Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems


  • This topic is locked This topic is locked
24 replies to this topic

#1 needhelp2009

needhelp2009

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 17 February 2009 - 04:04 AM

IE is randomly opening windows.

Windows Update is giving me error 80080005.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Brian at 2:48:41.91 on Tue 02/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.943 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Weather Watcher\dl.exe
C:\Windows\system32\igfxext.exe
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\helppane.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
D:\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.neowin.net/
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {115adb45-6914-4bcf-89b0-d2e4f81c329a} - c:\windows\system32\seyejutu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [WeatherWatcher] c:\program files\weather watcher\ww.exe
uRun: [Google Update] "c:\users\brian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eDSMSNfix] c:\acer\empowering technology\eDSMSNfix.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [fopovulibe] Rundll32.exe "c:\windows\system32\tapurera.dll",s
mRun: [CPM1fadc551] Rundll32.exe "c:\windows\system32\tazusumo.dll",a
mRun: [1c9ef6cd] rundll32.exe "c:\windows\system32\japamogi.dll",b
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\windowsupdate
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: eNetHook.dll c:\windows\system32\tijisipu.dll c:\windows\system32\tazusumo.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tazusumo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\tazusumo.dll
SecurityProviders: credssp.dll, digeste.dll
LSA: Notification Packages = scecli c:\windows\system32\tijisipu.dll

============= SERVICES / DRIVERS ===============

R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-3-28 50688]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 UNINST2K;UNINST2K;c:\windows\system32\drivers\UNINST2K.SYS [2008-7-6 2204]

=============== Created Last 30 ================

2009-02-16 23:29 1,602,200 ---sh--- c:\windows\system32\igomapaj.ini
2009-02-11 16:08 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 16:08 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-11 16:08 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-11 16:08 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-11 16:08 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-11 16:08 11,264 a------- c:\windows\system32\icardres.dll
2009-02-11 16:08 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-11 16:08 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-11 15:59 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-11 15:59 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-11 15:59 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-11 15:58 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-11 15:58 83,968 a------- c:\windows\system32\mscories.dll
2009-02-11 15:56 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-11 15:56 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-11 15:56 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-11 15:56 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-11 15:56 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-10 20:42 827,392 a------- c:\windows\system32\wininet.dll
2009-02-10 20:42 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-05 16:26 26,061,930 a------- c:\users\brian\lecture.zip
2009-01-30 02:08 <DIR> --d----- c:\program files\Microsoft

==================== Find3M ====================

2009-02-16 23:28 109,568 a--sh--- c:\windows\system32\tazusumo.dll
2009-02-16 23:28 104,448 a--sh--- c:\windows\system32\japamogi.dll
2009-02-11 16:16 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-11 16:16 51,200 a------- c:\windows\inf\infpub.dat
2009-02-11 16:16 143,360 a------- c:\windows\inf\infstor.dat
2009-01-13 09:45 954,368 a------- c:\windows\system32\drivers\athr.sys
2008-12-14 00:20 520,192 a------- c:\windows\system32\Screen Saver.scr
2008-06-11 02:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-18 22:12 174 a--sh--- c:\program files\desktop.ini
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2005-02-26 23:16 29,528,064 a------- c:\users\brian\Manual.exe
2008-08-29 00:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-29 00:29 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-29 00:29 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
0000-00-00 00:00 72,192 a--sh--- c:\windows\system32\seyejutu.dll
0000-00-00 00:00 72,192 a--sh--- c:\windows\system32\tapurera.dll
0000-00-00 00:00 72,192 a--sh--- c:\windows\system32\tijisipu.dll

============= FINISH: 2:50:40.04 ===============

BC AdBot (Login to Remove)

 


#2 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 17 February 2009 - 03:01 PM

It seems my thread was lost over a period of many hours.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 18 February 2009 - 07:01 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 18 February 2009 - 06:45 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1776
Windows 6.0.6001 Service Pack 1

2/18/2009 4:06:53 PM
mbam-log-2009-02-18 (16-06-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195642
Time elapsed: 1 hour(s), 32 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 30
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 65

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\bugikede.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\fibibeme.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\gitanozu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\gizatato.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\hebarebi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\japamogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\javigolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\jesoreli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\kafivawu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\labovoyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\lawupiwi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\lefabali.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\neyanivi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\nomehera.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\nuburizi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\peweriwa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\piliwuwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\powipomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\pubuhori.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\puranave.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\rayumahu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\retubepu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\sasanaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\tubemegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\vodonuji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\zufawujo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\tijisipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\tapurera.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\seyejutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\bohesoye.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{115adb45-6914-4bcf-89b0-d2e4f81c329a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{115adb45-6914-4bcf-89b0-d2e4f81c329a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{115adb45-6914-4bcf-89b0-d2e4f81c329a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c9ef6cd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fopovulibe (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tijisipu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tijisipu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tijisipu.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\bohesoye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\eyosehob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\bugikede.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\edekigub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fibibeme.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\emebibif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gitanozu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\uzonatig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\gizatato.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\otatazig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\hebarebi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\iberabeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\japamogi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\igomapaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\javigolu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ulogivaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\jesoreli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ilerosej.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kafivawu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\uwavifak.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\labovoyu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\uyovobal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lawupiwi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\iwipuwal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lefabali.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ilabafel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\neyanivi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ivinayen.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nomehera.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\arehemon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nuburizi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\izirubun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\peweriwa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\awirewep.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\piliwuwo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\owuwilip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\powipomu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\umopiwop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pubuhori.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\irohubup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\puranave.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\evanarup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rayumahu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\uhamuyar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\retubepu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\upebuter.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sasanaye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\eyanasas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tubemegi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\igemebut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vodonuji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ijunodov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zufawujo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\ojuwafuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tapurera.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\seyejutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\tijisipu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Windows\System32\fimagose.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fuwopizo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nehebime.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\peyumazi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lafibedi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zidifime.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

