Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus And BIG One.


  • This topic is locked This topic is locked
23 replies to this topic

#1 OwenMatey

OwenMatey

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 06 June 2009 - 08:58 PM

Right i have a virus or something.
i downloaded Hijackthis and it wont save log so ill post ss.
Heres the error
Posted Image

Heres the screens
From top to bottom.

#1
Posted Image

#2
Posted Image

#3
Posted Image

#4
Posted Image

#5
Posted Image

Hope Someone can help.
I Need Help ASAP :thumbup2:
Thanks.

BC AdBot (Login to Remove)

 


m

#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 08:33 AM

Hello, OwenMatey.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 11:01 AM

RSIT.LOG[/u]
Logfile of random's system information tool 1.06 (written by random/random)
Run by MUM at 2009-06-07 16:53:27
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 4 MB (0%) free of 32 GB
Total RAM: 1013 MB (19% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2008-12-16 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-16 417887]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{278df07c-fe52-70cd-f46b-afddd4b778ff}]
milehighads - C:\Windows\system32\nsb4C4F.dll [2009-04-09 687104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Zango - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE1C37FF-9EDD-12D6-3685-0455BDC07618}]
milehighads browser enhancer - C:\Windows\system32\qgebwrptznzgms.dll [2009-04-23 479232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA7C072-3A3C-5310-B4EF-EA9CBECFC4CF}]
mysidesearch search enhancer - C:\Windows\system32\obextldnaepbh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-16 417887]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Zango - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"= []
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2008-12-16 24688]
"vrxbajodbjv"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Hzehixaqabezaxe"=C:\Users\MUM\AppData\Local\ukepevog.dll [2009-03-04 133632]
"__c007216C"=C:\Users\MUM\AppData\Local\Temp\__c007216C.dat,B []
"Frigo"=C:\Users\MUM\AppData\Local\Cbinepinukonejiq.dll,e []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Speech Recognition"=C:\Windows\Speech\Common\sapisvr.exe [2008-01-21 49664]
"realteks"=C:\Users\MUM\AppData\Roaming\Google\vmsclock.exe [2009-04-30 120832]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"rsbot%202.0[1].exe"=C:\Users\MUM\AppData\Local\Microsoft\Windows\Explorer\rsbot%202.0[1].exe [2009-05-25 262160]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-04 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F231303.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F231303.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F5B0D333.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F5B0D333.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F8118EF.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F8118EF.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FB18918F.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FB18918F.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FCB29C.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FCB29C.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FD494F.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FD494F.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FE09FE.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FE09FE.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALaunch]
C:\Acer\ALaunch\AlaunchClient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-UK-IEWSessionManager]
C:\Program Files\OrangeBS\IEWInternetUK\SessionManager\SessionManager.exe [2008-01-08 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardDetectorICON225]
C:\Program Files\CardDetector\ICON225\CardDetector.exe [2007-11-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frigo]
C:\Users\MUM\AppData\Local\Cbinepinukonejiq.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-01-22 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hzehixaqabezaxe]
C:\Users\MUM\AppData\Local\ukepevog.dll [2009-03-04 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-01-22 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
C:\Windows\system32\MRT.exe [2009-02-25 24768960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2008-12-16 24688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2008-12-16 32838]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-01-22 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel]
C:\Acer\APanel\APanel.cmd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slawdog Smart Shutdown]
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vrxbajodbjv]
C:\Windows\System32\regsvr32.exe [2006-11-02 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.75.0\Weather.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\__c002D3E0]
C:\Users\MUM\AppData\Local\Temp\__c002D3E0.dat,B []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\__c007216C]
C:\Users\MUM\AppData\Local\Temp\__c007216C.dat,B []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-15 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MUM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-09-18 147456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\MUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\dinput832.dll,C:\Windows\System32\basesrv32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a02b1f2f515]
C:\Windows\System32\dinput832.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a02b1f2f517]
C:\Windows\System32\basesrv32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeBS\IEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\IEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03bf4a81-1988-11de-8b90-9ba60b6e8771}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03bf4a95-1988-11de-8b90-a33079bba222}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f10-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f22-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f23-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74da6dde-b591-11dd-9072-f3e941a0a578}]
shell\AutoRun\command - F:\rsbot%202.0[1].exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a020618b-1bc1-11de-a42d-dfa75bf6e973}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a020618c-1bc1-11de-a42d-dfa75bf6e973}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b672161b-1be5-11de-9949-883f9f627002}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b672161d-1be5-11de-9949-84def0fa7ad8}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a9867-1a00-11de-92ce-e99220052ba5}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a986c-1a00-11de-92ce-e99220052ba5}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a9878-1a00-11de-92ce-85ba757eefb0}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software

