Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I Clean?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Am I Clean?

Unread postby Cypher » November 23rd, 2009, 3:09 pm

Hi Powderhoney
It keeps attempting to configure updates but then it fails and reverts them.

Can you tell me which updates are attempting to configure?
Just an update, but when I turned my computer on today windows defender was on. I didn't have to turn it on. However, it still says that my anti-virus is not.

Ok lets try reinstalling Norton to see if that fixes it.

Please visit Here for information on how to use the Norton 360 removal tool.
After you have uninstalled Norton please reinstall it.




Next.

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.

    O23 - Service: McAfee Application Installer Cleanup (0237181230199811) (0237181230199811mcinstcleanup) - Unknown owner - C:\Windows\TEMP\023718~1.EXE (file missing)

  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.

Next.

Disable Winpatrol

  • Right-click the running icon of Winpatrol ( Scotty the dog ) in the sytem tray and choose exit programe.
  • Note: Don't forget to Re-inable it after the fix


Next.

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe And select " Run as administrator " to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    C:\Windows\LMI3707.tmp
    C:\Windows\LMI6779.tmp
    C:\Windows\LMIFF36.tmp
    C:\Windows\LMI201E.tmp
    
    :Commands
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next.

    Re-run - RSIT (Random's System Information Tool)

    You should still have this program on your desktop.
    • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    • Please read the disclaimer... click on Continue.
    • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
    • Please post ONLY the "log.txt", file contents in your next reply.
      (This log can be lengthy, so a separate post may be needed.)

    In your next reply.

    • OTM log.
    • RSIT log.txt.
    • Please answer my question about the updates.
    • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Am I Clean?

Unread postby Powderhoney » November 23rd, 2009, 5:15 pm

The update is called Platform Update for windows vista (KB971644).

I was unable to download the Norton Removal Tool. It would not load. -.-

Upon using the OTM and rebooting it tried to configure updates again, and failed...windows defender this time was again turned off. : |

OTM Log:

All processes killed
========== FILES ==========
C:\Windows\LMI3707.tmp folder moved successfully.
C:\Windows\LMI6779.tmp\diag folder moved successfully.
C:\Windows\LMI6779.tmp folder moved successfully.
C:\Windows\LMIFF36.tmp folder moved successfully.
C:\Windows\LMI201E.tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Myron
->Temp folder emptied: 1362595 bytes
->Temporary Internet Files folder emptied: 938648 bytes
->Java cache emptied: 28236803 bytes
->FireFox cache emptied: 43175086 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1869243 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 248419 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13690462 bytes
RecycleBin emptied: 324911558 bytes

Total Files Cleaned = 395.23 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11232009_202331

Files moved on Reboot...
File C:\Windows\temp\JETC995.tmp not found!
C:\Windows\temp\sub9436.tmp moved successfully.

Registry entries deleted on Reboot...

-------
RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Myron at 2009-11-23 21:14:12
WIN_VISTA Service Pack 2
System drive C: has 33 GB (29%) free of 114 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:18, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Myron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Myron\Desktop\RSIT.exe
C:\Windows\system32\DllHost.exe
C:\Users\Myron\Desktop\Myron.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NetLoki.exe] C:\Program Files\Loki Network\Loki VPN Client\NetLoki.exe
O4 - HKUS\S-1-5-21-3663483775-2980764720-4207296369-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3663483775-2980764720-4207296369-1000\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-3663483775-2980764720-4207296369-1000\..\Run: [NetLoki.exe] C:\Program Files\Loki Network\Loki VPN Client\NetLoki.exe (User '?')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: McAfee Application Installer Cleanup (0237181230199811) (0237181230199811mcinstcleanup) - Unknown owner - C:\Windows\TEMP\023718~1.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11077 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Program Files\Orbitdownloader\orbitcth.dll [2009-09-02 179472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - D:\Program Files\rpbrowserrecordplugin.dll [2009-07-01 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-11-12 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL [2009-11-12 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-05 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - D:\Program Files\Orbitdownloader\GrabPro.dll [2009-09-02 662720]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll [2009-11-12 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-04 1037608]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-03-12 397312]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-03-07 544768]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2008-06-10 3659264]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-04-28 809480]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-09-07 206120]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"NetLoki.exe"=C:\Program Files\Loki Network\Loki VPN Client\NetLoki.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2008-06-10 3024896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\Orbitdownloader\orbitdm.exe"="D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"D:\Program Files\Orbitdownloader\orbitnet.exe"="D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa05392d-d614-11de-a751-00a0d1a76350}]
shell\AutoRun\command - G:\Setup.exe


