hi!! here they are!
MALWARE BYTES LOG:
Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.orgDatabase version: 5235
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
3/12/2010 2:04:57 πμ
mbam-log-2010-12-03 (02-04-57).txt
Scan type: Quick scan
Objects scanned: 138592
Time elapsed: 6 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RSIT LOGS:
1) info:
info.txt logfile of random's system information tool 1.08 2010-12-03 02:10:33
======Uninstall list======
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Acer Crystal Eye Webcam 2.0.8-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0008 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0008 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0008 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0008 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x8 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 8.2.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Core Temp version 0.99.7-->"C:\Program Files\Core Temp\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DoulosSIL 4.104-->C:\Program Files\SIL\Fonts\DoulosSIL\Uninstall.exe
Emoticon Maker-->C:\Program Files\Emoticon Maker\uninstall.exe
Free Studio version 4.8-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcrZUn32z.INF
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Live 8.0.1-->C:\PROGRA~1\Ableton\Live 8.0.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\Live 8.0.1\Install\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.7.1.4493-->C:\Program Files\MediaCoder\uninst.exe
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Microsoft .NET Framework 3.5 Language Pack SP1 - ell-->MsiExec.exe /I{5607C1B8-DA2B-31D0-93A6-968D8C23A944}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0408-0000-0000000FF1CE} /uninstall {E3B92295-785F-4FF7-8BE1-67E86F5F8140}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0408-0000-0000000FF1CE} /uninstall {C913F31D-FF3E-47F6-95E6-7E417D37A76E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (Greek) 2007-->MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Greek) 2007-->MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Greek) 2007-->MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007-->MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proofing (Greek) 2007-->MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0408-0000-0000000FF1CE} /uninstall {3C7DCB2F-8EA1-4558-B8F5-1107C4055A0B}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Shared MUI (Greek) 2007-->MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE}
Microsoft Office Word MUI (Greek) 2007-->MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{784B4EE3-E308-4706-B3DC-51029944240B}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0408
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0408
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
SopCast 3.2.9-->C:\Program Files\SopCast\uninst.exe
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Total Video Converter 3.61 100319-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Uniblue DriverScanner-->"C:\Program Files\Uniblue\DriverScanner\unins000.exe"
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC-->"C:\Program Files\Uniblue\SpeedUpMyPC\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veetle TV 0.9.18-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Winbond CIR Device Drivers-->MsiExec.exe /I{10F498FF-5392-4DF3-8F73-FE172A9F3800}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{17F99FCE-8F03-4439-860A-25C5A5434E18}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{0A9256E0-C924-46DE-921B-F6C4548A1C64}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinMount V3.2.0521-->"C:\Program Files\WinMount3\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0408-0000-0000000FF1CE} /uninstall {08A4BDB3-7A63-4F59-B9FA-EE80ADE88DC2}
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0408-0000-0000000FF1CE} /uninstall {C52A655D-F8AE-485D-908D-62CEC754B6A4}
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0408-0000-0000000FF1CE} /uninstall {054186C0-F351-472E-84E8-D5E16FA08241}
Πακέτο γλώσσας του Microsoft .NET Framework 3.5 SP1 - ELL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ell\setup.exe
======Security center information======
AV: avast! antivirus 4.7.1043 [VPS 090428-0]
AS: Windows Defender
======System event log======
Computer Name: user-PC
Event Code: 7036
Message: Η υπηρεσία MobilityService έχει μεταβεί σε κατάσταση σε λειτουργία.
Record Number: 311699
Source Name: Service Control Manager
Time Written: 20100820171946.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 7036
Message: Η υπηρεσία Network Location Awareness έχει μεταβεί σε κατάσταση σε λειτουργία.
Record Number: 311698
Source Name: Service Control Manager
Time Written: 20100820171946.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 7036
Message: Η υπηρεσία Apple Mobile Device έχει μεταβεί σε κατάσταση σε λειτουργία.