[b]LOG[/u]
Logfile of random's system information tool 1.06 (written by random/random)
Run by MUM at 2009-06-07 16:53:27
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 4 MB (0%) free of 32 GB
Total RAM: 1013 MB (19% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2008-12-16 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-16 417887]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{278df07c-fe52-70cd-f46b-afddd4b778ff}]
milehighads - C:\Windows\system32\nsb4C4F.dll [2009-04-09 687104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Zango - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE1C37FF-9EDD-12D6-3685-0455BDC07618}]
milehighads browser enhancer - C:\Windows\system32\qgebwrptznzgms.dll [2009-04-23 479232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA7C072-3A3C-5310-B4EF-EA9CBECFC4CF}]
mysidesearch search enhancer - C:\Windows\system32\obextldnaepbh.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2008-12-16 417887]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Zango - C:\Program Files\Zango\bin\10.3.75.0\HostIE.dll []
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"= []
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2008-12-16 24688]
"vrxbajodbjv"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Hzehixaqabezaxe"=C:\Users\MUM\AppData\Local\ukepevog.dll [2009-03-04 133632]
"__c007216C"=C:\Users\MUM\AppData\Local\Temp\__c007216C.dat,B []
"Frigo"=C:\Users\MUM\AppData\Local\Cbinepinukonejiq.dll,e []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Speech Recognition"=C:\Windows\Speech\Common\sapisvr.exe [2008-01-21 49664]
"realteks"=C:\Users\MUM\AppData\Roaming\Google\vmsclock.exe [2009-04-30 120832]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"rsbot%202.0[1].exe"=C:\Users\MUM\AppData\Local\Microsoft\Windows\Explorer\rsbot%202.0[1].exe [2009-05-25 262160]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-04 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F231303.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F231303.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F5B0D333.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F5B0D333.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F8118EF.exe]
C:\Users\MUM\AppData\Local\Temp\_A00F8118EF.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FB18918F.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FB18918F.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FCB29C.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FCB29C.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FD494F.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FD494F.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00FE09FE.exe]
C:\Users\MUM\AppData\Local\Temp\_A00FE09FE.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALaunch]
C:\Acer\ALaunch\AlaunchClient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2007-07-21 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-UK-IEWSessionManager]
C:\Program Files\OrangeBS\IEWInternetUK\SessionManager\SessionManager.exe [2008-01-08 107248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardDetectorICON225]
C:\Program Files\CardDetector\ICON225\CardDetector.exe [2007-11-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frigo]
C:\Users\MUM\AppData\Local\Cbinepinukonejiq.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-01-22 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hzehixaqabezaxe]
C:\Users\MUM\AppData\Local\ukepevog.dll [2009-03-04 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-01-22 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
C:\Windows\system32\MRT.exe [2009-02-25 24768960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2008-12-16 24688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2008-12-16 32838]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-01-22 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPanel]
C:\Acer\APanel\APanel.cmd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slawdog Smart Shutdown]
C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vrxbajodbjv]
C:\Windows\System32\regsvr32.exe [2006-11-02 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.75.0\Weather.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\__c002D3E0]
C:\Users\MUM\AppData\Local\Temp\__c002D3E0.dat,B []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\__c007216C]
C:\Users\MUM\AppData\Local\Temp\__c007216C.dat,B []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\gprs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-15 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MUM^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2008-09-18 147456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\MUM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\dinput832.dll,C:\Windows\System32\basesrv32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a02b1f2f515]
C:\Windows\System32\dinput832.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a02b1f2f517]
C:\Windows\System32\basesrv32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-22 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeBS\IEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\IEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03bf4a81-1988-11de-8b90-9ba60b6e8771}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03bf4a95-1988-11de-8b90-a33079bba222}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f10-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f22-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f866f23-207c-11de-9e7a-f3fb21afd891}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74da6dde-b591-11dd-9072-f3e941a0a578}]
shell\AutoRun\command - F:\rsbot%202.0[1].exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a020618b-1bc1-11de-a42d-dfa75bf6e973}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a020618c-1bc1-11de-a42d-dfa75bf6e973}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b672161b-1be5-11de-9949-883f9f627002}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b672161d-1be5-11de-9949-84def0fa7ad8}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a9867-1a00-11de-92ce-e99220052ba5}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a986c-1a00-11de-92ce-e99220052ba5}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a9878-1a00-11de-92ce-85ba757eefb0}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da2a987a-1a00-11de-92ce-85ba757eefb0}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1df63b1-214e-11de-8ef8-fd46d31ccf99}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-06-07 16:53:30 ----D---- C:\Program Files\trend micro
2009-06-07 16:53:27 ----D---- C:\rsit
2009-06-04 02:04:40 ----D---- C:\Program Files\Axife Mouse Recorder DEMO
2009-05-28 14:11:40 ----A---- C:\Windows\IsUninst.exe
2009-05-17 23:08:24 ----D---- C:\.jagex_cache_32
2009-05-12 21:58:36 ----A---- C:\Windows\system32\ssleay32.dll
2009-05-12 21:58:36 ----A---- C:\Windows\system32\libeay32.dll
2009-05-12 21:58:36 ----A---- C:\Windows\system32\bassmidi.dll
2009-05-12 21:58:36 ----A---- C:\Windows\system32\bassflac.dll
2009-05-12 21:58:36 ----A---- C:\Windows\system32\bass.dll

======List of files/folders modified in the last 1 months======

2009-06-07 16:53:31 ----D---- C:\Windows\tracing
2009-06-07 16:53:30 ----RD---- C:\Program Files
2009-06-07 16:53:24 ----D---- C:\Windows\Temp
2009-06-07 03:17:42 ----D---- C:\Windows\Prefetch
2009-06-07 02:16:51 ----SHD---- C:\System Volume Information
2009-06-06 23:28:26 ----D---- C:\Windows\System32
2009-06-06 23:28:26 ----D---- C:\Windows\inf
2009-06-06 23:28:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-06 23:09:59 ----D---- C:\Windows
2009-06-06 16:58:26 ----SHD---- C:\Windows\Installer
2009-06-06 16:56:23 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-06-06 16:55:28 ----D---- C:\ProgramData\SwiftKit
2009-06-06 00:34:41 ----D---- C:\Windows\system32\wbem
2009-06-06 00:33:56 ----D---- C:\Windows\system32\config
2009-06-06 00:33:41 ----D---- C:\Windows\Tasks
2009-06-06 00:33:41 ----D---- C:\Windows\system32\spool
2009-06-06 00:33:41 ----D---- C:\Windows\system32\catroot2
2009-06-06 00:33:39 ----D---- C:\Windows\registration
2009-06-04 01:55:38 ----D---- C:\Windows\SHELLNEW
2009-06-03 16:51:48 ----D---- C:\Users\MUM\AppData\Roaming\LimeWire
2009-06-02 10:44:11 ----RSD---- C:\Windows\Fonts
2009-06-01 07:21:55 ----D---- C:\Windows\system32\Macromed
2009-05-31 20:55:22 ----D---- C:\Users\MUM\AppData\Roaming\Download Manager
2009-05-31 20:54:22 ----D---- C:\Users\MUM\AppData\Roaming\Google
2009-05-30 23:26:08 ----SD---- C:\Windows\Downloaded Program Files
2009-05-30 18:57:06 ----A---- C:\Windows\system32\uxtheme.dll
2009-05-30 18:57:06 ----A---- C:\Windows\system32\themeui.dll
2009-05-30 18:57:06 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-30 13:51:35 ----D---- C:\Users\MUM\AppData\Roaming\Adobe
2009-05-28 14:13:20 ----D---- C:\Program Files\Common Files\Adobe
2009-05-27 23:55:39 ----D---- C:\Users\MUM\AppData\Roaming\gtk-2.0
2009-05-26 13:30:26 ----D---- C:\Program Files\Messenger Plus! Live
2009-05-25 12:30:28 ----D---- C:\Program Files\WinRAR
2009-05-24 21:57:29 ----D---- C:\Users\MUM\AppData\Roaming\Skype
2009-05-24 18:25:51 ----D---- C:\Windows\system32\Tasks
2009-05-24 00:56:37 ----D---- C:\Users\MUM\AppData\Roaming\skypePM
2009-05-20 21:35:33 ----D---- C:\Program Files\Java
2009-05-10 23:24:39 ----D---- C:\Windows\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-11 163376]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-07-30 743424]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-22 2016256]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-02-26 6144]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-07-06 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
S1 oxser;OX16C95x Serial port driver; C:\Windows\system32\DRIVERS\oxser.sys []
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-12-11 101504]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-02-06 628760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-02-06 41752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PAC207;Ball Cam; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-02-06 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-02-06 2570520]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-21 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-02 72704]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
S4 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe []
S4 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]
S4 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-02 24576]
S4 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
S4 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
S4 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-20 24576]
S4 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-01-08 65536]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE []
S4 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-28 110592]
S4 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-12-16 28762]
S4 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-02-27 185640]
S4 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]

-----------------EOF-----------------


[b]INFO


info.txt logfile of random's system information tool 1.06 2009-06-07 16:53:46

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Agere Systems HDA Modem-->agrsmdel
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Axife Mouse Recorder DEMO 5.01-->"C:\Program Files\Axife Mouse Recorder DEMO\unins000.exe"
Ball Cam-->C:\Program Files\InstallShield Installation Information\{A1C1051B-05F9-4D9B-A4D6-02E88B9EFB4A}\setup.exe -runfromtemp -l0x0009 -removeonly
Card Detector for Option Icon 225-->C:\Program Files\CardDetector\ICON225\CardDetectorSetup.exe -u
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Contextual Tool Milehighads-->C:\Windows\system32\cont_milehighads-remove.exe
Contextual Tool Milehighads-->C:\Windows\system32\dfd4c339-f0fb-3a15-5234-97cbe95ee305.exe
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
Free YouTube to Mp3 Converter version 3.1-->"D:\Youtube Converter\unins000.exe"
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Internet Everywhere uninstall-->C:\Program Files\OrangeBS\IEWInternetUK\installation\core\Installgui.exe -u
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Milehighads Games Collection-->C:\Program Files\Milehighads Games Collection\uninstall.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Web Search (Cursor Mania)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RK Client 3.5.2-->"C:\Program Files\RK Client\unins000.exe"
RK CutterBanker 3-->"C:\Program Files\RKCutterBanker\unins000.exe"
RKAutominer 2-->"C:\Program Files\RKAutominer\unins000.exe"
RON Too1 Milehighads-->C:\Windows\system32\hqvhianadknlve.exe
SCAR CDE 2.03-->"C:\Program Files\SCAR 2.03\unins000.exe"
SCAR Divi CDE 3.20d-->"D:\SCAR 3.20\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SwiftSwitch-->C:\Program Files\SwiftSwitch\Uninstal.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
TortoiseSVN 1.6.1.16129 (32 bit)-->MsiExec.exe /X{4DC6EB24-629D-41D7-AB3E-E81872A8F9CC}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VistaGlazz 1.2-->"D:\VistaGlazz\unins000.exe"
web'n'walk stick manager-->C:\Program Files\T-Mobile\web'n'walk stick manager\uninst.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zango-->"C:\Program Files\Zango\bin\10.3.75.0\ZangoUninstaller.exe" Web

======System event log======

Computer Name: allyson-PC
Event Code: 4
Message: Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 121603
Source Name: b57nd60x
Time Written: 20090606222352.228088-000
Event Type: Warning
User:

Computer Name: allyson-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 121608
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090606222405.382956-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 7000
Message: The adfs service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 121649
Source Name: Service Control Manager
Time Written: 20090606222541.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
BTHidMgr
Record Number: 121673
Source Name: Service Control Manager
Time Written: 20090606222541.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 10000
Message: Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error:
"3"
Happened while starting this command:
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
Record Number: 121692
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090607003538.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: allyson-PC
Event Code: 1000
Message: Faulting application AutoFlaxPicker_V2.3.exe, version 1.0.0.1, time stamp 0x21475346, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0xaa8, application start time 0x01c9e709deb8a140.
Record Number: 55818
Source Name: Application Error
Time Written: 20090607004954.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 1000
Message: Faulting application AutoFlaxPicker_V2.3.exe, version 1.0.0.1, time stamp 0x21475346, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0xf40, application start time 0x01c9e709eb05e430.
Record Number: 55820
Source Name: Application Error
Time Written: 20090607005014.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 1000
Message: Faulting application AutoFlaxPicker_V2.3.exe, version 1.0.0.1, time stamp 0x21475346, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x92c, application start time 0x01c9e709ef3fe460.
Record Number: 55821
Source Name: Application Error
Time Written: 20090607005021.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 3083
Message: The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: The specified module could not be found. .

Record Number: 55823
Source Name: Microsoft-Windows-Search
Time Written: 20090607011659.000000-000
Event Type: Error
User:

Computer Name: allyson-PC
Event Code: 3083
Message: The protocol handler Search.OneIndexHandler.1 cannot be loaded. Error description: The specified module could not be found. .

Record Number: 55828
Source Name: Microsoft-Windows-Search
Time Written: 20090607021229.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: allyson-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ALLYSON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2239291263-1848728601-77631012-1001
Account Name: MUM
Account Domain: allyson-PC
Logon ID: 0x150e719
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ALLYSON-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 29423
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090607131639.774000-000
Event Type: Audit Success
User:

Computer Name: allyson-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: ALLYSON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2239291263-1848728601-77631012-1001
Account Name: MUM
Account Domain: allyson-PC
Logon ID: 0x150e75d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x260
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: ALLYSON-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 29424
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090607131639.774000-000
Event Type: Audit Success
User:

Computer Name: allyson-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2239291263-1848728601-77631012-1001
Account Name: MUM
Account Domain: allyson-PC
Logon ID: 0x150e719

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 29425
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090607131639.774000-000
Event Type: Audit Success
User:

Computer Name: allyson-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2239291263-1848728601-77631012-1001
Account Name: MUM
Account Domain: allyson-PC
Logon ID: 0x150e75d

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 29426
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090607131640.590000-000
Event Type: Audit Success
User:

Computer Name: allyson-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2239291263-1848728601-77631012-1001
Account Name: MUM
Account Domain: allyson-PC
Logon ID: 0x150e719

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 29427
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090607131640.590000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Subversion\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1601
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------


i think this is what u mean :)

Edited by OwenMatey, 07 June 2009 - 11:02 AM.


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 11:18 AM

Hi :thumbup2:

Yeah, that's what I meant. I'm a bit concerned that you weren't able to download HijackThis.

Let's try installign HJT and then running RSIT again to run a scan:
  • Please find and delete the Hijackthis.exe you already have installed.
  • Click here to download HijackThis.
  • Save HJTInstall.exe to your Desktop.
  • Double click on the HJTInstall.exe icon to start the program.
Now, once HJT has been installed, try re-running RSIT. When the log opens up, see if there is a HJT log present, if there is, please copy and paste the report in your next reply.

If this doesn't generate a HJT log, do the following:
We need to run a DDS scan
  • Please download DDS by sUBs from one of the following links. Save it to your desktop.
    Download 1
    Download 2
  • Double click on the DDS icon, allow it to run
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running
  • Notepad will open with the results, click no to the Optional Scan
  • Follow the instructions that pop up for posting the results
  • Close the program window
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Edited by aommaster, 07 June 2009 - 11:18 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 11:37 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:53, on 07/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\MUM\AppData\Local\Microsoft\Windows\Explorer\rsbot%202.0[1].exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MUM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQKZPKNS\AutoFlaxPicker_V2.3[1].exe
C:\Windows\system32\javaw.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\MUM\Desktop\HiJackThis\HijackThis.exe


--
End of file - 1282 bytes

that it?

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 11:45 AM

Edit: Nope, didn't work :thumbup2: Please try and run DDS and see what pops up

Edited by aommaster, 07 June 2009 - 11:47 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 12:08 PM

this is what popped up first.


DDS (Ver_09-05-14.01) - NTFSx86
Run by MUM at 18:03:29.98 on 07/06/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1013.228 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\MUM\AppData\Roaming\Google\vmsclock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\MUM\AppData\Local\Microsoft\Windows\Explorer\rsbot%202.0[1].exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\MUM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQKZPKNS\AutoFlaxPicker_V2.3[1].exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\javaw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\MUM\Desktop\HiJackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MUM\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: milehighads: {278df07c-fe52-70cd-f46b-afddd4b778ff} - c:\windows\system32\nsb4C4F.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Zango: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
BHO: milehighads browser enhancer: {ce1c37ff-9edd-12d6-3685-0455bdc07618} - c:\windows\system32\qgebwrptznzgms.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: mysidesearch search enhancer: {eba7c072-3a3c-5310-b4ef-ea9cbecfc4cf} - c:\windows\system32\obextldnaepbh.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Zango: {90b8b761-df2b-48ac-bbe0-bcc03a819b3b} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Zango Information Window: {2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} - c:\program files\zango\bin\10.3.75.0\HostIE.dll
uRun: [Hzehixaqabezaxe] rundll32.exe "c:\users\mum\appdata\local\ukepevog.dll",e
uRun: [__c007216C] rundll32.exe "c:\users\mum\appdata\local\temp\__c007216C.dat",B
uRun: [Frigo] rundll32.exe "c:\users\mum\appdata\local\Cbinepinukonejiq.dll",e
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [realteks] "c:\users\mum\appdata\roaming\google\vmsclock.exe" 2
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [rsbot%202.0[1].exe] c:\users\mum\appdata\local\microsoft\windows\explorer\rsbot%202.0[1].exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; Zango 10.3.75.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.habbo.co.uk/client?createRoom=3"
mRun: [eRecoveryService]
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [vrxbajodbjv] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\qgebwrptznzgms.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
StartupFolder: c:\users\mum\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm238YYGB
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: a02b1f2f515 - c:\windows\system32\dinput832.dll
Notify: a02b1f2f517 - c:\windows\system32\basesrv32.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\dinput832.dll,c:\windows\system32\basesrv32.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-26 180736]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-6-13 41008]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-2-27 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-6-14 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-6-14 51968]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2008-6-14 8064]
S3 PAC207;Ball Cam;c:\windows\system32\drivers\PFC027.SYS [2009-3-21 618112]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2008-6-14 28224]
S4 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-2-25 51200]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-12-16 28762]
S4 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-2-27 185640]

=============== Created Last 30 ================

2009-06-07 16:53 <DIR> --d----- c:\program files\trend micro
2009-06-04 02:04 <DIR> --d----- c:\program files\Axife Mouse Recorder DEMO
2009-05-28 14:11 306,688 a------- c:\windows\IsUninst.exe
2009-05-21 00:09 <DIR> --d----- c:\users\mum\.gimp-2.6
2009-05-21 00:09 <DIR> --d----- c:\users\mum\.gegl-0.0
2009-05-18 19:46 <DIR> --d----- c:\users\mum\.jagex_cache_32
2009-05-17 23:09 34 a------- c:\users\mum\jagex_runescape_preferences.dat
2009-05-17 23:08 <DIR> --d----- C:\.jagex_cache_32
2009-05-17 22:55 <DIR> --d----- c:\users\mum\.thumbnails
2009-05-12 21:58 688,128 a------- c:\windows\system32\libeay32.dll
2009-05-12 21:58 155,648 a------- c:\windows\system32\ssleay32.dll
2009-05-12 21:58 98,360 a------- c:\windows\system32\bass.dll
2009-05-12 21:58 25,152 a------- c:\windows\system32\bassmidi.dll
2009-05-12 21:58 25,152 a------- c:\windows\system32\bassflac.dll

==================== Find3M ====================

2009-06-06 23:22 1,660 a------- c:\windows\bthservsdp.dat
2009-05-30 18:57 615,424 a------- c:\windows\system32\themeui.dll
2009-05-30 18:57 240,128 a------- c:\windows\system32\uxtheme.dll
2009-05-03 22:17 86,016 a------- c:\windows\inf\infstor.dat
2009-05-03 22:17 51,200 a------- c:\windows\inf\infpub.dat
2009-05-03 22:17 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-03 19:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-28 23:19 286,720 -------- c:\windows\Setup1.exe
2009-04-27 17:23 304,160 a------- C:\PA207.DAT
2009-04-26 17:55 73,216 -------- c:\windows\ST6UNST.EXE
2009-04-25 03:22 48,278 a------- c:\windows\system32\hqvhianadknlve.exe
2009-04-23 23:31 410,984 a------- c:\windows\system32\RENA776.tmp
2009-04-23 23:22 410,984 a------- c:\windows\system32\RENCE66.tmp
2009-04-23 22:35 85,634 a------- c:\windows\system32\dfd4c339-f0fb-3a15-5234-97cbe95ee305.exe
2009-04-23 11:06 479,232 a------- c:\windows\system32\qgebwrptznzgms.dll
2009-04-09 13:15 687,104 a------- c:\windows\system32\nsb4C4F.dll
2009-04-08 18:20 12,988 a------- c:\windows\DIIUnin.dat
2009-03-21 21:38 94,208 a------- c:\windows\DIIUnin.exe
2009-03-21 21:38 2,829 a------- c:\windows\DIIUnin.pif
2009-02-06 23:31 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-06 23:31 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-16 03:12 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:04:09.50 ===============


this popped p after

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 24/03/2008 18:56:25
System Uptime: 06/07/2009 08:10:51 (-686 hours ago)

Motherboard: Acer | | Acadia
Processor: Intel® Celeron® CPU 550 @ 2.00GHz | uPGA-478 | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 32 GiB total, 0.004 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 28.544 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0044
Manufacturer: Microsoft
Name: isatap.{E7544F6C-5A0B-40C5-B5A3-67D052B50E18}
PNP Device ID: ROOT\*ISATAP\0044
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0090
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #33
PNP Device ID: ROOT\*ISATAP\0090
Service: tunnel

Class GUID: {bc103702-dd72-406f-9b28-95c868337b59}
Description: USB Easy Transfer Cable
Device ID: ROOT\TRANSFER_CABLE\0000
Manufacturer: Microsoft
Name: USB Easy Transfer Cable
PNP Device ID: ROOT\TRANSFER_CABLE\0000
Service: winusb

==== System Restore Points ===================

RP317: 07/06/2009 02:16:19 - Removed Adobe Reader 8.1.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader 8.1.0
Adobe Shockwave Player 11
Agere Systems HDA Modem
ALPS Touch Pad Driver
Axife Mouse Recorder DEMO 5.01
Ball Cam
Card Detector for Option Icon 225
Choice Guard
Company of Heroes - FAKEMSI
Contextual Tool Milehighads
DHTML Editing Component
Diablo II
Free YouTube to Mp3 Converter version 3.1
Hero Editor V0.96
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
Intel® Graphics Media Accelerator Driver
Internet Everywhere uninstall
Java DB 10.3.1.4
Java™ 6 Update 7
Junk Mail filter update
LightScribe 1.4.142.1
LimeWire 4.18.8
LiveUpdate (Symantec Corporation)
Logitech QuickCam Driver Package
Map Button (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Milehighads Games Collection
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
My Web Search (Cursor Mania)
Norton PC Checkup
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org Installer 1.0
QuickTime
Realtek High Definition Audio Driver
RK Client 3.5.2
RK CutterBanker 3
RKAutominer 2
RON Too1 Milehighads
SCAR CDE 2.03
SCAR Divi CDE 3.20d
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
SwiftSwitch
SymNet
TeamViewer 4
TortoiseSVN 1.6.1.16129 (32 bit)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
VistaGlazz 1.2
web'n'walk stick manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Zango

==== Event Viewer Messages From Past Week ========

31/05/2009 20:07:57, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.127 for the Network Card with network address 001F3AA91BFC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
31/05/2009 15:12:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
31/05/2009 13:14:44, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
31/05/2009 13:10:18, Error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&3210d5f6&0&00E3) disappeared from the system without first being prepared for removal.
06/06/2009 21:14:04, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.2. The computer with the IP address 192.168.2.3 did not allow the name to be claimed by this computer.
06/06/2009 18:59:27, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
06/06/2009 13:06:10, Error: EventLog [6008] - The previous system shutdown at 00:56:49 on 06/06/2009 was unexpected.
05/06/2009 18:15:07, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "3" Happened while starting this command: "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
05/06/2009 17:01:33, Error: EventLog [6008] - The previous system shutdown at 16:09:49 on 05/06/2009 was unexpected.
05/06/2009 17:00:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
05/06/2009 09:28:49, Error: EventLog [6008] - The previous system shutdown at 00:12:09 on 05/06/2009 was unexpected.
04/06/2009 08:32:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
03/06/2009 17:37:15, Error: EventLog [6008] - The previous system shutdown at 17:35:57 on 03/06/2009 was unexpected.
03/06/2009 01:38:41, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
02/06/2009 23:01:24, Error: EventLog [6008] - The previous system shutdown at 22:30:46 on 02/06/2009 was unexpected.
02/06/2009 07:18:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
01/06/2009 21:57:21, Error: EventLog [6008] - The previous system shutdown at 07:50:02 on 01/06/2009 was unexpected.
01/06/2009 07:44:18, Error: EventLog [6008] - The previous system shutdown at 07:34:54 on 01/06/2009 was unexpected.
01/06/2009 07:23:45, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
01/06/2009 07:23:45, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
01/06/2009 07:22:02, Error: EventLog [6008] - The previous system shutdown at 23:08:37 on 31/05/2009 was unexpected.

==== End Of File ===========================

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 12:45 PM

Hi!

That's perfect! Please give me a while to take a look through your logs and post up a fix for you.

Thanks :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 01:18 PM

Thanks
is that the reason then why i coulddnt use firefox n stuff ect?.

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 01:26 PM

Hi :thumbup2:

Yes. As you saw, running a HijackThis scan was near-to-impossible and hijackThsi doesn't require anything to run. DDS does a very similar thing to HijackThis, but in a different way, so I can get the same information from it.

I'm in the process of looking over your logs and there seem to be a bunch of infections present. From the looks of it, it seems to be producing a lot of ads too.

Please be patient while I get my fix approved by a coach, and I'll post it up as soon as possible :)

Thanks for understanding :)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 01:39 PM

Ah thanks to u dude.
what u do post instuctions on how to remove it or ?
something?

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 07 June 2009 - 01:51 PM

Hi!

Yes, we basically work like this:
1.You post up a log
2.I'll look through the logs and (hopefully withing 24hrs) I'll post back with a 'fix'. A fix is basically a set of instructions that tell you what to download and how to run the specific tool.
3.You run the tool and it will generate a log, which you'll post in your next reply.
4.Rinse and repeat until your computer's clean (I'll let you know when that is the case)

Sound good? :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 OwenMatey

OwenMatey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 07 June 2009 - 02:37 PM

Yeahh :thumbup2:

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 10 June 2009 - 02:12 AM

Hello, OwenMatey.

My apologies for the delay in the response.


We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    Link 3
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Right click on ComboFix.exe run as Administrator, then follow the prompts.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

Edited by aommaster, 10 June 2009 - 02:18 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 AM

Posted 13 June 2009 - 04:46 AM

Hello OwenMatey
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users