 1505792]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-20 611664]
R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-01-04 3572592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-22 405504]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-03-06 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-03-06 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-03-06 1108464]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-11-02 86016]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.02 2008-09-26 15:57:17

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 2.0.3076-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1033
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Acoustica MP3 CD Burner-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BlackBerry Desktop Software 4.5-->MsiExec.exe /i{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
BlackBerry Desktop Software 4.5-->MsiExec.exe /I{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}
Canon PIXMA iP3000-->C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Documents To Go-->MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE" -uninstall
Printer Status Monitor Version 4.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SHARP\Printer Status Monitor\Uninst.isu"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}
Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SHARP MX-2300/2700/3500/4500 Series PCL/PS Printer Driver-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\usn0.isu -cC:\WINDOWS\system32\usn0.dll
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 27 September 2008 - 07:44 AM

Hi again.

Do you have any more problems??

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
  • When shown the disclaimer, Select "2"
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hides file extensions and hidden/system files.
  • Clears System Restore cache and creates new restore point.
Log looks clean, great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Some Other Recommendations are:
  • MVPS Hosts file MVPS Hosts file prevents your computer from connecting to bad sites.
  • SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

    Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:


Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:


If you have no more problems then please tell us so, so this topic can be closed.

Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users