======List of files/folders created in the last 1 months======

2009-11-23 20:23:31 ----D---- C:\_OTM
2009-11-22 14:16:29 ----A---- C:\Windows\ntbtlog.txt
2009-11-20 23:06:54 ----D---- C:\Windows\system32\N360_BACKUP
2009-11-20 23:03:58 ----D---- C:\Users\Myron\AppData\Roaming\Leadertech
2009-11-19 20:06:35 ----D---- C:\rsit
2009-11-15 22:43:54 ----D---- C:\ProgramData\YoGen
2009-11-14 12:29:31 ----RD---- C:\Program Files\Norton Support
2009-11-12 23:13:59 ----D---- C:\Program Files\Loki Network
2009-11-12 23:09:37 ----RA---- C:\Windows\system32\GEARAspi.dll
2009-11-12 23:09:10 ----D---- C:\Program Files\Symantec
2009-11-12 23:07:17 ----D---- C:\Program Files\Norton 360
2009-11-12 22:47:51 ----D---- C:\ProgramData\PCSettings
2009-11-12 22:35:56 ----D---- C:\ProgramData\Symantec Temporary Files
2009-11-12 22:26:06 ----D---- C:\Users\Myron\AppData\Roaming\WinPatrol
2009-11-12 22:25:54 ----D---- C:\Program Files\BillP Studios
2009-11-12 22:23:42 ----RD---- C:\Sandbox
2009-11-12 22:23:09 ----A---- C:\Windows\Sandboxie.ini
2009-11-12 22:22:40 ----D---- C:\Program Files\Sandboxie
2009-11-12 22:22:15 ----D---- C:\Program Files\SpywareBlaster
2009-11-12 20:45:08 ----A---- C:\Windows\system32\javaws.exe
2009-11-12 20:45:08 ----A---- C:\Windows\system32\javaw.exe
2009-11-12 20:45:02 ----A---- C:\Windows\system32\java.exe
2009-11-12 00:31:11 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-11 18:46:40 ----A---- C:\Windows\zip.exe
2009-11-11 18:46:40 ----A---- C:\Windows\SWXCACLS.exe
2009-11-11 18:46:40 ----A---- C:\Windows\SWSC.exe
2009-11-11 18:46:40 ----A---- C:\Windows\SWREG.exe
2009-11-11 18:46:40 ----A---- C:\Windows\sed.exe
2009-11-11 18:46:40 ----A---- C:\Windows\PEV.exe
2009-11-11 18:46:40 ----A---- C:\Windows\NIRCMD.exe
2009-11-11 18:46:40 ----A---- C:\Windows\MBR.exe
2009-11-11 18:46:40 ----A---- C:\Windows\grep.exe
2009-11-11 18:46:15 ----D---- C:\Windows\ERDNT
2009-11-11 18:46:12 ----D---- C:\ComboFix
2009-11-11 18:41:09 ----D---- C:\Qoobox
2009-11-10 23:29:47 ----D---- C:\Program Files\CrossLoop
2009-11-10 16:31:11 ----D---- C:\Users\Myron\AppData\Roaming\Malwarebytes
2009-11-10 16:31:05 ----D---- C:\ProgramData\Malwarebytes
2009-11-10 16:31:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-09 22:50:05 ----D---- C:\Program Files\Trend Micro
2009-11-09 19:11:44 ----A---- C:\AskScreen.ini
2009-11-09 18:24:38 ----D---- C:\Program Files\AVG
2009-11-08 20:45:08 ----A---- C:\Users\Myron\AppData\Roaming\acervcmtmp.ini
2009-11-07 01:31:25 ----D---- C:\ProgramData\Norton
2009-11-07 01:30:45 ----D---- C:\ProgramData\NortonInstaller
2009-11-07 01:30:45 ----D---- C:\Program Files\NortonInstaller
2009-11-06 22:11:20 ----D---- C:\ProgramData\WindowsLiveInstaller
2009-11-06 19:53:41 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-06 19:38:24 ----D---- C:\Program Files\Common Files\Windows Live
2009-11-04 19:34:52 ----A---- C:\Windows\system32\mshtml.dll
2009-10-27 17:16:50 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 17:16:47 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 17:16:45 ----A---- C:\Windows\system32\wmploc.DLL