Record Number: 311697
Source Name: Service Control Manager
Time Written: 20100820171946.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 7036
Message: Η υπηρεσία Δημοσίευση πόρων εντοπισμού λειτουργιών έχει μεταβεί σε κατάσταση σε λειτουργία.
Record Number: 311696
Source Name: Service Control Manager
Time Written: 20100820171946.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 7036
Message: Η υπηρεσία NMSAccessU έχει μεταβεί σε κατάσταση σε λειτουργία.
Record Number: 311695
Source Name: Service Control Manager
Time Written: 20100820171946.000000-000
Event Type: Πληροφορίες
User:
=====Application event log=====
Computer Name: user-PC
Event Code: 0
Message: Η εκκίνηση της υπηρεσίας έγινε με επιτυχία.
Record Number: 35102
Source Name: MobilityService
Time Written: 20100223231709.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 0
Message:
Record Number: 35101
Source Name: gupdate
Time Written: 20100223231706.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 4
Message: The LightScribe Service started successfully.
Record Number: 35100
Source Name: LightScribeService
Time Written: 20100223231706.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 1
Message:
Record Number: 35099
Source Name: Bonjour Service
Time Written: 20100223231700.000000-000
Event Type: Πληροφορίες
User:
Computer Name: user-PC
Event Code: 902
Message: Η Υπηρεσία παραχώρησης αδειών χρήσης λογισμικού εκκινήθηκε.
Record Number: 35098
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100223231650.000000-000
Event Type: Πληροφορίες
User:
=====Security event log=====
Computer Name: user-PC
Event Code: 4624
Message: Έχει γίνει με επιτυχία σύνδεση λογαριασμού.
Θέμα:
Αναγνωριστικό ασφαλείας: S-1-0-0
Όνομα λογαριασμού: -
Τομέας λογαριασμού: -
Αναγνωριστικό σύνδεσης: 0x0
Τύπος σύνδεσης: 3
Νέα σύνδεση:
Αναγνωριστικό ασφαλείας: S-1-5-7
Όνομα λογαριασμού: ANONYMOUS LOGON
Τομέας λογαριασμού: NT AUTHORITY
Αναγνωριστικό σύνδεσης: 0x4347d
GUID σύνδεσης: {00000000-0000-0000-0000-000000000000}
Πληροφορίες διεργασίας:
Αναγνωριστικό διεργασίας: 0x0
Όνομα διεργασίας: -
Πληροφορίες δικτύου:
Όνομα σταθμού εργασίας:
Διεύθυνση δικτύου προέλευσης: -
Θύρα προέλευσης: -
Αναλυτικές πληροφορίες ελέγχου ταυτότητας:
Διεργασία σύνδεσης: NtLmSsp
Πακέτο ελέγχου ταυτότητας: NTLM
Μεταβιβαζόμενες υπηρεσίες: -
Όνομα πακέτου (μόνο NTLM): NTLM V1
Μήκος κλειδιού: 0
Αυτό το συμβάν προκύπτει όταν δημιουργηθεί μια περίοδος λειτουργίας σύνδεσης. Προκύπτει στον υπολογιστή όπου έγινε η πρόσβαση.
Τα πεδία θέματος δηλώνουν το λογαριασμό στο τοπικό σύστημα που ζήτησε τη σύνδεση. Είναι συνήθως μια υπηρεσία, όπως η υπηρεσία διακομιστή, ή μια τοπική διεργασία, όπως το Winlogon.exe ή το Services.exe.
Το πεδίο τύπου σύνδεσης δηλώνει τον τύπο σύνδεσης που πραγματοποιείται. Οι πιο συνηθισμένοι τύποι είναι 2 (διαδραστικός) και 3 (δίκτυο).
Τα πεδία νέας σύνδεσης δηλώνουν το λογαριασμό για τον οποίο δημιουργήθηκε ή νέα σύνδεση, δηλαδή το λογαριασμό που συνδέθηκε.
Τα πεδία δικτύου δηλώνουν από πού προήλθε μια αίτηση για απομακρυσμένη σύνδεση. Το όνομα του σταθμού εργασίας δεν είναι πάντα διαθέσιμο και μπορεί να παραμείνει κενό σε ορισμένες περιπτώσεις.