#5 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 18 February 2009 - 06:48 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Brian at 2009-02-18 17:40:45
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 18 GB (25%) free of 72 GB
Total RAM: 2037 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:58 PM, on 2/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neowin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9448 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231840619-4253572256-1827901034-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-13 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-07 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-16 815104]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"eDSMSNfix"=C:\Acer\Empowering Technology\eDSMSNfix.exe [2007-02-08 13312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-16 144792]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-01-11 483328]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe [2007-05-12 1036288]
"Google Update"=C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2007-11-20 731136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewal]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84dc0ec-5fa1-11dd-aa87-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93fb2c2-c3b5-11dd-a0e7-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\zuwakebu.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\zikejefu.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\yufudiyo.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\yopajisa.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\yilelozi.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\yelepoje.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\wulijubu.dll
42312-72-65535 01:00:46136 ----ASH---- C:\Windows\system32\wogibisu.dll
42312-72-65535 01:00:46120 ----ASH---- C:\Windows\system32\wikekoki.dll
42312-72-65535 01:00:46104 ----ASH---- C:\Windows\system32\wapesave.dll
42312-72-65535 01:00:46104 ----ASH---- C:\Windows\system32\tuhifigu.dll
42312-72-65535 01:00:46088 ----ASH---- C:\Windows\system32\tazusumo.dll
42312-72-65535 01:00:46088 ----ASH---- C:\Windows\system32\sinotebe.dll
42312-72-65535 01:00:46072 ----ASH---- C:\Windows\system32\rohuzoka.dll
42312-72-65535 01:00:46072 ----ASH---- C:\Windows\system32\rividuwu.dll
42312-72-65535 01:00:46072 ----ASH---- C:\Windows\system32\rekideti.dll
42312-72-65535 01:00:46072 ----ASH---- C:\Windows\system32\pevadino.dll
42312-72-65535 01:00:46056 ----ASH---- C:\Windows\system32\pazumubu.dll
42312-72-65535 01:00:46056 ----ASH---- C:\Windows\system32\nozaraju.dll
42312-72-65535 01:00:46040 ----ASH---- C:\Windows\system32\novukozu.dll
42312-72-65535 01:00:46040 ----ASH---- C:\Windows\system32\nopemako.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\lunehotu.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\lobanofu.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\lisifili.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\lezetezi.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\lajenoka.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kulofani.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kudidomo.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kofurezo.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kofidelu.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kidayomo.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kawodugi.dll
42312-72-65535 01:00:46008 ----ASH---- C:\Windows\system32\kajigofi.dll
42312-72-65535 01:00:45992 ----ASH---- C:\Windows\system32\jewukujo.dll
42312-72-65535 01:00:45992 ----ASH---- C:\Windows\system32\jehifipe.dll
42312-72-65535 01:00:45976 ----ASH---- C:\Windows\system32\hoduwama.dll
42312-72-65535 01:00:45976 ----ASH---- C:\Windows\system32\hasaneya.dll
42312-72-65535 01:00:45976 ----ASH---- C:\Windows\system32\gunulizu.dll
42312-72-65535 01:00:45960 ----ASH---- C:\Windows\system32\gubagedu.dll
42312-72-65535 01:00:45960 ----ASH---- C:\Windows\system32\gipupiro.dll
42312-72-65535 01:00:45960 ----ASH---- C:\Windows\system32\gayezove.dll
42312-72-65535 01:00:45960 ----ASH---- C:\Windows\system32\fowukoho.dll
42312-72-65535 01:00:45960 ----ASH---- C:\Windows\system32\fovufane.dll
42312-72-65535 01:00:45912 ----ASH---- C:\Windows\system32\desevewo.dll
42312-72-65535 01:00:45880 ----ASH---- C:\Windows\system32\befemezi.dll
2009-02-18 17:40:45 ----D---- C:\rsit
2009-02-11 16:08:36 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 16:08:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardres.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardagt.exe
2009-02-11 16:08:31 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-11 16:08:29 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-11 15:59:07 ----A---- C:\Windows\system32\dfshim.dll
2009-02-11 15:59:03 ----A---- C:\Windows\system32\mscoree.dll
2009-02-11 15:59:01 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-11 15:58:43 ----A---- C:\Windows\system32\mscorier.dll
2009-02-11 15:58:34 ----A---- C:\Windows\system32\mscories.dll
2009-02-11 15:56:45 ----A---- C:\Windows\system32\EncDec.dll
2009-02-11 15:56:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-10 20:42:47 ----A---- C:\Windows\system32\mshtml.dll
2009-02-10 20:42:46 ----A---- C:\Windows\system32\ieframe.dll
2009-02-10 20:42:44 ----A---- C:\Windows\system32\urlmon.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\wininet.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\mstime.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\iertutil.dll
2009-01-30 02:16:16 ----D---- C:\Program Files\QuickTime
2009-01-30 02:15:30 ----SHD---- C:\Config.Msi
2009-01-30 02:08:24 ----D---- C:\Program Files\Microsoft
2009-01-05 19:31:57 ----D---- C:\Program Files\Free RM to AVI Converter Splitter
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files\xing shared
2008-12-28 03:52:51 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\ProgramData\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-22 22:07:36 ----SHD---- C:\Temporary Internet Files
2008-12-22 02:31:32 ----D---- C:\Users\Brian\AppData\Roaming\Salling Software AB
2008-12-22 02:31:22 ----D---- C:\ProgramData\eSellerate
2008-12-22 02:30:10 ----D---- C:\Program Files\Salling Software AB
2008-12-22 02:29:54 ----A---- C:\Windows\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini
2008-12-21 22:52:04 ----D---- C:\ProgramData\OrbNetworks
2008-12-21 22:51:52 ----D---- C:\Program Files\Orb Networks
2008-12-17 14:05:20 ----D---- C:\Users\Brian\AppData\Roaming\XDAPPCFB
2008-12-14 22:59:21 ----A---- C:\Windows\system32\tzres.dll
2008-12-09 12:54:25 ----A---- C:\Windows\system32\shell32.dll
2008-12-09 12:54:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-09 12:54:01 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-09 12:53:57 ----A---- C:\Windows\system32\gdi32.dll
2008-12-09 12:53:54 ----A---- C:\Windows\explorer.exe
2008-12-09 12:53:34 ----A---- C:\Windows\system32\mf.dll
2008-12-09 12:53:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-09 12:53:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-09 12:53:31 ----A---- C:\Windows\system32\logagent.exe
2008-11-26 13:00:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 13:00:25 ----A---- C:\Windows\system32\connect.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wups.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuapp.exe
2008-11-24 02:03:27 ----D---- C:\ProgramData\acccore

======List of files/folders modified in the last 3 months======

2009-02-18 17:40:46 ----D---- C:\Windows\Temp
2009-02-18 17:38:21 ----D---- C:\Program Files\Weather Watcher
2009-02-18 17:37:28 ----D---- C:\Windows\system32\drivers
2009-02-18 17:37:28 ----D---- C:\Windows\System32
2009-02-18 17:35:05 ----D---- C:\ProgramData\Soulseek
2009-02-18 17:33:50 ----D---- C:\mirc
2009-02-18 17:06:26 ----D---- C:\My Shared Folder
2009-02-18 14:28:03 ----A---- C:\Windows\WCEODBC.INI
2009-02-18 11:25:58 ----D---- C:\ProgramData\Google Updater
2009-02-17 02:55:50 ----SHD---- C:\System Volume Information
2009-02-17 02:38:10 ----D---- C:\Windows\inf
2009-02-17 02:38:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-16 23:44:52 ----D---- C:\Windows\Prefetch
2009-02-15 02:39:55 ----D---- C:\Windows\Microsoft.NET
2009-02-15 02:39:44 ----RSD---- C:\Windows\assembly
2009-02-15 02:00:18 ----D---- C:\Windows\rescache
2009-02-15 01:56:37 ----D---- C:\Windows\winsxs
2009-02-15 01:44:14 ----D---- C:\Windows\system32\catroot
2009-02-15 01:39:50 ----D---- C:\Windows\ehome
2009-02-15 01:39:50 ----D---- C:\Program Files\Windows Mail
2009-02-15 01:39:46 ----D---- C:\Windows\system32\XPSViewer
2009-02-15 01:39:46 ----D---- C:\Windows\system32\wbem
2009-02-15 01:39:46 ----D---- C:\Windows\system32\en-US
2009-02-11 16:19:47 ----D---- C:\Windows
2009-02-11 16:15:37 ----SHD---- C:\Windows\Installer
2009-02-11 16:11:39 ----D---- C:\Windows\system32\catroot2
2009-02-11 08:06:38 ----D---- C:\Windows\Tasks
2009-02-04 18:09:24 ----A---- C:\Windows\avisplitter.INI
2009-01-30 02:16:16 ----RD---- C:\Program Files
2009-01-30 02:15:50 ----D---- C:\Program Files\Common Files\Apple
2009-01-30 02:07:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-01-23 01:32:07 ----D---- C:\MyWorks
2009-01-19 00:46:17 ----SD---- C:\Windows\Downloaded Program Files
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files
2009-01-05 19:27:34 ----D---- C:\Program Files\Common Files\Real
2009-01-05 19:27:26 ----A---- C:\Windows\system32\rmoc3260.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5032.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5016.dll
2009-01-05 19:27:02 ----A---- C:\Windows\system32\pncrt.dll
2008-12-28 03:52:43 ----HD---- C:\ProgramData
2008-12-24 20:35:27 ----D---- C:\Windows\WindowsMobile
2008-12-23 16:26:01 ----D---- C:\Windows\system32\Tasks
2008-12-23 00:00:30 ----D---- C:\Windows\AppPatch
2008-12-22 02:28:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 23:06:03 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 20:22:59 ----D---- C:\Program Files\Wireshark
2008-12-09 20:22:52 ----D---- C:\Program Files\WinPcap
2008-12-04 00:58:00 ----D---- C:\Unzipped
2008-11-30 23:21:59 ----D---- C:\Users\Brian\AppData\Roaming\dvdcss
2008-11-29 23:15:33 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
2008-11-26 20:54:45 ----D---- C:\Program Files\Winamp
2008-11-26 20:54:12 ----D---- C:\Users\Brian\AppData\Roaming\Winamp
2008-11-24 02:04:45 ----D---- C:\Program Files\AIM6
2008-11-24 02:03:37 ----D---- C:\Program Files\Viewpoint
2008-11-24 02:03:33 ----D---- C:\ProgramData\Viewpoint
2008-11-23 19:09:32 ----D---- C:\ProgramData\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-04 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-01-11 21264]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2007-12-03 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-28 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-16 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-05 168448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 UNINST2K;UNINST2K; \??\C:\Windows\system32\Drivers\UNINST2K.SYS [2000-11-15 2204]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-18 17:41:01

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Agere Systems HDA Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe
BlogTorrent beta-0.91-->"C:\Program Files\BlogTorrent\uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BPM-Studio 4 Profi-->C:\Windows\uninst.exe -f"C:\Program Files\ALCATech\BPM-Studio Profi\DeIsL2.isu"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
DATAFAB Media Reader-->C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\DATAFAB\MEDIAR~1\Dfusbpdr.ISU -cC:\PROGRA~1\DATAFAB\MEDIAR~1\ONUNINST.DLL
Dexter Screen Saver-->C:\Windows\system32\Dexter Screen Saver.scr /u
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD43 v4.0.0-->"C:\Program Files\dvd43\unins000.exe"
Free RM to AVI Converter Splitter v2.0-->"C:\Program Files\Free RM to AVI Converter Splitter\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
Indeo® Software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
K-Lite Codec Pack 3.7.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->C:\mirc\uninstall.exe _?=C:\mirc
Move Networks Media Player for Internet Explorer-->C:\Users\Brian\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPublisher-->C:\Program Files\MyPublisher\MyPublisher\MyPublisher.exe -uninstall
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NTREGOPT 1.1j-->"C:\Program Files\NT Registry Optimizer\unins000.exe"
Orb-->"C:\Program Files\Orb Networks\Orb\uninstall.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Redwall Screensaver Setup-->C:\Program Files\Redwall Screensaver Setup\uninstall.exe
River Past Video Cleaner-->C:\Windows\Video Cleaner Uninstaller.exe
Salling Clicker for WM5 Pocket PC-->C:\Windows\WindowsMobile\Salling Clicker for WM5 Pocket PC\Uninstall.exe Salling Clicker for WM5 Pocket PC
Salling Clicker-->MsiExec.exe /X{2158ED55-19D1-4C0C-B213-5EFF748248AC}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic Foundry ACID 4.0-->MsiExec.exe /I{2A38B5AA-EA84-4F87-9937-2FB23982243A}
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SOTI Pocket Controller-Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL
SoulSeek 157 NS 13-->"C:\Program Files\SoulseekNS\uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TagScanner 5.0 build 515b-->"C:\Program Files\TagScanner\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual CE Runtime 10.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1F45160-C9EB-4690-8B8D-4C495B37A89E}\setup.exe" -l0x9 -removeonly
Weather Watcher-->"C:\Program Files\Weather Watcher\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.0.4-->"C:\Program Files\Wireshark\uninstall.exe"
zaDesktop-->C:\Windows\WindowsMobile\zaDesktop\Uninstall.exe zaDesktop

=====HijackThis Backups=====

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll (file missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

======Security center information======

AS: Windows Defender

System event log

Computer Name: Home
Event Code: 7036
Message: The KtmRm for Distributed Transaction Coordinator service entered the running state.
Record Number: 148732
Source Name: Service Control Manager
Time Written: 20090218234032.000000-000
Event Type: Information
User:

Computer Name: Home
Event Code: 7036
Message: The TPM Base Services service entered the stopped state.
Record Number: 148733
Source Name: Service Control Manager
Time Written: 20090218234032.000000-000
Event Type: Information
User:

Computer Name: Home
Event Code: 7036
Message: The Security Center service entered the running state.
Record Number: 148734
Source Name: Service Control Manager
Time Written: 20090218234032.000000-000
Event Type: Information
User:

Computer Name: Home
Event Code: 537
Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Record Number: 148735
Source Name: Microsoft-Windows-TBS
Time Written: 20090218234032.469450-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Home
Event Code: 7036
Message: The Windows Media Center Service Launcher service entered the stopped state.
Record Number: 148736
Source Name: Service Control Manager
Time Written: 20090218234035.000000-000
Event Type: Information
User:

Application event log

Computer Name: Home
Event Code: 302
Message: msnmsgr (3788) ***REDACTED BY REQUEST OF ORIGINAL POSTER***: The database engine has successfully completed recovery steps.
Record Number: 28442
Source Name: ESENT
Time Written: 20090218233915.000000-000
Event Type: Information
User:

Computer Name: Home
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 28443
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090218233916.136050-000
Event Type: Information
User: Home\Brian

Computer Name: Home
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 28444
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090218233926.126450-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Home
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 28445
Source Name: SecurityCenter
Time Written: 20090218234033.000000-000
Event Type: Information
User:

Computer Name: Home
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 28446
Source Name: LightScribeService
Time Written: 20090218234101.000000-000
Event Type: Information
User:

Security event log

Computer Name: Home
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 54792
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218234057.970450-000
Event Type: Audit Failure
User:

Computer Name: Home
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 54793
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218234058.023450-000
Event Type: Audit Failure
User:

Computer Name: Home
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 54794
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218234058.064450-000
Event Type: Audit Failure
User:

Computer Name: Home
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 54795
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218234058.106450-000
Event Type: Audit Failure
User:

Computer Name: Home
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 54796
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218234058.159450-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by Amazing Andrew, 20 January 2010 - 03:56 PM.


#6 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 18 February 2009 - 07:19 PM

I ran the GMER but there is no result to post?