======List of files/folders modified in the last 1 months======

2009-11-23 21:14:18 ----D---- C:\Windows\Prefetch
2009-11-23 21:14:17 ----D---- C:\Windows\Temp
2009-11-23 21:10:02 ----D---- C:\Program Files\Mozilla Firefox
2009-11-23 21:02:49 ----D---- C:\Windows\rescache
2009-11-23 21:01:59 ----D---- C:\Windows\winsxs
2009-11-23 20:58:39 ----D---- C:\Windows\system32\wbem
2009-11-23 20:45:12 ----D---- C:\Windows
2009-11-23 20:45:04 ----D---- C:\Windows\system32\en-US
2009-11-23 20:45:04 ----D---- C:\Windows\System32
2009-11-23 20:45:03 ----D---- C:\Windows\system32\drivers
2009-11-23 20:45:03 ----D---- C:\Windows\inf
2009-11-23 20:24:28 ----RD---- C:\Program Files
2009-11-23 20:24:27 ----D---- C:\Windows\system32\zh-TW
2009-11-23 20:24:27 ----D---- C:\Windows\system32\zh-HK
2009-11-23 20:24:27 ----D---- C:\Windows\system32\zh-CN
2009-11-23 20:24:27 ----D---- C:\Windows\system32\uk-UA
2009-11-23 20:24:27 ----D---- C:\Windows\system32\tr-TR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\th-TH
2009-11-23 20:24:27 ----D---- C:\Windows\system32\sv-SE
2009-11-23 20:24:27 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-23 20:24:27 ----D---- C:\Windows\system32\sl-SI
2009-11-23 20:24:27 ----D---- C:\Windows\system32\sk-SK
2009-11-23 20:24:27 ----D---- C:\Windows\system32\ru-RU
2009-11-23 20:24:27 ----D---- C:\Windows\system32\ro-RO
2009-11-23 20:24:27 ----D---- C:\Windows\system32\pt-PT
2009-11-23 20:24:27 ----D---- C:\Windows\system32\pt-BR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\pl-PL
2009-11-23 20:24:27 ----D---- C:\Windows\system32\nl-NL
2009-11-23 20:24:27 ----D---- C:\Windows\system32\nb-NO
2009-11-23 20:24:27 ----D---- C:\Windows\system32\lv-LV
2009-11-23 20:24:27 ----D---- C:\Windows\system32\lt-LT
2009-11-23 20:24:27 ----D---- C:\Windows\system32\ko-KR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\ja-JP
2009-11-23 20:24:27 ----D---- C:\Windows\system32\it-IT
2009-11-23 20:24:27 ----D---- C:\Windows\system32\hu-HU
2009-11-23 20:24:27 ----D---- C:\Windows\system32\hr-HR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\he-IL
2009-11-23 20:24:27 ----D---- C:\Windows\system32\fr-FR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\fi-FI
2009-11-23 20:24:27 ----D---- C:\Windows\system32\et-EE
2009-11-23 20:24:27 ----D---- C:\Windows\system32\es-ES
2009-11-23 20:24:27 ----D---- C:\Windows\system32\el-GR
2009-11-23 20:24:27 ----D---- C:\Windows\system32\de-DE
2009-11-23 20:24:27 ----D---- C:\Windows\system32\da-DK
2009-11-23 20:24:27 ----D---- C:\Windows\system32\cs-CZ
2009-11-23 20:24:27 ----D---- C:\Windows\system32\bg-BG
2009-11-23 20:24:27 ----D---- C:\Windows\system32\ar-SA
2009-11-23 20:14:44 ----D---- C:\Users\Myron\AppData\Roaming\Orbit
2009-11-23 17:23:29 ----SHD---- C:\System Volume Information
2009-11-20 23:06:19 ----D---- C:\Windows\system32\Tasks
2009-11-20 22:43:13 ----D---- C:\Program Files\Vuze
2009-11-20 16:04:07 ----D---- C:\Windows\system32\catroot2
2009-11-19 22:37:47 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-18 21:36:37 ----D---- C:\Windows\system32\catroot
2009-11-15 22:43:54 ----D---- C:\ProgramData
2009-11-15 22:43:33 ----D---- C:\Users\Myron\AppData\Roaming\Thinstall
2009-11-15 22:18:33 ----SHD---- C:\Windows\Installer
2009-11-13 17:11:51 ----D---- C:\Program Files\Java
2009-11-13 17:11:51 ----D---- C:\Program Files\Common Files
2009-11-13 00:08:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-12 23:09:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-12 23:06:11 ----D---- C:\ProgramData\Symantec
2009-11-12 22:59:23 ----D---- C:\Users\Myron\AppData\Roaming\Symantec
2009-11-12 22:52:16 ----AD---- C:\ProgramData\Temp
2009-11-12 20:07:53 ----RSD---- C:\Windows\assembly
2009-11-12 19:14:29 ----D---- C:\Program Files\Windows Mail
2009-11-12 19:02:14 ----D---- C:\Windows\Debug
2009-11-12 19:00:42 ----D---- C:\ProgramData\Microsoft Help
2009-11-11 19:14:40 ----A---- C:\Windows\system.ini
2009-11-11 19:09:49 ----D---- C:\$RECYCLE.BIN
2009-11-11 19:03:10 ----D---- C:\Windows\AppPatch
2009-11-10 18:26:34 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-11-10 17:56:37 ----SD---- C:\Windows\Downloaded Program Files
2009-11-08 17:11:15 ----D---- C:\Program Files\Windows Live
2009-11-08 00:36:58 ----D---- C:\Program Files\Launch Manager