Τα πεδία πληροφοριών ελέγχου ταυτότητας παρέχουν αναλυτικές πληροφορίες σχετικά με τη συγκεκριμένη αίτηση σύνδεσης.
- Το GUID σύνδεσης είναι ένα μοναδικό αναγνωριστικό που μπορεί να χρησιμοποιηθεί για το συσχετισμό αυτού του συμβάντος με ένα συμβάν KDC.
- Οι μεταταβιβαζόμενες υπηρεσίες δηλώνουν ποιες ενδιάμεσες υπηρεσίες συμμετείχαν σε αυτή την αίτηση σύνδεσης.
- Το όνομα πακέτου δηλώνει ποιο δευτερεύον πρωτόκολλο χρησιμοποιήθηκε από τα πρωτόκολλα NTLM.
- Το μήκος κλειδιού δηλώνει το μήκος του κλειδιού περιόδου λειτουργίας που δημιουργείται. Πρέπει να είναι 0 αν δεν έχει ζητηθεί κλειδί περιόδου λειτουργίας.
Record Number: 83865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728104216.985212-000
Event Type: Επιτυχία ελέγχου
User:
Computer Name: user-PC
Event Code: 5024
Message: Η υπηρεσία Τείχους προστασίας των Windows εκκινήθηκε με επιτυχία.
Record Number: 83864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728104216.486012-000
Event Type: Επιτυχία ελέγχου
User:
Computer Name: user-PC
Event Code: 5033
Message: Το πρόγραμμα οδήγησης του Τείχους προστασίας των Windows εκκινήθηκε με επιτυχία.
Record Number: 83863
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728104212.204412-000
Event Type: Επιτυχία ελέγχου
User:
Computer Name: user-PC
Event Code: 4672
Message: Εκχωρήθηκαν ειδικά δικαιώματα σε νέα σύνδεση.
Θέμα:
Αναγνωριστικό ασφαλείας: S-1-5-18
Όνομα λογαριασμού: SYSTEM
Τομέας λογαριασμού: NT AUTHORITY
Αναγνωριστικό σύνδεσης: 0x3e7
Δικαιώματα: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 83862
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728104209.302812-000
Event Type: Επιτυχία ελέγχου
User:
Computer Name: user-PC
Event Code: 4624
Message: Έχει γίνει με επιτυχία σύνδεση λογαριασμού.
Θέμα:
Αναγνωριστικό ασφαλείας: S-1-5-18
Όνομα λογαριασμού: USER-PC$
Τομέας λογαριασμού: WORKGROUP
Αναγνωριστικό σύνδεσης: 0x3e7
Τύπος σύνδεσης: 5
Νέα σύνδεση:
Αναγνωριστικό ασφαλείας: S-1-5-18
Όνομα λογαριασμού: SYSTEM
Τομέας λογαριασμού: NT AUTHORITY
Αναγνωριστικό σύνδεσης: 0x3e7
GUID σύνδεσης: {00000000-0000-0000-0000-000000000000}
Πληροφορίες διεργασίας:
Αναγνωριστικό διεργασίας: 0x2e4
Όνομα διεργασίας: C:\Windows\System32\services.exe
Πληροφορίες δικτύου:
Όνομα σταθμού εργασίας:
Διεύθυνση δικτύου προέλευσης: -
Θύρα προέλευσης: -
Αναλυτικές πληροφορίες ελέγχου ταυτότητας:
Διεργασία σύνδεσης: Advapi
Πακέτο ελέγχου ταυτότητας: Negotiate
Μεταβιβαζόμενες υπηρεσίες: -
Όνομα πακέτου (μόνο NTLM): -
Μήκος κλειδιού: 0
Αυτό το συμβάν προκύπτει όταν δημιουργηθεί μια περίοδος λειτουργίας σύνδεσης. Προκύπτει στον υπολογιστή όπου έγινε η πρόσβαση.