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 19 February 2009 - 02:56 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)



Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\Windows\system32\zuwakebu.dll
    C:\Windows\system32\zikejefu.dll
    C:\Windows\system32\yufudiyo.dll
    C:\Windows\system32\yopajisa.dll
    C:\Windows\system32\yilelozi.dll
    C:\Windows\system32\yelepoje.dll
    C:\Windows\system32\wulijubu.dll
    C:\Windows\system32\wogibisu.dll
    C:\Windows\system32\wikekoki.dll
    C:\Windows\system32\wapesave.dll
    C:\Windows\system32\tuhifigu.dll
    C:\Windows\system32\tazusumo.dll
    C:\Windows\system32\sinotebe.dll
    C:\Windows\system32\rohuzoka.dll
    C:\Windows\system32\rividuwu.dll
    C:\Windows\system32\rekideti.dll
    C:\Windows\system32\pevadino.dll
    C:\Windows\system32\pazumubu.dll
    C:\Windows\system32\nozaraju.dll
    C:\Windows\system32\novukozu.dll
    C:\Windows\system32\nopemako.dll
    C:\Windows\system32\lunehotu.dll
    C:\Windows\system32\lobanofu.dll
    C:\Windows\system32\lisifili.dll
    C:\Windows\system32\lezetezi.dll
    C:\Windows\system32\lajenoka.dll
    C:\Windows\system32\kulofani.dll
    C:\Windows\system32\kudidomo.dll
    C:\Windows\system32\kofurezo.dll
    C:\Windows\system32\kofidelu.dll
    C:\Windows\system32\kidayomo.dll
    C:\Windows\system32\kawodugi.dll
    C:\Windows\system32\kajigofi.dll
    C:\Windows\system32\jewukujo.dll
    C:\Windows\system32\jehifipe.dll
    C:\Windows\system32\hoduwama.dll
    C:\Windows\system32\hasaneya.dll
    C:\Windows\system32\gunulizu.dll
    C:\Windows\system32\gubagedu.dll
    C:\Windows\system32\gipupiro.dll
    C:\Windows\system32\gayezove.dll
    C:\Windows\system32\fowukoho.dll
    C:\Windows\system32\fovufane.dll
    C:\Windows\system32\desevewo.dll
    C:\Windows\system32\befemezi.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 19 February 2009 - 03:49 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\system32\zuwakebu.dll
C:\Windows\system32\zuwakebu.dll NOT unregistered.
C:\Windows\system32\zuwakebu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\zikejefu.dll
C:\Windows\system32\zikejefu.dll NOT unregistered.
C:\Windows\system32\zikejefu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\yufudiyo.dll
C:\Windows\system32\yufudiyo.dll NOT unregistered.
C:\Windows\system32\yufudiyo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\yopajisa.dll
C:\Windows\system32\yopajisa.dll NOT unregistered.
C:\Windows\system32\yopajisa.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\yilelozi.dll
C:\Windows\system32\yilelozi.dll NOT unregistered.
C:\Windows\system32\yilelozi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\yelepoje.dll
C:\Windows\system32\yelepoje.dll NOT unregistered.
C:\Windows\system32\yelepoje.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\wulijubu.dll
C:\Windows\system32\wulijubu.dll NOT unregistered.
C:\Windows\system32\wulijubu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\wogibisu.dll
C:\Windows\system32\wogibisu.dll NOT unregistered.
C:\Windows\system32\wogibisu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\wikekoki.dll
C:\Windows\system32\wikekoki.dll NOT unregistered.
C:\Windows\system32\wikekoki.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\wapesave.dll
C:\Windows\system32\wapesave.dll NOT unregistered.
C:\Windows\system32\wapesave.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\tuhifigu.dll
C:\Windows\system32\tuhifigu.dll NOT unregistered.
C:\Windows\system32\tuhifigu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\tazusumo.dll
C:\Windows\system32\tazusumo.dll NOT unregistered.
C:\Windows\system32\tazusumo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\sinotebe.dll
C:\Windows\system32\sinotebe.dll NOT unregistered.
C:\Windows\system32\sinotebe.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\rohuzoka.dll
C:\Windows\system32\rohuzoka.dll NOT unregistered.
C:\Windows\system32\rohuzoka.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\rividuwu.dll
C:\Windows\system32\rividuwu.dll NOT unregistered.
C:\Windows\system32\rividuwu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\rekideti.dll
C:\Windows\system32\rekideti.dll NOT unregistered.
C:\Windows\system32\rekideti.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\pevadino.dll
C:\Windows\system32\pevadino.dll NOT unregistered.
C:\Windows\system32\pevadino.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\pazumubu.dll
C:\Windows\system32\pazumubu.dll NOT unregistered.
C:\Windows\system32\pazumubu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nozaraju.dll
C:\Windows\system32\nozaraju.dll NOT unregistered.
C:\Windows\system32\nozaraju.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\novukozu.dll
C:\Windows\system32\novukozu.dll NOT unregistered.
C:\Windows\system32\novukozu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\nopemako.dll
C:\Windows\system32\nopemako.dll NOT unregistered.
C:\Windows\system32\nopemako.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\lunehotu.dll
C:\Windows\system32\lunehotu.dll NOT unregistered.
C:\Windows\system32\lunehotu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\lobanofu.dll
C:\Windows\system32\lobanofu.dll NOT unregistered.
C:\Windows\system32\lobanofu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\lisifili.dll
C:\Windows\system32\lisifili.dll NOT unregistered.
C:\Windows\system32\lisifili.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\lezetezi.dll
C:\Windows\system32\lezetezi.dll NOT unregistered.
C:\Windows\system32\lezetezi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\lajenoka.dll
C:\Windows\system32\lajenoka.dll NOT unregistered.
C:\Windows\system32\lajenoka.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kulofani.dll
C:\Windows\system32\kulofani.dll NOT unregistered.
C:\Windows\system32\kulofani.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kudidomo.dll
C:\Windows\system32\kudidomo.dll NOT unregistered.
C:\Windows\system32\kudidomo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kofurezo.dll
C:\Windows\system32\kofurezo.dll NOT unregistered.
C:\Windows\system32\kofurezo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kofidelu.dll
C:\Windows\system32\kofidelu.dll NOT unregistered.
C:\Windows\system32\kofidelu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kidayomo.dll
C:\Windows\system32\kidayomo.dll NOT unregistered.
C:\Windows\system32\kidayomo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kawodugi.dll
C:\Windows\system32\kawodugi.dll NOT unregistered.
C:\Windows\system32\kawodugi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\kajigofi.dll
C:\Windows\system32\kajigofi.dll NOT unregistered.
C:\Windows\system32\kajigofi.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jewukujo.dll
C:\Windows\system32\jewukujo.dll NOT unregistered.
C:\Windows\system32\jewukujo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\jehifipe.dll
C:\Windows\system32\jehifipe.dll NOT unregistered.
C:\Windows\system32\jehifipe.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\hoduwama.dll
C:\Windows\system32\hoduwama.dll NOT unregistered.
C:\Windows\system32\hoduwama.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\hasaneya.dll
C:\Windows\system32\hasaneya.dll NOT unregistered.
C:\Windows\system32\hasaneya.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\gunulizu.dll
C:\Windows\system32\gunulizu.dll NOT unregistered.
C:\Windows\system32\gunulizu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\gubagedu.dll
C:\Windows\system32\gubagedu.dll NOT unregistered.
C:\Windows\system32\gubagedu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\gipupiro.dll
C:\Windows\system32\gipupiro.dll NOT unregistered.
C:\Windows\system32\gipupiro.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\gayezove.dll
C:\Windows\system32\gayezove.dll NOT unregistered.
C:\Windows\system32\gayezove.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fowukoho.dll
C:\Windows\system32\fowukoho.dll NOT unregistered.
C:\Windows\system32\fowukoho.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\fovufane.dll
C:\Windows\system32\fovufane.dll NOT unregistered.
C:\Windows\system32\fovufane.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\desevewo.dll
C:\Windows\system32\desevewo.dll NOT unregistered.
C:\Windows\system32\desevewo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\system32\befemezi.dll
C:\Windows\system32\befemezi.dll NOT unregistered.
C:\Windows\system32\befemezi.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Brian\AppData\Local\Temp\etilqs_IR7gd8MKrXV4mY0 scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\etilqs_kMGS91R7vvXbGHu scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\etilqs_RxxQHHdYKkg2VWX scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\fla2186.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\fla21B5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\fla2252.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\fla2485.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\fla393A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\flaC248.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DF4438.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DF9706.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DF970B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DFA4BF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DFA4F6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_024327

Files moved on Reboot...
File C:\Users\Brian\AppData\Local\Temp\etilqs_IR7gd8MKrXV4mY0 not found!
File C:\Users\Brian\AppData\Local\Temp\etilqs_kMGS91R7vvXbGHu not found!
File C:\Users\Brian\AppData\Local\Temp\etilqs_RxxQHHdYKkg2VWX not found!
File C:\Users\Brian\AppData\Local\Temp\fla2186.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\fla21B5.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\fla2252.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\fla2485.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\fla393A.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\flaC248.tmp not found!
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
C:\Users\Brian\AppData\Local\Temp\~DF4438.tmp moved successfully.
File C:\Users\Brian\AppData\Local\Temp\~DF9706.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\~DF970B.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\~DFA4BF.tmp not found!
File C:\Users\Brian\AppData\Local\Temp\~DFA4F6.tmp not found!

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 19 February 2009 - 04:28 AM

Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt


Waiting for RSIT log.txt :thumbup2: :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 19 February 2009 - 11:32 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Brian at 2009-02-19 22:31:10
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 18 GB (25%) free of 72 GB
Total RAM: 2037 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:13 PM, on 2/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neowin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CPM1fadc551] Rundll32.exe "C:\Windows\system32\wulijubu.dll",a
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O20 - AppInit_DLLs: eNetHook.dll c:\windows\system32\wulijubu.dll c:\windows\system32\zuwakebu.dll c:\windows\system32\zikejefu.dll c:\windows\system32\yufudiyo.dll c:\windows\system32\yopajisa.dll c:\windows\system32\yilelozi.dll c:\windows\system32\yelepoje.dll c:\windows\system32\wogibisu.dll c:\windows\system32\wikekoki.dll c:\windows\system32\wapesave.dll c:\windows\system32\tuhifigu.dll c:\windows\system32\tazusumo.dll c:\windows\system32\sinotebe.dll c:\windows\system32\rividuwu.dll c:\windows\system32\rekideti.dll c:\windows\system32\nozaraju.dll c:\windows\system32\novukozu.dll c:\windows\system32\nopemako.dll c:\windows\system32\lunehotu.dll c:\windows\system32\lobanofu.dll c:\windows\system32\lisifili.dll c:\windows\system32\lezetezi.dll c:\windows\system32\lajenoka.dll c:\windows\system32\kulofani.dll c:\windows\system32\kudidomo.dll c:\windows\system32\kofurezo.dll c:\windows\system32\kofidelu.dll c:\windows\system32\kawodugi.dll c:\windows\system32\jewukujo.dll c:\windows\system32\jehifipe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulijubu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulijubu.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11140 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231840619-4253572256-1827901034-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-13 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-07 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-16 815104]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"eDSMSNfix"=C:\Acer\Empowering Technology\eDSMSNfix.exe [2007-02-08 13312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-16 144792]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-01-11 483328]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"CPM1fadc551"=C:\Windows\system32\wulijubu.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe [2007-05-12 1036288]
"Google Update"=C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2007-11-20 731136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewal]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll c:\windows\system32\wulijubu.dll c:\windows\system32\zuwakebu.dll c:\windows\system32\zikejefu.dll c:\windows\system32\yufudiyo.dll c:\windows\system32\yopajisa.dll c:\windows\system32\yilelozi.dll c:\windows\system32\yelepoje.dll c:\windows\system32\wogibisu.dll c:\windows\system32\wikekoki.dll c:\windows\system32\wapesave.dll c:\windows\system32\tuhifigu.dll c:\windows\system32\tazusumo.dll c:\windows\system32\sinotebe.dll c:\windows\system32\rividuwu.dll c:\windows\system32\rekideti.dll c:\windows\system32\nozaraju.dll c:\windows\system32\novukozu.dll c:\windows\system32\nopemako.dll c:\windows\system32\lunehotu.dll c:\windows\system32\lobanofu.dll c:\windows\system32\lisifili.dll c:\windows\system32\lezetezi.dll c:\windows\system32\lajenoka.dll c:\windows\system32\kulofani.dll c:\windows\system32\kudidomo.dll c:\windows\system32\kofurezo.dll c:\windows\system32\kofidelu.dll c:\windows\system32\kawodugi.dll c:\windows\system32\jewukujo.dll c:\windows\system32\jehifipe.dll c:\windows\system32\hoduwama.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulijubu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wulijubu.dll []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84dc0ec-5fa1-11dd-aa87-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93fb2c2-c3b5-11dd-a0e7-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-02-19 02:43:27 ----D---- C:\_OTMoveIt
2009-02-18 17:48:32 ----A---- C:\Windows\gmer.ini
2009-02-18 17:48:31 ----A---- C:\Windows\gmer_uninstall.cmd
2009-02-18 17:48:31 ----A---- C:\Windows\gmer.dll
2009-02-18 17:48:30 ----A---- C:\Windows\gmer.exe
2009-02-18 17:40:45 ----D---- C:\rsit
2009-02-11 16:08:36 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 16:08:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardres.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardagt.exe
2009-02-11 16:08:31 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-11 16:08:29 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-11 15:59:07 ----A---- C:\Windows\system32\dfshim.dll
2009-02-11 15:59:03 ----A---- C:\Windows\system32\mscoree.dll
2009-02-11 15:59:01 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-11 15:58:43 ----A---- C:\Windows\system32\mscorier.dll
2009-02-11 15:58:34 ----A---- C:\Windows\system32\mscories.dll
2009-02-11 15:56:45 ----A---- C:\Windows\system32\EncDec.dll
2009-02-11 15:56:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-10 20:42:47 ----A---- C:\Windows\system32\mshtml.dll
2009-02-10 20:42:46 ----A---- C:\Windows\system32\ieframe.dll
2009-02-10 20:42:44 ----A---- C:\Windows\system32\urlmon.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\wininet.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\mstime.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\iertutil.dll
2009-01-30 02:16:16 ----D---- C:\Program Files\QuickTime
2009-01-30 02:15:30 ----SHD---- C:\Config.Msi
2009-01-30 02:08:24 ----D---- C:\Program Files\Microsoft
2009-01-05 19:31:57 ----D---- C:\Program Files\Free RM to AVI Converter Splitter
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files\xing shared
2008-12-28 03:52:51 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\ProgramData\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-22 22:07:36 ----SHD---- C:\Temporary Internet Files
2008-12-22 02:31:32 ----D---- C:\Users\Brian\AppData\Roaming\Salling Software AB
2008-12-22 02:31:22 ----D---- C:\ProgramData\eSellerate
2008-12-22 02:30:10 ----D---- C:\Program Files\Salling Software AB
2008-12-22 02:29:54 ----A---- C:\Windows\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini
2008-12-21 22:52:04 ----D---- C:\ProgramData\OrbNetworks
2008-12-21 22:51:52 ----D---- C:\Program Files\Orb Networks
2008-12-17 14:05:20 ----D---- C:\Users\Brian\AppData\Roaming\XDAPPCFB
2008-12-14 22:59:21 ----A---- C:\Windows\system32\tzres.dll
2008-12-14 00:20:03 ----D---- C:\Windows\system32\Dexter Screen Saver dir
2008-12-09 12:54:25 ----A---- C:\Windows\system32\shell32.dll
2008-12-09 12:54:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-09 12:54:01 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-09 12:53:57 ----A---- C:\Windows\system32\gdi32.dll
2008-12-09 12:53:54 ----A---- C:\Windows\explorer.exe
2008-12-09 12:53:34 ----A---- C:\Windows\system32\mf.dll
2008-12-09 12:53:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-09 12:53:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-09 12:53:31 ----A---- C:\Windows\system32\logagent.exe
2008-11-26 13:00:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 13:00:25 ----A---- C:\Windows\system32\connect.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wups.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuapp.exe
2008-11-24 02:03:27 ----D---- C:\ProgramData\acccore

======List of files/folders modified in the last 3 months======

2009-02-19 22:27:48 ----D---- C:\Program Files\Weather Watcher
2009-02-19 22:14:47 ----D---- C:\Windows\Temp
2009-02-19 12:11:13 ----D---- C:\Windows\Prefetch
2009-02-19 02:52:08 ----D---- C:\Windows\System32
2009-02-19 02:52:08 ----D---- C:\Windows\inf
2009-02-19 02:52:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-19 01:59:28 ----A---- C:\Windows\WCEODBC.INI
2009-02-18 19:17:33 ----SHD---- C:\System Volume Information
2009-02-18 17:48:32 ----D---- C:\Windows
2009-02-18 17:48:31 ----D---- C:\Windows\system32\drivers
2009-02-18 17:35:05 ----D---- C:\ProgramData\Soulseek
2009-02-18 17:33:50 ----D---- C:\mirc
2009-02-18 17:06:26 ----D---- C:\My Shared Folder
2009-02-18 11:25:59 ----D---- C:\ProgramData\Google Updater
2009-02-15 02:39:55 ----D---- C:\Windows\Microsoft.NET
2009-02-15 02:39:44 ----RSD---- C:\Windows\assembly
2009-02-15 02:00:18 ----D---- C:\Windows\rescache
2009-02-15 01:56:37 ----D---- C:\Windows\winsxs
2009-02-15 01:44:14 ----D---- C:\Windows\system32\catroot
2009-02-15 01:39:50 ----D---- C:\Windows\ehome
2009-02-15 01:39:50 ----D---- C:\Program Files\Windows Mail
2009-02-15 01:39:46 ----D---- C:\Windows\system32\XPSViewer
2009-02-15 01:39:46 ----D---- C:\Windows\system32\wbem
2009-02-15 01:39:46 ----D---- C:\Windows\system32\en-US
2009-02-11 16:15:37 ----SHD---- C:\Windows\Installer
2009-02-11 16:11:39 ----D---- C:\Windows\system32\catroot2
2009-02-11 08:06:38 ----D---- C:\Windows\Tasks
2009-02-04 18:09:24 ----A---- C:\Windows\avisplitter.INI
2009-01-30 02:16:16 ----RD---- C:\Program Files
2009-01-30 02:15:50 ----D---- C:\Program Files\Common Files\Apple
2009-01-30 02:07:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-01-23 01:32:07 ----D---- C:\MyWorks
2009-01-19 00:46:17 ----SD---- C:\Windows\Downloaded Program Files
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files
2009-01-05 19:27:34 ----D---- C:\Program Files\Common Files\Real
2009-01-05 19:27:26 ----A---- C:\Windows\system32\rmoc3260.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5032.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5016.dll
2009-01-05 19:27:02 ----A---- C:\Windows\system32\pncrt.dll
2008-12-28 03:52:43 ----HD---- C:\ProgramData
2008-12-24 20:35:27 ----D---- C:\Windows\WindowsMobile
2008-12-23 16:26:01 ----D---- C:\Windows\system32\Tasks
2008-12-23 00:00:30 ----D---- C:\Windows\AppPatch
2008-12-22 02:28:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 23:06:03 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 20:22:59 ----D---- C:\Program Files\Wireshark
2008-12-09 20:22:52 ----D---- C:\Program Files\WinPcap
2008-12-04 00:58:00 ----D---- C:\Unzipped
2008-11-30 23:21:59 ----D---- C:\Users\Brian\AppData\Roaming\dvdcss
2008-11-29 23:15:33 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
2008-11-26 20:54:45 ----D---- C:\Program Files\Winamp
2008-11-26 20:54:12 ----D---- C:\Users\Brian\AppData\Roaming\Winamp
2008-11-24 02:04:45 ----D---- C:\Program Files\AIM6
2008-11-24 02:03:37 ----D---- C:\Program Files\Viewpoint
2008-11-24 02:03:33 ----D---- C:\ProgramData\Viewpoint
2008-11-23 19:09:32 ----D---- C:\ProgramData\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-04 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-01-11 21264]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2007-12-03 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-28 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-16 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-05 168448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-02-18 85969]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 UNINST2K;UNINST2K; \??\C:\Windows\system32\Drivers\UNINST2K.SYS [2000-11-15 2204]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 20 February 2009 - 06:19 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    c:\windows\system32\wulijubu.dll 
    c:\windows\system32\zuwakebu.dll 
    c:\windows\system32\zikejefu.dll 
    c:\windows\system32\yufudiyo.dll 
    c:\windows\system32\yopajisa.dll 
    c:\windows\system32\yilelozi.dll 
    c:\windows\system32\yelepoje.dll 
    c:\windows\system32\wogibisu.dll 
    c:\windows\system32\wikekoki.dll 
    c:\windows\system32\wapesave.dll 
    c:\windows\system32\tuhifigu.dll 
    c:\windows\system32\tazusumo.dll 
    c:\windows\system32\sinotebe.dll 
    c:\windows\system32\rividuwu.dll 
    c:\windows\system32\rekideti.dll 
    c:\windows\system32\nozaraju.dll 
    c:\windows\system32\novukozu.dll 
    c:\windows\system32\nopemako.dll 
    c:\windows\system32\lunehotu.dll 
    c:\windows\system32\lobanofu.dll 
    c:\windows\system32\lisifili.dll 
    c:\windows\system32\lezetezi.dll 
    c:\windows\system32\lajenoka.dll 
    c:\windows\system32\kulofani.dll 
    c:\windows\system32\kudidomo.dll 
    c:\windows\system32\kofurezo.dll 
    c:\windows\system32\kofidelu.dll 
    c:\windows\system32\kawodugi.dll 
    c:\windows\system32\jewukujo.dll 
    c:\windows\system32\jehifipe.dll 
    c:\windows\system32\hoduwama.dll
    c:\windows\system32\wulijubu.dll
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "CPM1fadc551"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="eNetHook.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "SSODL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
    "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 21 February 2009 - 04:20 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder c:\windows\system32\wulijubu.dll not found.
File/Folder c:\windows\system32\zuwakebu.dll not found.
File/Folder c:\windows\system32\zikejefu.dll not found.
File/Folder c:\windows\system32\yufudiyo.dll not found.
File/Folder c:\windows\system32\yopajisa.dll not found.
File/Folder c:\windows\system32\yilelozi.dll not found.
File/Folder c:\windows\system32\yelepoje.dll not found.
File/Folder c:\windows\system32\wogibisu.dll not found.
File/Folder c:\windows\system32\wikekoki.dll not found.
File/Folder c:\windows\system32\wapesave.dll not found.
File/Folder c:\windows\system32\tuhifigu.dll not found.
File/Folder c:\windows\system32\tazusumo.dll not found.
File/Folder c:\windows\system32\sinotebe.dll not found.
File/Folder c:\windows\system32\rividuwu.dll not found.
File/Folder c:\windows\system32\rekideti.dll not found.
File/Folder c:\windows\system32\nozaraju.dll not found.
File/Folder c:\windows\system32\novukozu.dll not found.
File/Folder c:\windows\system32\nopemako.dll not found.
File/Folder c:\windows\system32\lunehotu.dll not found.
File/Folder c:\windows\system32\lobanofu.dll not found.
File/Folder c:\windows\system32\lisifili.dll not found.
File/Folder c:\windows\system32\lezetezi.dll not found.
File/Folder c:\windows\system32\lajenoka.dll not found.
File/Folder c:\windows\system32\kulofani.dll not found.
File/Folder c:\windows\system32\kudidomo.dll not found.
File/Folder c:\windows\system32\kofurezo.dll not found.
File/Folder c:\windows\system32\kofidelu.dll not found.
File/Folder c:\windows\system32\kawodugi.dll not found.
File/Folder c:\windows\system32\jewukujo.dll not found.
File/Folder c:\windows\system32\jehifipe.dll not found.
File/Folder c:\windows\system32\hoduwama.dll not found.
File/Folder c:\windows\system32\wulijubu.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM1fadc551 deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"eNetHook.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Brian\AppData\Local\Temp\~DFFE11.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_031147

Files moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
C:\Users\Brian\AppData\Local\Temp\~DFFE11.tmp moved successfully.

#13 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 21 February 2009 - 04:22 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Brian at 2009-02-21 03:21:11
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 16 GB (22%) free of 72 GB
Total RAM: 2037 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:22 AM, on 2/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Brian\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neowin.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9373 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231840619-4253572256-1827901034-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-13 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-07 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-16 815104]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"eDSMSNfix"=C:\Acer\Empowering Technology\eDSMSNfix.exe [2007-02-08 13312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-16 144792]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-01-11 483328]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"WeatherWatcher"=C:\Program Files\Weather Watcher\ww.exe [2007-05-12 1036288]
"Google Update"=C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-01-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2007-11-20 731136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewal]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Explorer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-05 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2006-11-21 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84dc0ec-5fa1-11dd-aa87-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f93fb2c2-c3b5-11dd-a0e7-001b2461b6ff}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-02-19 02:43:27 ----D---- C:\_OTMoveIt
2009-02-18 17:48:32 ----A---- C:\Windows\gmer.ini
2009-02-18 17:48:31 ----A---- C:\Windows\gmer_uninstall.cmd
2009-02-18 17:48:31 ----A---- C:\Windows\gmer.dll
2009-02-18 17:48:30 ----A---- C:\Windows\gmer.exe
2009-02-18 17:40:45 ----D---- C:\rsit
2009-02-11 16:08:36 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 16:08:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardres.dll
2009-02-11 16:08:34 ----A---- C:\Windows\system32\icardagt.exe
2009-02-11 16:08:31 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-11 16:08:29 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-11 15:59:07 ----A---- C:\Windows\system32\dfshim.dll
2009-02-11 15:59:03 ----A---- C:\Windows\system32\mscoree.dll
2009-02-11 15:59:01 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-11 15:58:43 ----A---- C:\Windows\system32\mscorier.dll
2009-02-11 15:58:34 ----A---- C:\Windows\system32\mscories.dll
2009-02-11 15:56:45 ----A---- C:\Windows\system32\EncDec.dll
2009-02-11 15:56:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-10 20:42:47 ----A---- C:\Windows\system32\mshtml.dll
2009-02-10 20:42:46 ----A---- C:\Windows\system32\ieframe.dll
2009-02-10 20:42:44 ----A---- C:\Windows\system32\urlmon.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\wininet.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\mstime.dll
2009-02-10 20:42:43 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 20:42:42 ----A---- C:\Windows\system32\iertutil.dll
2009-01-30 02:16:16 ----D---- C:\Program Files\QuickTime
2009-01-30 02:15:30 ----SHD---- C:\Config.Msi
2009-01-30 02:08:24 ----D---- C:\Program Files\Microsoft
2009-01-05 19:31:57 ----D---- C:\Program Files\Free RM to AVI Converter Splitter
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files\xing shared
2008-12-28 03:52:51 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\ProgramData\Malwarebytes
2008-12-28 03:52:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-22 22:07:36 ----SHD---- C:\Temporary Internet Files
2008-12-22 02:31:32 ----D---- C:\Users\Brian\AppData\Roaming\Salling Software AB
2008-12-22 02:31:22 ----D---- C:\ProgramData\eSellerate
2008-12-22 02:30:10 ----D---- C:\Program Files\Salling Software AB
2008-12-22 02:29:54 ----A---- C:\Windows\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini
2008-12-21 22:52:04 ----D---- C:\ProgramData\OrbNetworks
2008-12-21 22:51:52 ----D---- C:\Program Files\Orb Networks
2008-12-17 14:05:20 ----D---- C:\Users\Brian\AppData\Roaming\XDAPPCFB
2008-12-14 22:59:21 ----A---- C:\Windows\system32\tzres.dll
2008-12-14 00:20:03 ----D---- C:\Windows\system32\Dexter Screen Saver dir
2008-12-09 12:54:25 ----A---- C:\Windows\system32\shell32.dll
2008-12-09 12:54:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-09 12:54:01 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-09 12:53:57 ----A---- C:\Windows\system32\gdi32.dll
2008-12-09 12:53:54 ----A---- C:\Windows\explorer.exe
2008-12-09 12:53:34 ----A---- C:\Windows\system32\mf.dll
2008-12-09 12:53:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-09 12:53:32 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-09 12:53:31 ----A---- C:\Windows\system32\logagent.exe
2008-11-26 13:00:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 13:00:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 13:00:25 ----A---- C:\Windows\system32\connect.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 11:01:53 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wups.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 11:01:27 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 11:01:17 ----A---- C:\Windows\system32\wuapp.exe
2008-11-24 02:03:27 ----D---- C:\ProgramData\acccore

======List of files/folders modified in the last 3 months======

2009-02-21 03:21:11 ----D---- C:\Windows\Temp
2009-02-21 03:19:08 ----D---- C:\Windows\System32
2009-02-21 03:19:08 ----D---- C:\Windows\inf
2009-02-21 03:19:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-21 03:16:00 ----D---- C:\Program Files\Weather Watcher
2009-02-21 03:15:46 ----D---- C:\Windows\Prefetch
2009-02-20 04:22:28 ----D---- C:\ProgramData\Google Updater
2009-02-20 02:05:25 ----SHD---- C:\System Volume Information
2009-02-19 01:59:28 ----A---- C:\Windows\WCEODBC.INI
2009-02-18 17:48:32 ----D---- C:\Windows
2009-02-18 17:48:31 ----D---- C:\Windows\system32\drivers
2009-02-18 17:35:05 ----D---- C:\ProgramData\Soulseek
2009-02-18 17:33:50 ----D---- C:\mirc
2009-02-18 17:06:26 ----D---- C:\My Shared Folder
2009-02-15 02:39:55 ----D---- C:\Windows\Microsoft.NET
2009-02-15 02:39:44 ----RSD---- C:\Windows\assembly
2009-02-15 02:00:18 ----D---- C:\Windows\rescache
2009-02-15 01:56:37 ----D---- C:\Windows\winsxs
2009-02-15 01:44:14 ----D---- C:\Windows\system32\catroot
2009-02-15 01:39:50 ----D---- C:\Windows\ehome
2009-02-15 01:39:50 ----D---- C:\Program Files\Windows Mail
2009-02-15 01:39:46 ----D---- C:\Windows\system32\XPSViewer
2009-02-15 01:39:46 ----D---- C:\Windows\system32\wbem
2009-02-15 01:39:46 ----D---- C:\Windows\system32\en-US
2009-02-11 16:15:37 ----SHD---- C:\Windows\Installer
2009-02-11 16:11:39 ----D---- C:\Windows\system32\catroot2
2009-02-11 08:06:38 ----D---- C:\Windows\Tasks
2009-02-04 18:09:24 ----A---- C:\Windows\avisplitter.INI
2009-01-30 02:16:16 ----RD---- C:\Program Files
2009-01-30 02:15:50 ----D---- C:\Program Files\Common Files\Apple
2009-01-30 02:07:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-01-23 01:32:07 ----D---- C:\MyWorks
2009-01-19 00:46:17 ----SD---- C:\Windows\Downloaded Program Files
2009-01-05 19:27:43 ----D---- C:\Program Files\Common Files
2009-01-05 19:27:34 ----D---- C:\Program Files\Common Files\Real
2009-01-05 19:27:26 ----A---- C:\Windows\system32\rmoc3260.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5032.dll
2009-01-05 19:27:04 ----A---- C:\Windows\system32\pndx5016.dll
2009-01-05 19:27:02 ----A---- C:\Windows\system32\pncrt.dll
2008-12-28 03:52:43 ----HD---- C:\ProgramData
2008-12-24 20:35:27 ----D---- C:\Windows\WindowsMobile
2008-12-23 16:26:01 ----D---- C:\Windows\system32\Tasks
2008-12-23 00:00:30 ----D---- C:\Windows\AppPatch
2008-12-22 02:28:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 23:06:03 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 20:22:59 ----D---- C:\Program Files\Wireshark
2008-12-09 20:22:52 ----D---- C:\Program Files\WinPcap
2008-12-04 00:58:00 ----D---- C:\Unzipped
2008-11-30 23:21:59 ----D---- C:\Users\Brian\AppData\Roaming\dvdcss
2008-11-29 23:15:33 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
2008-11-26 20:54:45 ----D---- C:\Program Files\Winamp
2008-11-26 20:54:12 ----D---- C:\Users\Brian\AppData\Roaming\Winamp
2008-11-24 02:04:45 ----D---- C:\Program Files\AIM6
2008-11-24 02:03:37 ----D---- C:\Program Files\Viewpoint
2008-11-24 02:03:33 ----D---- C:\ProgramData\Viewpoint
2008-11-23 19:09:32 ----D---- C:\ProgramData\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-04 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-01-11 21264]
R3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2007-12-03 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-28 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-16 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-05 168448]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-02-18 85969]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 UNINST2K;UNINST2K; \??\C:\Windows\system32\Drivers\UNINST2K.SYS [2000-11-15 2204]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 21 February 2009 - 10:54 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Hows the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 needhelp2009

needhelp2009
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 21 February 2009 - 11:28 PM

I did not check "Remove found threats", because I knew this would detect things that aren't threats, and of course it did.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3876 (20090221)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=09ecfbec7f484a4db0d21e371b2edb12
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-02-21 07:05:40
# local_time=2009-02-21 01:05:40 (-0600, Central Standard Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=435358
# found=12
# scan_time=5126
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\74018dd6-1d977025 Java/TrojanDownloader.OpenStream.NAB trojan CEC0DD504B18CCC2D97A22CECE9C96E7
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\74018dd6-1d977025 »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\Users\Brian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4d13647b-35bfe588 Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Users\Brian\Documents\wrap2-1079118298.zip probably a variant of Win32/Agent trojan A146E41851FA09515ED9AACA885605A6
C:\Users\Brian\Documents\wrap2-1079118298.zip »ZIP »nhtmln.dll probably a variant of Win32/Agent trojan 00000000000000000000000000000000
C:\Users\Brian\Documents\pocketpc\Salling\Salling.Clicker.v3.5.0.860.WinALL.Incl.Keygen-ECLiPSE.zip probably a variant of Win32/Agent trojan A7DF51C2D715E46E06CAB59CC2008624
C:\Users\Brian\Documents\pocketpc\Salling\Salling.Clicker.v3.5.0.860.WinALL.Incl.Keygen-ECLiPSE.zip »ZIP »Salling.Clicker.v3.5.0.860.WinALL.Incl.Keygen-ECLiPSE/Salling.Clicker.v3.5.0.860.Keygen.zip probably a variant of Win32/Agent trojan 00000000000000000000000000000000
C:\Users\Brian\Documents\pocketpc\Salling\Salling.Clicker.v3.5.0.860.WinALL.Incl.Keygen-ECLiPSE.zip »ZIP »Salling.Clicker.v3.5.0.860.WinALL.Incl.Keygen-ECLiPSE/Salling.Clicker.v3.5.0.860.Keygen.zip »ZIP »eclscl35.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000
C:\Users\Brian\Documents\wrap2-1079118298\nhtmln.dll probably a variant of Win32/Agent trojan 8381B6F4FCDC6E53E1C7F48F57E7A097
C:\Users\Brian\Downloads\aim502829.exe Win32/Adware.WBug.A application 2816C9D1C6FB95C534540222AFF48F20
C:\Users\Brian\Downloads\aim502829.exe »WISE »WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
C:\Users\Brian\Downloads\aim502829.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll Win32/Adware.WBug.A application 00000000000000000000000000000000




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users