2009-11-07 14:12:05 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-07 14:12:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-07 14:12:02 ----D---- C:\Program Files\Cyberlink
2009-11-07 01:53:29 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-06 23:24:15 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-06 23:11:00 ----D---- C:\Windows\Tasks
2009-11-06 23:11:00 ----D---- C:\Windows\system32\spool
2009-11-06 23:10:58 ----D---- C:\Users\Myron\AppData\Roaming\SoftDMA
2009-11-06 23:10:58 ----D---- C:\Users\Myron\AppData\Roaming\PowerCinema
2009-11-06 23:10:58 ----D---- C:\Users\Myron\AppData\Roaming\IrfanView
2009-11-06 23:10:57 ----D---- C:\Windows\registration
2009-11-06 22:53:36 ----D---- C:\Windows\system32\Msdtc
2009-11-06 22:52:47 ----D---- C:\Windows\system32\config
2009-11-06 22:11:13 ----D---- C:\ProgramData\WLInstaller
2009-11-06 19:53:55 ----D---- C:\Program Files\Microsoft
2009-11-06 19:38:18 ----SD---- C:\ProgramData\Microsoft
2009-11-06 19:04:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-01 16:55:16 ----D---- C:\DOS
2009-10-30 21:31:48 ----D---- C:\Users\Myron\AppData\Roaming\Azureus
2009-10-30 21:12:06 ----D---- C:\Users\Myron\AppData\Roaming\GrabPro
2009-10-28 14:25:42 ----D---- C:\Program Files\Windows Media Player
2009-10-28 00:16:38 ----D---- C:\Boot
2009-10-28 00:09:08 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-28 00:09:01 ----D---- C:\ProgramData\Lavasoft
2009-10-27 19:51:30 ----SD---- C:\Users\Myron\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [2009-11-12 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360\0305020.00B\ccHPx86.sys [2009-11-12 482432]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-11-12 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-10-28 343088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0305020.00B\SRTSPX.SYS [2009-11-12 43696]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-11-12 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\system32\drivers\N360\0305020.00B\SYMTDI.SYS [2009-11-12 217136]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/10/16 20:16:42]; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 87536]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-16 4305920]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-11-12 102448]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-11-12 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-03-11 48128]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091123.005\NAVENG.SYS [2009-11-12 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091123.005\NAVEX15.SYS [2009-11-12 1323568]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2009-09-30 116736]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\drivers\N360\0305020.00B\SRTSP.SYS [2009-11-12 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-11-12 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\system32\drivers\N360\0305020.00B\SYMFW.SYS [2009-11-12 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\system32\drivers\N360\0305020.00B\SYMNDISV.SYS [2009-11-12 48688]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-04 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a3ryh0dd;a3ryh0dd; C:\Windows\system32\drivers\a3ryh0dd.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 catchme;catchme; \??\C:\Users\Myron\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-08 2554368]
S3 ntkvpn;Loki VPN Service; C:\Windows\system32\DRIVERS\ntkvpn.sys []
S3 ntkvpnMP;ntkvpnMP; C:\Windows\system32\DRIVERS\ntkvpn.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-16 729088]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-26 21752]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-01-08 233472]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-06-10 3474432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [2009-11-12 117640]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-26 131072]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-11 233472]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-09-30 65024]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-22 599344]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 0237181230199811mcinstcleanup;McAfee Application Installer Cleanup (0237181230199811); C:\Windows\TEMP\023718~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-09-28 355584]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------


