Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Is Hidden On My Computer Accessing My Internet Explorer, Recording My Passwords And Credit Card Information, Randomly Shuttin Off My Computer


  • Please log in to reply
4 replies to this topic

#1 killerjmd82

killerjmd82

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 February 2007 - 05:42 PM

Hi all. I was wondering if someone can help me about a month ago I downloaded this game software that allows u to play games for free and also this internet tv program that allows u to watch tv from asia and other countries. Right after i did this, i started getting popups for pornsites from my internet explorer like every 5 minutes. Another thing i noticed is that my computer would sometimes shut its self off every once and a while like it had a mind of its own. Another thing is my computer would tell me that i couldnt access the paticular info that i was requesting on internet explorer the funny thing is i dont use internet explorer. The final straw was that i had made some purchases online with my credit card, next thing i know i have all these charges from all over the country and the only way someone could have gotten my info was from the computer. I used spybot search and destroy, spyware quake, xoftspy se and my symantec antivirus and the porn pop ups have dissapeared Please someone that knows what they are doing help me. Here are my logs i hope they help.

Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:07 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\AGNITUM\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Activescan:


Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jared\Cookies\jared@atwola[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jared\Cookies\jared@ct.360i[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jared\Cookies\jared@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jared\Cookies\jared@cgi-bin[3].txt

Thanx in advance.
-Jared

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 22 February 2007 - 05:53 PM

Welcome to BC killerjmd82 :thumbsup:

You're log looks clean,let's try the following.

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

*****************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

****************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the Comboscan.txt from the Comboscan into your next reply.

You may need several replies to post the logs in case they won't fit in one reply.

Reboot,post the Counterspy report,the sarscan.log,the Comboscan.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 killerjmd82

killerjmd82
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 February 2007 - 08:32 PM

thanx for ur help. does this look ok.

ComboScan v20070221.16 run by Jared on 2007-02-22 at 19:36:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Jared.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:36:23 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AGNITUM\TAUSCA~1.7\taumon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\QEBFL8EL\comboscan[1].exe
C:\Program Files\HijackThis\Jared.exe
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\SNYVWHUV\counterspy[1].exe
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\AGNITUM\TAUSCA~1.7\taumon.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5329AB59-B0AF-44D9-8F88-2D42A8D8AE9E}: NameServer = 205.188.146.145
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - C:\WINDOWS\system32\drivers\AegisP.sys
4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3S AVerM115 (AVerM115 service) - C:\WINDOWS\system32\drivers\AVerM115.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys
3S btaudio (Bluetooth Audio Device) - C:\WINDOWS\system32\drivers\btaudio.sys
3S BTDriver (Bluetooth Virtual Communications Driver) - C:\WINDOWS\system32\drivers\btport.sys
3S BthEnum (Bluetooth Request Block Driver) - C:\WINDOWS\system32\drivers\BthEnum.sys
3S BthPan (Bluetooth Device (Personal Area Network)) - C:\WINDOWS\system32\drivers\bthpan.sys
3S BTHPORT (Bluetooth Port Driver) - C:\WINDOWS\system32\drivers\bthport.sys
3S BTHUSB (Bluetooth Radio USB Driver) - C:\WINDOWS\system32\drivers\BTHUSB.SYS
3R BTKRNL (Bluetooth Bus Enumerator) - C:\WINDOWS\system32\drivers\btkrnl.sys
2R BTSERIAL (Bluetooth Serial Driver) - C:\WINDOWS\system32\drivers\btserial.sys
3S BTWDNDIS (Bluetooth LAN Access Server) - C:\WINDOWS\system32\drivers\btwdndis.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
3R DKbFltr (Dritek Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
2R EpmPsd (Acer EPM Power Scheme Driver) - C:\WINDOWS\system32\drivers\epm-psd.sys
2R EpmShd (Acer EPM System Hardware Driver) - C:\WINDOWS\system32\drivers\epm-shd.sys
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSFHWAZL - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
3R HSF_DPV - C:\WINDOWS\system32\drivers\HSF_DPV.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.Sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA Protocol) - C:\WINDOWS\system32\drivers\irda.sys
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R lv321av (Logitech USB PC Camera (VC0321)) - C:\WINDOWS\system32\drivers\lv321av.sys
3R lvmvdrv (Logitech Machine Vision Engine Loader) - C:\WINDOWS\system32\drivers\LVMVdrv.sys
3R LVPrcMon (Logitech LVPrcMon Driver) - C:\WINDOWS\system32\drivers\LVPrcMon.sys
3R LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MPE (BDA MPE Filter) - C:\WINDOWS\system32\drivers\MPE.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NAVAP - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys
2R NAVAPEL - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070214.020\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070214.020\NAVEX15.SYS
3R NdisFilt (OSA NdisFilter Protocol) - C:\WINDOWS\system32\drivers\NdisFilt.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3S NETMNT (Acer NetMonitor Protocol) - C:\WINDOWS\system32\drivers\NETMNT.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S NPF (NetGroup Packet Filter Driver) - C:\WINDOWS\system32\drivers\npf.sys
3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
0R ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
1R OsaFsLoc - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
2R procguard - C:\WINDOWS\system32\drivers\procguard.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3R Rasirda (WAN Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - C:\WINDOWS\system32\drivers\rfcomm.sys
2R s24trans (WLAN Transport) - C:\WINDOWS\system32\drivers\s24trans.sys
1R SCDEmu - C:\WINDOWS\system32\drivers\scdemu.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3S SMCB000 (SMSC CIR HID Miniport Device Driver) - C:\WINDOWS\system32\drivers\hidsmsc.sys
3R SMCIRDA (SMSC IrCC Miniport Device Driver) - C:\WINDOWS\system32\drivers\smcirda.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
0R Teefer (Teefer for NT) - C:\WINDOWS\system32\drivers\Teefer.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3R w39n51 (Intel® PRO/Wireless 3945ABG Adapter Driver) - C:\WINDOWS\system32\drivers\w39n51.sys
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
2R wg3n (SyGate for NT, wg3n) - C:\WINDOWS\system32\drivers\wg3n.sys
2R wg4n (SyGate for NT, wg4n) - C:\WINDOWS\system32\drivers\wg4n.sys
2R wg5n (SyGate for NT, wg5n) - C:\WINDOWS\system32\drivers\wg5n.sys
2R wg6n (SyGate for NT, wg6n) - C:\WINDOWS\system32\drivers\wg6n.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
1R WmiAcpi (Microsoft Windows Management Interface for ACPI) - C:\WINDOWS\system32\drivers\wmiacpi.sys
1R wpsdrvnt - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2R int15.sys - C:\Acer\Empowering Technology\eRecovery\int15.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\system32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
2R AOL ACS (AOL Connectivity Service) - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R AWService (AdminWorks Agent X6) - "C:\Acer\Empowering Technology\admServ.exe"
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R BthServ (Bluetooth Support Service) - C:\WINDOWS\system32\svchost.exe -k bthsvcs
2R btwdins (Bluetooth Service) - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe"
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe"
3S COMSysApp (COM+ System Application) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R CyberLink Media Library Service - "C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe"
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R DCSPGSRV (DiamondCS ProcessGuard Service v3.410) - "C:\Program Files\ProcessGuard\dcsuserprot.exe"
2R DefWatch - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
2R Dhcp (DHCP Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\system32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R EvtEng (Intel® PROSet/Wireless Event Log) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\system32\imapi.exe
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2R Irmon (Infrared Monitor) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanserver (Server) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R LVPrcSrv (Logitech Process Monitor) - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
4S Messenger - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\system32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\system32\msdtc.exe
3R MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\system32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R Norton AntiVirus Server (Symantec AntiVirus Client) - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\system32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\system32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
2R RegSrvc (Intel® PROSet/Wireless Registry Service) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\system32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\system32\rsvp.exe
2R S24EventMonitor (Intel® PROSet/Wireless Service) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SmcService (Sygate Personal Firewall) - C:\Program Files\Sygate\SPF\smc.exe
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\system32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\system32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\system32\dllhost.exe /Processid:{3B912082-F7D5-4A4E-B6F2-C58B43696A26}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
2S Viewpoint Manager Service -
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WANMiniportService (WAN Miniport (ATW) Service) - "C:\WINDOWS\wanmpsvc.exe"
2R WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-22 17:22:44 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job<REGCUR~1.JOB>
2007-02-20 03:49:26 338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job<UNIBLU~1.JOB>
2007-02-20 03:19:22 362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB>
2007-02-19 20:16:04 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-02-17 22:15:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-22 19:36:21 0 d-------- C:\SOPHTEMP
2007-02-22 02:39:12 0 d--hs---- C:\FOUND.001
2007-02-21 17:55:30 0 d--hs---- C:\FOUND.000
2007-02-20 18:55:28 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-20 04:03:08 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-20 04:02:21 0 d-------- C:\Documents and Settings\All Users\WholeSecurity<WHOLES~1>
2007-02-20 03:39:32 0 d-------- C:\Documents and Settings\Jared\Application Data\Uniblue
2007-02-20 03:32:15 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-20 03:10:22 14568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-02-20 03:10:22 14568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-02-20 03:10:21 14568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-02-20 03:10:21 14568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-02-20 03:10:20 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-02-20 03:10:06 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-02-20 03:10:04 83096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-02-20 03:10:00 0 d-------- C:\Program Files\Sygate
2007-02-20 03:08:36 0 d-------- C:\Downloads<DOWNLO~1>
2007-02-20 03:08:36 0 d-------- C:\Documents and Settings\Jared\Application Data\GetRightToGo<GETRIG~1>
2007-02-20 03:03:51 0 d-------- C:\Documents and Settings\Jared\Application Data\Lavasoft
2007-02-20 03:03:47 0 d-------- C:\Program Files\Lavasoft
2007-02-20 03:03:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 03:01:57 0 d-------- C:\WINDOWS\Sun
2007-02-20 03:01:57 0 d-------- C:\Documents and Settings\Jared\Application Data\Sun
2007-02-19 23:40:51 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-19 23:40:49 0 d-------- C:\Program Files\Grisoft
2007-02-19 22:00:36 176396 --a------ C:\WINDOWS\system32\pguard.dat
2007-02-19 22:00:36 87860 --a------ C:\WINDOWS\system32\pghash.dat
2007-02-19 21:13:34 0 d-------- C:\Program Files\SpyOnThis v2.0<SPYONT~1.0>
2007-02-19 20:56:26 44544 --a------ C:\WINDOWS\system32\procguard.dll<PROCGU~1.DLL>
2007-02-19 20:56:26 26688 --a------ C:\WINDOWS\system32\drivers\procguard.sys<PROCGU~1.SYS>
2007-02-19 20:56:26 0 d-------- C:\Program Files\ProcessGuard<PROCES~1>
2007-02-19 20:55:03 7440 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-19 20:55:03 40960 --a------ C:\WINDOWS\system32\dcsws2.dll
2007-02-19 20:55:03 0 d-------- C:\Program Files\Port Explorer<PORTEX~1>
2007-02-19 20:50:29 0 d-------- C:\Program Files\Agnitum
2007-02-19 20:15:58 0 d-------- C:\Program Files\RegCure
2007-02-18 16:32:50 0 d-------- C:\Program Files\iTunes
2007-02-17 17:17:38 0 d-------- C:\Documents and Settings\Jared\Application Data\Viewpoint<VIEWPO~1>
2007-02-14 23:12:48 0 d-------- C:\Documents and Settings\Jared\Application Data\AdobeUM
2007-02-12 10:23:50 0 d-------- C:\Program Files\MetaStream<METAST~1>
2007-02-11 20:52:22 0 d-------- C:\Documents and Settings\Jared\Shared
2007-02-11 20:52:21 0 d-------- C:\Documents and Settings\Jared\Incomplete<INCOMP~1>
2007-02-11 20:50:21 0 d-------- C:\Program Files\Java
2007-02-11 20:38:47 0 d-------- C:\Program Files\Common Files\Java
2007-02-11 20:38:07 0 d-------- C:\Program Files\LimeWire
2007-02-11 20:29:42 0 d-------- C:\Documents and Settings\Jared\.limewire<LIMEWI~1>
2007-02-09 17:45:28 0 d-------- C:\Documents and Settings\Jared\Application Data\AOL
2007-02-08 13:59:23 0 d-------- C:\Program Files\IrfanView<IRFANV~1>
2007-02-08 13:28:01 0 d-------- C:\Documents and Settings\Jared\Application Data\Image Zone Express<IMAGEZ~1>
2007-02-08 13:25:48 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-02-08 13:25:42 0 d-------- C:\Program Files\iPod
2007-02-08 13:23:30 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-08 13:19:35 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-02-08 13:19:15 0 d-------- C:\Program Files\Common Files\HP
2007-02-08 13:16:44 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-08 13:15:11 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-02-08 13:12:20 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-02-08 13:12:18 51120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-02-08 13:11:58 21744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-02-08 13:11:44 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-08 13:09:10 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-02-08 13:09:10 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-02-08 13:09:10 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-02-08 13:09:10 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-02-08 13:09:10 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-02-08 13:09:10 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-02-08 13:07:02 0 d-------- C:\Program Files\HP
2007-02-08 13:06:58 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-08 13:06:56 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-08 13:01:04 21124 -----n--- C:\WINDOWS\hpomdl07.dat
2007-02-08 13:01:04 112898 --a------ C:\WINDOWS\hpoins07.dat
2007-02-08 13:00:54 0 d-------- C:\Documents and Settings\Jared\Application Data\HP
2007-02-08 03:03:20 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-07 20:52:57 0 d-------- C:\Documents and Settings\Jared\Application Data\DivX
2007-02-07 16:17:44 0 d-------- C:\Documents and Settings\Jared\Application Data\Apple Computer<APPLEC~1>
2007-02-07 16:11:12 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-07 16:10:47 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-07 16:10:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-07 03:00:24 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-07 03:00:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-07 01:23:08 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2007-02-07 01:22:35 0 d-------- C:\Program Files\Common Files\aolback
2007-02-07 01:22:32 0 d-------- C:\Program Files\AOL Companion<AOLCOM~1>
2007-02-07 01:22:31 0 d-------- C:\WINDOWS\occache
2007-02-07 01:22:31 0 d-------- C:\Program Files\Learn2.com
2007-02-07 01:22:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint<VIEWPO~1>
2007-02-07 01:22:26 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-07 01:22:18 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime<QUICKT~1>
2007-02-07 01:22:11 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-02-07 01:22:03 8552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-02-07 01:22:03 0 d-------- C:\My Music<MYMUSI~1>
2007-02-07 01:22:00 0 d-------- C:\Program Files\Real
2007-02-07 01:21:58 0 d-------- C:\Program Files\Common Files\Real
2007-02-07 01:21:35 1044480 --a------ C:\WINDOWS\system32\roboex32.dll
2007-02-07 01:21:35 153088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2007-02-07 01:21:35 54784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-02-07 01:21:35 24659 --a------ C:\WINDOWS\system32\aolddial.dll
2007-02-07 01:21:10 65536 --a------ C:\WINDOWS\wanmpsvc.exe
2007-02-07 01:21:07 33588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-02-07 01:20:56 0 d-------- C:\Program Files\Common Files\aolshare
2007-02-07 01:20:54 0 d-------- C:\Program Files\America Online 9.0<AMERIC~1.0>
2007-02-07 01:20:54 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-02-07 01:20:30 0 d-------- C:\Program Files\Common Files\AOL
2007-02-07 01:20:28 335 --a------ C:\WINDOWS\nsreg.dat
2007-02-07 01:11:20 0 d-------- C:\Documents and Settings\Jared\Application Data\Acer
2007-02-07 01:11:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Acer
2007-02-07 01:11:13 4392 --a------ C:\WINDOWS\system32\drivers\NdisFilt.sys
2007-02-07 01:11:11 12106 --a------ C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2007-02-07 01:11:10 4010 --a------ C:\WINDOWS\system32\drivers\osanbm.sys
2007-02-07 01:11:10 7296 --a------ C:\WINDOWS\system32\drivers\osaio.sys
2007-02-07 01:09:23 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-02-07 01:07:53 245824 -ra------ C:\WINDOWS\Instexec.exe
2007-02-07 01:07:52 245824 -ra------ C:\WINDOWS\system32\InstExec.exe
2007-02-07 01:07:49 2112 --a------ C:\WINDOWS\system32\Repository.reg<REPOSI~1.REG>
2007-02-07 01:07:49 380928 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-02-07 01:07:49 217088 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-02-07 01:07:49 110592 --a------ C:\WINDOWS\system32\lvcoinst.dll
2007-02-07 01:07:49 204800 --a------ C:\WINDOWS\system32\lvcodec2.dll
2007-02-07 01:07:49 39424 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-02-07 01:07:49 1088896 --a------ C:\WINDOWS\system32\drivers\lv321av.sys
2007-02-07 01:07:49 0 d-------- C:\Program Files\Common Files\Logitech
2007-02-07 01:07:48 0 d-------- C:\Program Files\Common Files\Acer
2007-02-07 01:07:46 49152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-02-07 01:07:46 49152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-02-07 01:07:46 61440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-02-07 01:07:46 61440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-02-07 01:07:46 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-02-07 01:07:46 65536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-02-07 01:07:46 45056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-02-07 01:07:46 40960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-02-07 01:07:46 262144 --a------ C:\WINDOWS\system32\ElkCtrl.exe
2007-02-07 01:07:46 57344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll
2007-02-07 01:07:46 323584 --a------ C:\WINDOWS\system32\CamCplRes.dll<CAMCPL~1.DLL>
2007-02-07 01:07:45 167936 --a------ C:\WINDOWS\system32\VxLib.dll
2007-02-07 01:07:45 151552 --a------ C:\WINDOWS\system32\VLib.dll
2007-02-07 01:07:45 1645320 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-02-07 01:07:44 39424 --a------ C:\WINDOWS\system32\VxLibRes.dll
2007-02-07 01:06:40 258048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe<UNINST~1.EXE>
2007-02-07 01:05:15 0 d--hs---- C:\Recycled
2007-02-07 01:04:55 233472 --a------ C:\WINDOWS\system32\wpcap.dll
2007-02-07 01:04:55 61440 --a------ C:\WINDOWS\system32\WanPacket.dll<WANPAC~1.DLL>
2007-02-07 01:04:55 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll<PTHREA~1.DLL>
2007-02-07 01:04:55 81920 --a------ C:\WINDOWS\system32\packet.dll
2007-02-07 01:04:55 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2007-02-07 01:04:55 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2007-02-07 01:04:55 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2007-02-07 01:04:55 0 d-------- C:\Program Files\WinPCap
2007-02-07 01:04:46 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-07 01:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-02-07 01:04:24 61440 --a------ C:\WINDOWS\system32\acerGina.dll
2007-02-07 01:03:59 0 d-------- C:\Program Files\Launch Manager<LAUNCH~1>
2007-02-07 01:03:58 49152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2007-02-07 01:03:58 5120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2007-02-07 01:03:58 16896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2007-02-07 01:02:36 225350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2007-02-07 01:01:57 0 d-------- C:\Documents and Settings\Jared\Bluetooth Software<BLUETO~1>
2007-02-07 01:00:34 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-07 01:00:26 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-07 01:00:26 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-02-07 01:00:21 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-02-07 01:00:21 274304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-02-07 00:58:59 0 d-------- C:\Program Files\WIDCOMM
2007-02-07 00:58:56 0 d-------- C:\Program Files\WinISO
2007-02-07 00:58:09 27136 --a------ C:\WINDOWS\system32\eDSshellExt.dll<EDSSHE~1.DLL>
2007-02-07 00:58:04 0 d-------- C:\Program Files\Common Files\EZB Systems<EZBSYS~1>
2007-02-07 00:58:03 53248 --a------ C:\WINDOWS\system32\sysenv.dll
2007-02-07 00:58:03 81920 --a------ C:\WINDOWS\system32\Outlook Addin.dll<OUTLOO~1.DLL>
2007-02-07 00:58:03 233472 --a------ C:\WINDOWS\system32\keyManager.dll<KEYMAN~1.DLL>
2007-02-07 00:58:03 0 d-------- C:\Program Files\UltraISO
2007-02-07 00:58:02 822784 --a------ C:\WINDOWS\system32\UIVCL.dll
2007-02-07 00:58:02 352256 --a------ C:\WINDOWS\system32\UI.dll
2007-02-07 00:58:02 32768 --a------ C:\WINDOWS\system32\TC_res.dll
2007-02-07 00:58:01 984064 --a------ C:\WINDOWS\system32\ShowErrUI.dll<SHOWER~2.DLL>
2007-02-07 00:58:01 61440 --a------ C:\WINDOWS\system32\ShowErrMsg.dll<SHOWER~1.DLL>
2007-02-07 00:58:01 45056 --a------ C:\WINDOWS\system32\SC_res.dll
2007-02-07 00:58:01 81920 --a------ C:\WINDOWS\system32\MSNSpook.dll
2007-02-07 00:58:01 10752 --a------ C:\WINDOWS\system32\MSNChatHook.dll<MSNCHA~1.DLL>
2007-02-07 00:58:01 57344 --a------ C:\WINDOWS\system32\LogSPWusage.dll<LOGSPW~1.DLL>
2007-02-07 00:58:01 45056 --a------ C:\WINDOWS\system32\EN_res.dll
2007-02-07 00:58:01 389120 --a------ C:\WINDOWS\system32\CryptoAPI.dll<CRYPTO~1.DLL>
2007-02-07 00:58:01 53248 --a------ C:\WINDOWS\system32\APISlice.dll
2007-02-07 00:58:01 19968 --a------ C:\WINDOWS\system32\ActiveToolBand.dll<ACTIVE~1.DLL>
2007-02-07 00:57:59 0 d-------- C:\Acer
2007-02-07 00:56:21 0 d-------- C:\Program Files\PowerISO
2007-02-07 00:52:44 0 d-------- C:\WINDOWS\Acer
2007-02-07 00:52:34 0 d-------- C:\Documents and Settings\Jared\Application Data\ATI
2007-02-07 00:52:31 2621440 --ah----- C:\Documents and Settings\Jared\NTUSER.DAT
2007-02-07 00:51:55 0 d-------- C:\Documents and Settings\Jared\Application Data\Adobe
2007-02-07 00:51:36 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-07 00:51:34 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-07 00:40:56 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-02-07 00:40:56 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-07 00:40:56 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-07 00:40:56 36624 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-02-07 00:40:56 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-07 00:40:56 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-07 00:40:48 0 d-------- C:\Program Files\DivX
2007-02-07 00:39:37 0 d-------- C:\Documents and Settings\Jared\Application Data\Real
2007-02-07 00:39:35 0 d---s---- C:\Documents and Settings\Jared\UserData
2007-02-07 00:37:43 0 d-------- C:\My Downloads<MYDOWN~1>
2007-02-07 00:30:40 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>
2007-02-07 00:28:55 0 d-------- C:\Program Files\BitLord
2007-02-07 00:28:27 83208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-07 00:28:27 73496 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-07 00:28:16 0 d-------- C:\Program Files\Symantec
2007-02-07 00:28:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-07 00:28:14 0 d-------- C:\Program Files\Symantec_Client_Security<SYMANT~1>
2007-02-07 00:28:14 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-07 00:27:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-07 00:26:44 0 d-------- C:\Program Files\Total Cleaner<TOTALC~1>
2007-02-07 00:24:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-07 00:23:50 0 d-------- C:\Documents and Settings\Jared\Application Data\Help
2007-02-07 00:23:46 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-06 22:45:16 589824 --a------ C:\WINDOWS\AntiV.EXE
2007-02-06 22:45:16 163840 --a------ C:\WINDOWS\AExec.exe
2007-02-06 21:51:32 0 d-------- C:\Documents and Settings\Default User\Application Data\ATI
2007-01-31 23:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-31 23:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-31 23:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-31 23:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 16:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-30 18:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 00:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 00:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 00:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-29 23:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-29 23:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 23:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-29 23:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-29 23:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-29 23:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-07 00:52:46 0 d-------- C:\Documents and Settings\Jared\Application Data\Macromedia<MACROM~1>
2007-02-06 22:45:18 657 --a------ C:\WINDOWS\CLEANUP.CMD
2007-02-06 22:45:16 941 --a------ C:\WINDOWS\HotFix.bat
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:48 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-12 11:24:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2006-12-07 17:02:24 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"!1_ProcessGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

#4 killerjmd82

killerjmd82
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 February 2007 - 08:35 PM

heres more.....

Scan History Details
Start Date: 2/22/2007 8:14:55 PM
End Date: 2/22/2007 8:28:01 PM
Total Time: 13 Min 6 Sec
Detected security risks

Cookie: cookie.monster Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\jared\cookies\jared@cookie.monster[2].txt

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 22 February 2007 - 09:15 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
Exit Hijackthis,find and delete:
C:\Documents and Settings\Jared\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Viewpoint

******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users