Τα πεδία θέματος δηλώνουν το λογαριασμό στο τοπικό σύστημα που ζήτησε τη σύνδεση. Είναι συνήθως μια υπηρεσία, όπως η υπηρεσία διακομιστή, ή μια τοπική διεργασία, όπως το Winlogon.exe ή το Services.exe.
Το πεδίο τύπου σύνδεσης δηλώνει τον τύπο σύνδεσης που πραγματοποιείται. Οι πιο συνηθισμένοι τύποι είναι 2 (διαδραστικός) και 3 (δίκτυο).
Τα πεδία νέας σύνδεσης δηλώνουν το λογαριασμό για τον οποίο δημιουργήθηκε ή νέα σύνδεση, δηλαδή το λογαριασμό που συνδέθηκε.
Τα πεδία δικτύου δηλώνουν από πού προήλθε μια αίτηση για απομακρυσμένη σύνδεση. Το όνομα του σταθμού εργασίας δεν είναι πάντα διαθέσιμο και μπορεί να παραμείνει κενό σε ορισμένες περιπτώσεις.
Τα πεδία πληροφοριών ελέγχου ταυτότητας παρέχουν αναλυτικές πληροφορίες σχετικά με τη συγκεκριμένη αίτηση σύνδεσης.
- Το GUID σύνδεσης είναι ένα μοναδικό αναγνωριστικό που μπορεί να χρησιμοποιηθεί για το συσχετισμό αυτού του συμβάντος με ένα συμβάν KDC.
- Οι μεταταβιβαζόμενες υπηρεσίες δηλώνουν ποιες ενδιάμεσες υπηρεσίες συμμετείχαν σε αυτή την αίτηση σύνδεσης.
- Το όνομα πακέτου δηλώνει ποιο δευτερεύον πρωτόκολλο χρησιμοποιήθηκε από τα πρωτόκολλα NTLM.
- Το μήκος κλειδιού δηλώνει το μήκος του κλειδιού περιόδου λειτουργίας που δημιουργείται. Πρέπει να είναι 0 αν δεν έχει ζητηθεί κλειδί περιόδου λειτουργίας.
Record Number: 83861
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100728104209.302812-000
Event Type: Επιτυχία ελέγχου
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"PATRAN"=LM_LICENSE_FILE=1700@<user-PC>
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"asl.log"=Destination=file;OnFirstLog=command,environment
-----------------EOF-----------------
2) logLogfile of random's system information tool 1.08 (written by random/random)
Run by user at 2010-12-03 02:09:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 24 GB (21%) free of 114 GB
Total RAM: 3066 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:10:15 πμ, on 3/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\PLFSetL.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930gR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.conduit.com?SearchSource= ... =CT2269050R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930gR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930gR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Save YouTube Video -
res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - Invalid registry found
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXlm Service 1 - Macrovision Corporation - C:\flexlm\LMGRD.EXE
O23 - Service: Υπηρεσία Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
--
End of file - 9644 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SDMsgUpdate (TE).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-15 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-07 6139904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"eAudio"=C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-06-04 817672]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-08-01 405504]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]
"PLFSetL"=C:\Windows\PLFSetL.exe [2010-06-08 94208]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-22 4240760]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-03-25 567560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2010-12-03 02:09:59 ----D---- C:\rsit
2010-12-03 01:56:06 ----D---- C:\Users\user\AppData\Roaming\Malwarebytes
2010-12-03 01:55:59 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-12-03 01:55:58 ----D---- C:\ProgramData\Malwarebytes
2010-12-03 01:55:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-03 01:55:55 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-28 20:22:47 ----D---- C:\Program Files\Trend Micro
2010-11-28 19:56:55 ----D---- C:\Users\user\AppData\Roaming\WinPatrol
2010-11-27 16:50:02 ----D---- C:\Users\user\AppData\Roaming\Bandoo
2010-11-24 19:36:57 ----D---- C:\Users\user\AppData\Roaming\vlc
2010-11-24 19:36:21 ----D---- C:\Program Files\VideoLAN
======List of files/folders modified in the last 1 months======
2010-12-03 02:10:15 ----D---- C:\Windows\Prefetch
2010-12-03 02:09:58 ----D---- C:\Windows\Temp
2010-12-03 02:08:23 ----A---- C:\Users\user\AppData\Roaming\acervcmtmp.ini
2010-12-03 02:00:56 ----D---- C:\Windows\System32
2010-12-03 02:00:56 ----D---- C:\Windows\inf
2010-12-03 02:00:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-03 01:55:59 ----D---- C:\Windows\system32\drivers
2010-12-03 01:55:58 ----HD---- C:\ProgramData
2010-12-03 01:55:55 ----RD---- C:\Program Files
2010-12-03 01:55:37 ----D---- C:\Windows\Tasks
2010-12-03 01:51:27 ----D---- C:\Program Files\Ask.com
2010-12-03 01:39:12 ----D---- C:\Program Files\blinkx Remote Toolbar
2010-12-03 01:35:25 ----D---- C:\Program Files\LimeWire
2010-12-03 00:00:43 ----D---- C:\Users\user\AppData\Roaming\uTorrent
2010-12-02 22:30:16 ----SHD---- C:\System Volume Information
2010-11-28 21:05:33 ----D---- C:\Program Files\DivX
2010-11-28 20:39:57 ----SHD---- C:\Windows\Installer
2010-11-28 20:06:27 ----D---- C:\Windows\system32\catroot2
2010-11-28 20:00:30 ----D---- C:\Program Files\Image-Line
2010-11-28 08:08:50 ----D---- C:\Program Files\Bandoo
2010-11-27 06:38:46 ----D---- C:\Users\user\AppData\Roaming\Mozilla
2010-11-25 03:00:57 ----D---- C:\Windows\winsxs
2010-11-25 03:00:57 ----D---- C:\Program Files\Internet Explorer
2010-11-24 15:28:30 ----D---- C:\Windows\system32\catroot
2010-11-11 18:02:32 ----D---- C:\Windows\Minidump
2010-11-11 18:02:28 ----D---- C:\Windows
2010-11-11 03:13:00 ----D---- C:\ProgramData\Microsoft Help
2010-11-11 03:12:03 ----D---- C:\Program Files\Windows Mail
2010-11-11 03:01:33 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-07-20 324120]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-26 69632]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 WMDrive;WMDrive; \??\C:\Windows\system32\drivers\WMDrive.sys [2009-06-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-03 8704]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2009-02-13 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2009-02-13 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-07 2134424]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2010-06-08 54312]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2010-10-20 4247552]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-06-08 11515752]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-06-08 189784]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2010-06-08 1759744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-04-28 50576]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-02-13 661504]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [2002-07-17 84832]
S2 DS1410D;DS1410D; C:\Windows\SYSTEM32\drivers\DS1410D.SYS []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-19 912384]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 drmkaud;Αποπεριπλέκτης ήχου DRM πυρήνα της Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Πρόγραμμα οδήγησης λειτουργίας Microsoft 1.1 UAA για υπηρεσία High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Μεσολάβηση υπηρεσίας ροής της Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Μεσολάβηση ρολογιού ροής της Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Μεσολάβηση διαχείρισης ποιότητας ροής της Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Μετατροπέας Tee/Sink-to-Sink ροής της Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-05-15 47360]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-26 61440]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbaudio;Πρόγραμμα οδήγησης ήχου USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Συσκευή βίντεο USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 gupdate;Υπηρεσία Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-15 133104]
R2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-15 194032]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-11-12 71096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 FLEXlm Service 1;FLEXlm Service 1; C:\flexlm\LMGRD.EXE [2003-08-04 659456]
S3 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-18 196608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
ckfiles.txt:CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\image-line\hardcore\presets\i cracked my tube!.hdprg
c:\program files\image-line\sawer\presets\ambient\mc cracked.sawer
scanner sequence 3.AA.11
----- EOF -----