Again, thank you for the help! :D
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Am I Clean?

Unread postby Cypher » November 25th, 2009, 7:36 am

Hi Powderhoney
We can get back to your update problem later.
windows defender this time was again turned off.

I suggest you disable windows defender completely.
As you are running Norton the two may be conflicting with each other.

How to disable the Windows Defender service completely

  • Go to Start > All programs > accessories > Run and type services.msc.
  • Now look for the service named Windows Defender.
  • Double click to bring up the Properties window.
  • Click the “Stop” button to stop Windows Defender services and set the Startup type “Disabled”
  • Click Apply and then click OK.
  • Close Services/Local window.

I was unable to download the Norton Removal Tool. It would not load.

The Norton Removal Tool need to be run with admin privileges.
Right-click on the removal tool And select " Run as administrator " .
It can be found on step 4 of the guide.

Please try that and let me know if you were able to reinstall Norton.

Next.

Uninstall programs
  • Click on Start
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Adobe Reader 8.1.5

Next.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

Next.

Disable Norton 360

  • Right-click the Norton 360 icon in the system tray and select Open Tasks and
    Settings Window.

  • On the right side, under Settings, click on Change advanced settings.
  • Next, click on the Virus & Spyware Protection Settings.
  • Uncheck Turn on Auto-Protect and select Apply.
  • You will be asked to select a time for Norton to reactivate.
  • Choose Until I turn it back on.
  • Note: Dont forget to Re-inable it after the fix

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply.

  • ESET log.
  • Please let me know if you were able to reinstall Norton.
  • Please let me know how your computer is performing now.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Am I Clean?

Unread postby Powderhoney » November 27th, 2009, 5:17 pm

I meant that I could not download the file from the website, however I managed to and unistall Norton. However it hasn't made any difference. Still says it is not on. -.-

I disable windows defender, though I don't understand why they would only start to conflict now as they haven't done in the past?

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3772399fc997b24abbd88f080fd58367
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-27 08:29:31
# local_time=2009-11-27 08:29:31 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1543615 1543615 0 0
# compatibility_mode=1024 16777215 100 0 1559542 1559542 0 0
# compatibility_mode=3589 16777213 100 100 4422 4452 0 0
# compatibility_mode=5892 16776574 100 100 356704 96879748 0 0
# compatibility_mode=8192 67108863 100 0 3843 3843 0 0
# scanned=147265
# found=1
# cleaned=0
# scan_time=6750
D:\Gaming [Ps2]\TS3.amr_virusx\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon trojan 00000000000000000000000000000000 I


Thank you for the continued support. ^^
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Am I Clean?

Unread postby Cypher » November 28th, 2009, 12:35 pm

Hi Powderhoney.

BACKDOOR TROJAN

I'm afraid I have some bad news for you. Your computer is infected with BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

How do I respond to a possible identity theft and how do I prevent it

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions please feel free to ask.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Am I Clean?

Unread postby Powderhoney » November 28th, 2009, 1:32 pm

My only real question is that I've had that thing it found in my system for a very long time, it's the keygen to Sims 3, I've had it for A LONG LONG time and nothing has been stolen. My bank accounts are fine. I've been watching them since my computer messed up, and nothing had changed recently from getting infected, and nothing has happened in the past since installing sims 3 on my computer. XP None of my passwords have changed, nothing has happened to any of my online accounts and none of my computer files have vanished, moved etc.

But if this was causing the trouble and harmful, could just removing it not get rid of it?
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Am I Clean?

Unread postby Cypher » November 30th, 2009, 6:38 am

Hi Powderhoney.
Because nothing has happened yet does not mean it wont, due to this infection someone can gain Remote Access to your system at anytime.
This is the dangers of using cracks/keygens you will most certainly infect your computer.
I advise you to read all the information in my previous post and think carefully weather to reformat your computer.
Please post back and let me know what you would like to do.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Am I Clean?

Unread postby Powderhoney » November 30th, 2009, 4:54 pm

Ahh, I understand. I went ahead and did it anyway. Windows sercutiry centre isn't telling me that they are not on anymore, so all is fixed. (:

Thank you for all of you help! :D
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Am I Clean?

Unread postby Cypher » December 1st, 2009, 12:11 pm

Hi Powderhoney
Powderhoney wrote: Windows sercutiry centre isn't telling me that they are not on anymore, so all is fixed. (:
Thank you for all of you help!

Your welcome :)
I respect your decision to reformat your computer a wise choice.
Good also to hear it fixed your problem.

Here are some free programs I recommend that could help you improve your computer's security.

Install Sitehound
SiteHound is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Am I Clean?

Unread postby Powderhoney » December 1st, 2009, 6:27 pm

Thank you again. All is in order. Checked to see if it would update today and it did without problems. So theres nothing wrong anymore. ^^

Thank you for all the help. (: You guys are awesome. :cheers:
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Am I Clean?

Unread postby Cypher » December 2nd, 2009, 6:51 am

Your welcome Powderhoney.
I will ask for this topic to be closed good luck :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Am I Clean?

Unread postby Carolyn » December 2nd, 2009, 7:06 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 591 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware