Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vimax ads, pop-ups, and the like

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 24th, 2008, 7:16 pm

Lately I've been seeing Vimax ads on some very unlikely websites. I've also been getting a lot of pop-ups to varying degrees of stupidity.

Recently I found a plethora of files with names of 'hot' movies and software- hundreds, perhaps a thousand or two. I deleted all of the files (they were in a folder of a P2P program), but I'm not sure if a problem still exists there.

Also, when I try to download any kind of file from Microsoft's website, I'm unable to.

Here's my HijackThis log file.

-----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:52 PM, on 12/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] mdm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] mdm.exe
O4 - HKLM\..\RunServices: [Windows Layer] mrtmoons.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Update Machine] mdm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://taturousushi.miemasu.net/bl_camera.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DBC8C6-5315-4E99-AA36-CB889E98D544}: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A662C5-88B5-459E-9771-C102CD32170F}: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DBC8C6-5315-4E99-AA36-CB889E98D544}: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.154;85.255.112.16
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14499 bytes
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm
Advertisement
Register to Remove

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 26th, 2008, 6:34 am

Hi bobbyxcanxdisco

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 26th, 2008, 4:40 pm

This computer handles absolutely handles no kind of sensitive information as such- it's primarily used for social-networking and school. I've never processed any kind of transaction, or done any online banking, unless it was in my sleep. I'd rather not reformat or do anything drastic.

I suppose I'd like to clean my computer as it is.

(By the way, specifically, what am I infected with?)
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 27th, 2008, 5:10 am

You have wareout which causes redirects and some bots as well (I gave backdoor warning due to bots).

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes'' Anti-Malware
    • Launch Malwarebytes'' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Post:

- mbam log
- rsit logs (taken after mbam run)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 27th, 2008, 3:59 pm

Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 6.0.6001 Service Pack 1

12/27/2008 12:05:48 PM
mbam-log-2008-12-27 (12-05-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 178026
Time elapsed: 1 hour(s), 31 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 13
Folders Infected: 4
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Layer (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update Machine (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05dbc8c6-5315-4e99-aa36-cb889e98d544}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05dbc8c6-5315-4e99-aa36-cb889e98d544}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05dbc8c6-5315-4e99-aa36-cb889e98d544}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{15a662c5-88b5-459e-9771-c102cd32170f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.154;85.255.112.16 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\msqpdxwqsctmei.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Windows\System32\msqpdxrfppntlv.dll (Trojan.Agent) -> Quarantined and deleted successfully.


----------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bobby at 2008-12-27 12:44:03
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 4 GB (13%) free of 33 GB
Total RAM: 1013 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:57 PM, on 12/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Bobby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bobby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://taturousushi.miemasu.net/bl_camera.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15017 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bobby.job
C:\Windows\tasks\User_Feed_Synchronization-{7AC850AA-E877-4D2D-A250-53047FCE2034}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-20 96984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-20 565960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-06-21 155648]
"Acer Tour"= []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-20 107112]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2006-11-20 22696]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-15 768520]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"eRecoveryService"= []
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"x3watch"=C:\Program Files\X3watch\x3watch.exe [2008-06-01 299008]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"= []
"Aim6"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abf8a8b4-06a9-11dd-bf66-001b38611d74}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2008-12-27 12:44:03 ----D---- C:\rsit
2008-12-27 02:38:37 ----D---- C:\Users\Bobby\AppData\Roaming\Malwarebytes
2008-12-27 02:38:18 ----D---- C:\ProgramData\Malwarebytes
2008-12-27 02:38:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 00:00:42 ----D---- C:\Users\Bobby\AppData\Roaming\skypePM
2008-12-25 23:57:09 ----D---- C:\Users\Bobby\AppData\Roaming\Skype
2008-12-25 23:55:22 ----D---- C:\Program Files\Skype
2008-12-25 23:55:21 ----D---- C:\Program Files\Common Files\Skype
2008-12-25 23:55:05 ----D---- C:\ProgramData\Skype
2008-12-25 23:34:17 ----R---- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-25 23:33:05 ----A---- C:\Windows\system32\LVUI2.dll
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvcoinst.ini
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvcodec2.dll
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvci1150.dll
2008-12-25 23:33:04 ----A---- C:\Windows\system32\LVUI2RC.dll
2008-12-25 23:28:35 ----D---- C:\ProgramData\Logishrd
2008-12-25 23:28:29 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-25 23:28:19 ----D---- C:\ProgramData\Logitech
2008-12-25 23:28:19 ----D---- C:\Program Files\Logitech
2008-12-23 17:55:13 ----D---- C:\Users\Bobby\AppData\Roaming\x3watch
2008-12-23 17:49:56 ----D---- C:\Program Files\X3watch
2008-12-21 21:35:43 ----A---- C:\Windows\system32\javaws.exe
2008-12-21 21:35:43 ----A---- C:\Windows\system32\deploytk.dll
2008-12-21 21:35:42 ----A---- C:\Windows\system32\javaw.exe
2008-12-21 21:35:42 ----A---- C:\Windows\system32\java.exe
2008-12-19 14:18:51 ----D---- C:\Users\Bobby\AppData\Roaming\WinRAR
2008-12-16 21:48:04 ----D---- C:\Windows\RestoreSafeDeleted
2008-12-16 15:50:10 ----RASHOT---- C:\Windows\winstart.bat
2008-12-16 15:48:07 ----D---- C:\Program Files\Greatis
2008-12-16 14:24:12 ----D---- C:\ProgramData\Google Updater
2008-12-14 17:55:07 ----D---- C:\ProgramData\eMule
2008-12-13 14:28:26 ----D---- C:\Program Files\Safari
2008-12-13 14:10:02 ----D---- C:\Program Files\iPod
2008-12-13 14:09:50 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 14:09:50 ----D---- C:\Program Files\iTunes
2008-12-13 14:06:55 ----D---- C:\Program Files\QuickTime
2008-12-07 22:26:25 ----D---- C:\SDFix
2008-12-07 20:57:17 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-07 20:56:21 ----D---- C:\Users\Bobby\AppData\Roaming\SUPERAntiSpyware.com
2008-12-07 20:56:21 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-07 15:35:16 ----D---- C:\MSNCleaner
2008-12-07 02:55:21 ----D---- C:\Program Files\Panda Security
2008-12-07 01:44:24 ----D---- C:\ProgramData\Adobe Systems
2008-12-07 00:51:12 ----D---- C:\Program Files\Trend Micro
2008-12-06 23:44:09 ----D---- C:\ProgramData\FLEXnet
2008-12-06 21:14:06 ----A---- C:\Windows\ntbtlog.txt
2008-12-06 20:13:51 ----D---- C:\Users\Bobby\AppData\Roaming\Download Manager
2008-12-06 19:58:10 ----A---- C:\Windows\IsUninst.exe
2008-12-06 19:54:13 ----A---- C:\Windows\_delis32.ini
2008-12-06 19:23:39 ----HD---- C:\Windows\system32\share
2008-12-06 19:23:38 ----A---- C:\Windows\system32\33.txt
2008-12-06 19:23:32 ----A---- C:\Windows\system32\winlogoo.exe
2008-12-06 19:23:04 ----A---- C:\Windows\system32\set.exe
2008-12-06 19:17:39 ----AD---- C:\ProgramData\TEMP
2008-12-06 19:17:37 ----A---- C:\Windows\system32\vbzip10.dll
2008-12-03 19:10:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-03 19:10:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-30 12:14:41 ----D---- C:\Users\Bobby\AppData\Roaming\.wyzo
2008-11-29 19:55:05 ----D---- C:\Program Files\Real
2008-11-29 19:54:59 ----D---- C:\Program Files\Common Files\Real
2008-11-29 19:54:38 ----D---- C:\Users\Bobby\AppData\Roaming\Real

======List of files/folders modified in the last 1 months======

2008-12-27 12:44:28 ----D---- C:\Windows\System32
2008-12-27 12:44:28 ----D---- C:\Windows\inf
2008-12-27 12:44:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-27 12:43:50 ----D---- C:\Windows\Temp
2008-12-27 12:09:24 ----D---- C:\Windows\system32\drivers
2008-12-27 12:08:49 ----D---- C:\Windows\system32\catroot
2008-12-27 10:25:18 ----D---- C:\Windows
2008-12-27 02:38:18 ----RD---- C:\Program Files
2008-12-27 02:38:18 ----HD---- C:\ProgramData
2008-12-25 23:56:18 ----SHD---- C:\Windows\Installer
2008-12-25 23:55:55 ----D---- C:\Windows\system32\Tasks
2008-12-25 23:55:21 ----D---- C:\Program Files\Common Files
2008-12-25 23:37:02 ----D---- C:\Windows\twain_32
2008-12-25 23:35:59 ----SHD---- C:\System Volume Information
2008-12-25 23:35:44 ----D---- C:\Windows\system32\catroot2
2008-12-25 23:34:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-21 21:34:41 ----D---- C:\Program Files\Java
2008-12-21 21:31:25 ----D---- C:\Users\Bobby\AppData\Roaming\WinFF
2008-12-21 21:25:36 ----D---- C:\Windows\Prefetch
2008-12-18 23:02:40 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 15:35:38 ----D---- C:\Windows\Minidump
2008-12-16 14:27:11 ----D---- C:\Program Files\Google
2008-12-14 19:17:43 ----D---- C:\Program Files\Common Files\Adobe
2008-12-14 19:16:59 ----D---- C:\Program Files\Adobe
2008-12-14 19:16:07 ----D---- C:\Users\Bobby\AppData\Roaming\Adobe
2008-12-14 19:16:07 ----D---- C:\ProgramData\Adobe
2008-12-14 18:28:11 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 18:28:07 ----D---- C:\Users\Bobby\AppData\Roaming\Mozilla
2008-12-13 14:10:01 ----D---- C:\Program Files\Common Files\Apple
2008-12-09 17:45:43 ----D---- C:\Program Files\LimeWire
2008-12-07 01:36:12 ----D---- C:\ProgramData\PrevxCSI
2008-12-07 01:29:28 ----D---- C:\Users\Bobby\AppData\Roaming\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-18 385072]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-11-20 406672]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-29 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-13 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-18 921600]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-18 109616]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-09 1792792]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080320.009\NAVENG.SYS [2008-03-06 82256]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080320.009\NAVEX15.SYS [2008-03-06 895408]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-09-03 6144]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-01 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 LVUVC;QuickCam Pro for Notebooks(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-10-11 3647384]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
S3 RegGuard;RegGuard; \??\C:\Windows\system32\Drivers\regguard.sys [2008-12-21 25773]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2008-05-01 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-06-21 257736]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-06-21 118464]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-06-21 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-16 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-11-20 46736]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-11-20 49296]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-11-20 80552]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQL$OALM05;SQL Server (OALM05); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-08-01 1251720]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-27 12:45:08

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
BitPim 1.0.4-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log"
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access 2003 Runtime-->MsiExec.exe /I{901C0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft PhotoDraw 2000 V2-->MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft SharedView-->MsiExec.exe /I{E6DE9A54-8514-446E-9D11-530DC599C355}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Express Edition (OALM05)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OA LodgeMaster Desktop-->"C:\Program Files\OA LodgeMaster Desktop\unins000.exe"
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rintox Virtual Piano-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Rintox Virtual Piano\ST6UNST.LOG"
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

=====HijackThis Backups=====

O4 - HKLM\..\RunServices: [Windows Layer] mrtmoons.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{05DBC8C6-5315-4E99-AA36-CB889E98D544}: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.154;85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{05DBC8C6-5315-4E99-AA36-CB889E98D544}: NameServer = 85.255.116.154;85.255.112.16
O4 - HKLM\..\Run: [svchost] C:\Users\Bobby\Localdir\svchost.exe
O4 - HKLM\..\Run: [Windows Layer] mrtmoons.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.154;85.255.112.16
O4 - HKLM\..\Run: [winis] C:\Windows\system32\winis.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A662C5-88B5-459E-9771-C102CD32170F}: NameServer = 85.255.116.154;85.255.112.16

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security

System event log

Computer Name: Bobby-PC
Event Code: 7036
Message: The KtmRm for Distributed Transaction Coordinator service entered the running state.
Record Number: 104099
Source Name: Service Control Manager
Time Written: 20081227194324.000000-000
Event Type: Information
User:

Computer Name: Bobby-PC
Event Code: 7036
Message: The TPM Base Services service entered the stopped state.
Record Number: 104100
Source Name: Service Control Manager
Time Written: 20081227194343.000000-000
Event Type: Information
User:

Computer Name: Bobby-PC
Event Code: 537
Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Record Number: 104101
Source Name: Microsoft-Windows-TBS
Time Written: 20081227194342.998188-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Bobby-PC
Event Code: 7036
Message: The Security Center service entered the running state.
Record Number: 104102
Source Name: Service Control Manager
Time Written: 20081227194408.000000-000
Event Type: Information
User:

Computer Name: Bobby-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 104103
Source Name: Service Control Manager
Time Written: 20081227194447.000000-000
Event Type: Information
User:

Application event log

Computer Name: Bobby-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 31833
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081227194427.000000-000
Event Type: Information
User:

Computer Name: Bobby-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 31834
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081227194428.000000-000
Event Type: Information
User:

Computer Name: Bobby-PC
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has terminated.
Record Number: 31835
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081227194442.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Bobby-PC
Event Code: 101
Message: Information Level: success

The next run has been scheduled to occur at approximately 1:37 PM.
Record Number: 31836
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081227194442.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Bobby-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 31837
Source Name: LightScribeService
Time Written: 20081227194505.000000-000
Event Type: Information
User:

Security event log

Computer Name: Bobby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 32314
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227194453.750188-000
Event Type: Audit Failure
User:

Computer Name: Bobby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 32315
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227194453.794188-000
Event Type: Audit Failure
User:

Computer Name: Bobby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 32316
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227194453.834188-000
Event Type: Audit Failure
User:

Computer Name: Bobby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 32317
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227194453.889188-000
Event Type: Audit Failure
User:

Computer Name: Bobby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 32318
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227194453.945188-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\PROGRA~1\TIEDUC~1\TI-83P~1\UTILS;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 27th, 2008, 4:17 pm

Is Norton Internet Secuirty up-to-date?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 27th, 2008, 4:38 pm

Err, no. I've not bought it yet- still the pre-loaded trial version.
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 28th, 2008, 5:42 am

Thank you for information.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Ares 2.0.9-

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Please run a new HJT scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 28th, 2008, 3:15 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:37 PM, on 12/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://taturousushi.miemasu.net/bl_camera.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14869 bytes
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 28th, 2008, 3:20 pm

I'd like you to check a file/some files for malware.
C:\Windows\system32\winlogoo.exe
C:\Windows\system32\set.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.
  • Post back results, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 28th, 2008, 3:37 pm

File winlogoo.exe received on 12.28.2008 20:28:58 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.28 -
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.28 -
Authentium 5.1.0.4 2008.12.28 -
Avast 4.8.1281.0 2008.12.28 -
AVG 8.0.0.199 2008.12.28 -
BitDefender 7.2 2008.12.28 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.28 -
Comodo 834 2008.12.28 -
DrWeb 4.44.0.09170 2008.12.28 -
eSafe 7.0.17.0 2008.12.28 -
eTrust-Vet 31.6.6279 2008.12.28 -
Ewido 4.0 2008.12.28 -
F-Prot 4.4.4.56 2008.12.27 -
F-Secure 8.0.14332.0 2008.12.28 -
Fortinet 3.117.0.0 2008.12.28 -
GData 19 2008.12.28 -
Ikarus T3.1.1.45.0 2008.12.28 -
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.28 -
McAfee 5477 2008.12.28 -
McAfee+Artemis 5477 2008.12.28 -
Microsoft 1.4205 2008.12.28 -
NOD32 3719 2008.12.27 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.28 -
PCTools 4.4.2.0 2008.12.28 -
Prevx1 V2 2008.12.28 -
Rising 21.09.62.00 2008.12.28 -
SecureWeb-Gateway 6.7.6 2008.12.28 -
Sophos 4.37.0 2008.12.28 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.28 -
TheHacker 6.3.1.4.201 2008.12.28 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.28 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.28 -
Additional information
File size: 26546 bytes
MD5...: 21d28fe5b271dfa060c5300f12900c16
SHA1..: 441ec6bf8c59a0380188d7211e3460721cac8dce
SHA256: 11730f33e1827bf20a9abf097c6010fc0a80f891106ffd5597b79d37ae1fd55b
SHA512: f0e66fac6a91fa47d053cbd3c061d147b2f64b822421a75205f72bb0007ecc61<br>5bf5d2333ce6db55dd0f084ca3af523a732e04525c30eb23c8e318a3ddc28944<br>
ssdeep: 384:cuGQ45pjR4SgAVXfoQIngA1Z9vKe45reFWNDNxa/Frd5dfTd0df/b3:cuJ45<br>pjR4SgANHMgoZ9vF45rWED93<br>
PEiD..: -
TrID..: File type identification<br>HyperText Markup Language (100.0%)
PEInfo: -


-----------------------------------------------------

File set.exe received on 12.28.2008 20:34:34 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.28 Trojan-Dropper.Agent!IK
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.28 TR/Agent.agwc
Authentium 5.1.0.4 2008.12.28 -
Avast 4.8.1281.0 2008.12.28 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.28 -
BitDefender 7.2 2008.12.28 -
CAT-QuickHeal 10.00 2008.12.27 Trojan.Agent.agwc
ClamAV 0.94.1 2008.12.28 -
Comodo 834 2008.12.28 TrojWare.Win32.Agent.agwc
DrWeb 4.44.0.09170 2008.12.28 -
eSafe 7.0.17.0 2008.12.28 Win32.Agent.agwc
eTrust-Vet 31.6.6279 2008.12.28 -
Ewido 4.0 2008.12.28 -
F-Prot 4.4.4.56 2008.12.27 -
F-Secure 8.0.14332.0 2008.12.28 Trojan.Win32.Agent.agwc
Fortinet 3.117.0.0 2008.12.28 W32/Agent.AGWC!tr
GData 19 2008.12.28 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.12.28 Trojan-Dropper.Agent
K7AntiVirus 7.10.568 2008.12.27 Trojan.Win32.Agent.agwc
Kaspersky 7.0.0.125 2008.12.28 Trojan.Win32.Agent.agwc
McAfee 5477 2008.12.28 -
McAfee+Artemis 5477 2008.12.28 -
Microsoft 1.4205 2008.12.28 -
NOD32 3719 2008.12.27 probably a variant of Win32/Agent
Norman 5.80.02 2008.12.26 Agent.JJDO
Panda 9.0.0.4 2008.12.28 -
PCTools 4.4.2.0 2008.12.28 -
Prevx1 V2 2008.12.28 Cloaked Malware
Rising 21.09.62.00 2008.12.28 -
SecureWeb-Gateway 6.7.6 2008.12.28 Trojan.Agent.agwc
Sophos 4.37.0 2008.12.28 -
Sunbelt 3.2.1809.2 2008.12.22 Trojan.Win32.Agent.agwc
Symantec 10 2008.12.28 Trojan Horse
TheHacker 6.3.1.4.201 2008.12.28 Trojan/Agent.agwc
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.28 Trojan.Win32.Agent.agwc
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.28 -
Additional information
File size: 68096 bytes
MD5...: 30f251d7f39d3b032a64d7e7aaa28211
SHA1..: 574f8e98a0ee48548be53512b9b9097730cc8510
SHA256: 41a68692ed134b83f495ebe5d10ea1d88962884d2db283304a97775f32c753c4
SHA512: 2215618ee47271722d5d4385d0fafec766b46965f4c4e0e85a9b59706e6c1100<br>a4cff20843211f0b0f5fb68596cb7bb32c6c900bdd71e7803cad2107312b159c<br>
ssdeep: 1536:g5GJEhlcbW5sk1BlfLvveIbXWm+nwN6Jgls5g7CES:GGu9BlfzWIbXWm+w0<br>J35iCES<br>
PEiD..: -
TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100645c<br>timedatestamp.....: 0x480251cd (Sun Apr 13 18:32:45 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x99c8 0x9a00 6.58 fd7744c26c2bf4d279968be94b283b11<br>.data 0xb000 0x1be4 0x400 4.25 99858e86526942a66950c7139f78a725<br>.rsrc 0xd000 0x7000 0x6800 4.29 0bd6119b9abc8ba70c00754b2d7e9b42<br><br>( 6 imports ) <br>> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA<br>> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource<br>> GDI32.dll: GetDeviceCaps<br>> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics<br>> COMCTL32.dll: -<br>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<br><br>( 0 exports ) <br>
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2A0A7E01DEB3FDF30005B34986' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C80123880092EC2A0A7E01DEB3FDF30005B34986&lt;/a>
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=30f251d7f39d3b032a64d7e7aaa28211' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=30f251d7f39d3b032a64d7e7aaa28211&lt;/a>
packers (F-Prot): CAB
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 28th, 2008, 3:42 pm

Thank you.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    C:\Windows\system32\winlogoo.exe
    C:\Windows\system32\set.exe
    C:\ProgramData\eMule
    C:\Windows\system32\33.txt
    C:\Program Files\LimeWire
    C:\Users\Bobby\AppData\Roaming\LimeWire
    
    :commands
    [EmptyTemp]
    [reboot]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log
- otmoveit3 log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 28th, 2008, 6:08 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bobby at 2008-12-28 15:05:50
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 5 GB (16%) free of 33 GB
Total RAM: 1013 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:19 PM, on 12/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bobby\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bobby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://taturousushi.miemasu.net/bl_camera.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14716 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bobby.job
C:\Windows\tasks\User_Feed_Synchronization-{7AC850AA-E877-4D2D-A250-53047FCE2034}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-20 96984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-20 565960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-06-21 155648]
"Acer Tour"= []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-20 107112]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2006-11-20 22696]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-15 768520]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"eRecoveryService"= []
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552]
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"x3watch"=C:\Program Files\X3watch\x3watch.exe [2008-06-01 299008]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"= []
"Aim6"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abf8a8b4-06a9-11dd-bf66-001b38611d74}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2008-12-28 14:50:33 ----D---- C:\_OTMoveIt
2008-12-28 12:04:49 ----A---- C:\Windows\system32\javaws.exe
2008-12-28 12:04:49 ----A---- C:\Windows\system32\javaw.exe
2008-12-28 12:04:48 ----A---- C:\Windows\system32\java.exe
2008-12-27 20:40:27 ----A---- C:\Windows\Replay Video Capture Uninstall Log.txt
2008-12-27 20:09:35 ----D---- C:\Windows\Replay Video Capture
2008-12-27 20:09:26 ----A---- C:\Windows\Replay Video Capture Setup Log.txt
2008-12-27 18:31:54 ----A---- C:\Windows\system32\mshtml.dll
2008-12-27 18:29:28 ----D---- C:\Windows\RegisteredPackages
2008-12-27 18:29:23 ----HD---- C:\Windows\msdownld.tmp
2008-12-27 18:29:13 ----D---- C:\Program Files\Windows Media Components
2008-12-27 18:26:41 ----A---- C:\Windows\system32\tzres.dll
2008-12-27 16:11:40 ----A---- C:\Windows\system32\gdi32.dll
2008-12-27 16:11:27 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-27 16:11:25 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-27 16:11:12 ----A---- C:\Windows\system32\shell32.dll
2008-12-27 16:10:39 ----A---- C:\Windows\explorer.exe
2008-12-27 16:10:18 ----A---- C:\Windows\system32\urlmon.dll
2008-12-27 16:10:16 ----A---- C:\Windows\system32\ieframe.dll
2008-12-27 16:10:14 ----A---- C:\Windows\system32\wininet.dll
2008-12-27 16:10:12 ----A---- C:\Windows\system32\mstime.dll
2008-12-27 16:10:10 ----A---- C:\Windows\system32\iertutil.dll
2008-12-27 16:10:09 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-27 16:06:42 ----A---- C:\Windows\system32\mf.dll
2008-12-27 16:06:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-27 16:06:39 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-27 16:06:38 ----A---- C:\Windows\system32\logagent.exe
2008-12-27 15:51:08 ----D---- C:\Program Files\MSECache
2008-12-27 15:48:37 ----D---- C:\ProgramData\Office Genuine Advantage
2008-12-27 12:44:03 ----D---- C:\rsit
2008-12-27 02:38:37 ----D---- C:\Users\Bobby\AppData\Roaming\Malwarebytes
2008-12-27 02:38:18 ----D---- C:\ProgramData\Malwarebytes
2008-12-27 02:38:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 00:00:42 ----D---- C:\Users\Bobby\AppData\Roaming\skypePM
2008-12-25 23:57:09 ----D---- C:\Users\Bobby\AppData\Roaming\Skype
2008-12-25 23:55:22 ----D---- C:\Program Files\Skype
2008-12-25 23:55:21 ----D---- C:\Program Files\Common Files\Skype
2008-12-25 23:55:05 ----D---- C:\ProgramData\Skype
2008-12-25 23:34:17 ----R---- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-25 23:33:05 ----A---- C:\Windows\system32\LVUI2.dll
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvcoinst.ini
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvcodec2.dll
2008-12-25 23:33:05 ----A---- C:\Windows\system32\lvci1150.dll
2008-12-25 23:33:04 ----A---- C:\Windows\system32\LVUI2RC.dll
2008-12-25 23:28:35 ----D---- C:\ProgramData\Logishrd
2008-12-25 23:28:29 ----D---- C:\Program Files\Common Files\LogiShrd
2008-12-25 23:28:19 ----D---- C:\ProgramData\Logitech
2008-12-25 23:28:19 ----D---- C:\Program Files\Logitech
2008-12-23 17:55:13 ----D---- C:\Users\Bobby\AppData\Roaming\x3watch
2008-12-23 17:49:56 ----D---- C:\Program Files\X3watch
2008-12-21 21:35:43 ----A---- C:\Windows\system32\deploytk.dll
2008-12-19 14:18:51 ----D---- C:\Users\Bobby\AppData\Roaming\WinRAR
2008-12-16 21:48:04 ----D---- C:\Windows\RestoreSafeDeleted
2008-12-16 15:50:10 ----RASHOT---- C:\Windows\winstart.bat
2008-12-16 15:48:07 ----D---- C:\Program Files\Greatis
2008-12-16 14:24:12 ----D---- C:\ProgramData\Google Updater
2008-12-13 14:28:26 ----D---- C:\Program Files\Safari
2008-12-13 14:10:02 ----D---- C:\Program Files\iPod
2008-12-13 14:09:50 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 14:09:50 ----D---- C:\Program Files\iTunes
2008-12-13 14:06:55 ----D---- C:\Program Files\QuickTime
2008-12-07 22:26:25 ----D---- C:\SDFix
2008-12-07 20:57:17 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-07 20:56:21 ----D---- C:\Users\Bobby\AppData\Roaming\SUPERAntiSpyware.com
2008-12-07 20:56:21 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-07 15:35:16 ----D---- C:\MSNCleaner
2008-12-07 02:55:21 ----D---- C:\Program Files\Panda Security
2008-12-07 01:44:24 ----D---- C:\ProgramData\Adobe Systems
2008-12-07 00:51:12 ----D---- C:\Program Files\Trend Micro
2008-12-06 23:44:09 ----D---- C:\ProgramData\FLEXnet
2008-12-06 21:14:06 ----A---- C:\Windows\ntbtlog.txt
2008-12-06 20:13:51 ----D---- C:\Users\Bobby\AppData\Roaming\Download Manager
2008-12-06 19:58:10 ----A---- C:\Windows\IsUninst.exe
2008-12-06 19:54:13 ----A---- C:\Windows\_delis32.ini
2008-12-06 19:23:39 ----HD---- C:\Windows\system32\share
2008-12-06 19:17:39 ----AD---- C:\ProgramData\TEMP
2008-12-06 19:17:37 ----A---- C:\Windows\system32\vbzip10.dll
2008-12-03 19:10:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-03 19:10:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-30 12:14:41 ----D---- C:\Users\Bobby\AppData\Roaming\.wyzo
2008-11-29 19:55:05 ----D---- C:\Program Files\Real
2008-11-29 19:54:59 ----D---- C:\Program Files\Common Files\Real
2008-11-29 19:54:38 ----D---- C:\Users\Bobby\AppData\Roaming\Real

======List of files/folders modified in the last 1 months======

2008-12-28 15:05:43 ----D---- C:\Windows\Temp
2008-12-28 14:59:57 ----D---- C:\Windows\system32\catroot
2008-12-28 14:54:41 ----D---- C:\Program Files\Windows Mail
2008-12-28 14:54:40 ----D---- C:\Windows\System32
2008-12-28 14:54:40 ----D---- C:\Windows\AppPatch
2008-12-28 14:54:38 ----D---- C:\Windows\system32\en-US
2008-12-28 14:54:38 ----D---- C:\Windows
2008-12-28 14:50:35 ----RD---- C:\Program Files
2008-12-28 14:50:33 ----HD---- C:\ProgramData
2008-12-28 12:12:40 ----SHD---- C:\Windows\Installer
2008-12-28 12:12:32 ----D---- C:\Program Files\Common Files
2008-12-28 12:11:20 ----SHD---- C:\System Volume Information
2008-12-28 12:10:49 ----D---- C:\Program Files\Java
2008-12-27 18:56:30 ----D---- C:\ProgramData\Microsoft Help
2008-12-27 18:55:35 ----D---- C:\Windows\winsxs
2008-12-27 18:53:25 ----A---- C:\Windows\win.ini
2008-12-27 18:32:07 ----D---- C:\Windows\system32\catroot2
2008-12-27 18:25:22 ----SD---- C:\Windows\Downloaded Program Files
2008-12-27 14:38:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-27 14:38:01 ----D---- C:\Windows\inf
2008-12-27 12:09:24 ----D---- C:\Windows\system32\drivers
2008-12-25 23:55:55 ----D---- C:\Windows\system32\Tasks
2008-12-25 23:37:02 ----D---- C:\Windows\twain_32
2008-12-25 23:34:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-21 21:31:25 ----D---- C:\Users\Bobby\AppData\Roaming\WinFF
2008-12-21 21:25:36 ----D---- C:\Windows\Prefetch
2008-12-16 15:35:38 ----D---- C:\Windows\Minidump
2008-12-16 14:27:11 ----D---- C:\Program Files\Google
2008-12-14 19:17:43 ----D---- C:\Program Files\Common Files\Adobe
2008-12-14 19:16:59 ----D---- C:\Program Files\Adobe
2008-12-14 19:16:07 ----D---- C:\Users\Bobby\AppData\Roaming\Adobe
2008-12-14 19:16:07 ----D---- C:\ProgramData\Adobe
2008-12-14 18:28:11 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 18:28:07 ----D---- C:\Users\Bobby\AppData\Roaming\Mozilla
2008-12-13 14:10:01 ----D---- C:\Program Files\Common Files\Apple
2008-12-09 16:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 01:36:12 ----D---- C:\ProgramData\PrevxCSI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-18 385072]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 261680]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-11-20 406672]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-29 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-13 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-18 921600]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-01-18 109616]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-09 1792792]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080320.009\NAVENG.SYS [2008-03-06 82256]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080320.009\NAVEX15.SYS [2008-03-06 895408]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-09-03 6144]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-10-30 12848]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-01 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-10-30 145968]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-10-30 39856]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 LVUVC;QuickCam Pro for Notebooks(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-10-11 3647384]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
S3 RegGuard;RegGuard; \??\C:\Windows\system32\Drivers\regguard.sys [2008-12-21 25773]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2008-05-01 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-06-21 257736]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-06-21 118464]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-06-21 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-16 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-20 107624]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-11-20 46736]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-11-20 49296]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-11-20 80552]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQL$OALM05;SQL Server (OALM05); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-08-01 1251720]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------


========== FILES ==========
C:\Windows\system32\winlogoo.exe moved successfully.
C:\Windows\system32\set.exe moved successfully.
C:\ProgramData\eMule moved successfully.
C:\Windows\system32\33.txt moved successfully.
C:\Program Files\LimeWire\lib moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\xml\schemas moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\xml\misc moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\xml\data moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\xml moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\themes\windows_theme moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\themes moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\promotion moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\certificate moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire\.AppSpecialShare moved successfully.
C:\Users\Bobby\AppData\Roaming\LimeWire moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_DYh2H3qnXrgaOfQ scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP000000FA6D46A0A70C79A4E9 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP000000FB485F8CAD42562479 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12282008_145033

Files moved on Reboot...
C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\Windows\temp\LVCOMSX.LOG moved successfully.
File C:\Windows\temp\sqlite_DYh2H3qnXrgaOfQ not found!
File C:\Windows\temp\TMP000000FA6D46A0A70C79A4E9 not found!
File C:\Windows\temp\TMP000000FB485F8CAD42562479 not found!
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm

Re: Vimax ads, pop-ups, and the like

Unread postby Shaba » December 29th, 2008, 6:08 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Vimax ads, pop-ups, and the like

Unread postby bobbyxcanxdisco » December 31st, 2008, 3:53 pm

Sorry for the delay, it's been pretty crazy around here.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 06:26:17
Records in database: 1536423
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 128202
Threat name: 6
Infected objects: 561
Suspicious objects: 0
Duration of the scan: 05:23:16


File name / Threat name / Threats count
C:\Users\Bobby\'\share\#1 Video Converter 5.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\1Click DVD Converter 1.1.3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\1Click DVD Copy Pro v3.2.8.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\3D Home Design Suite 4.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\3D World Atlas 2008.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\3planesoft 3D Screensavers 36-in-1 32-bit.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\7-Zip 4.60.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\A4DeskPro Flash Website Builder 1.30.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ABBYY FineReader v9.0.724.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Able Apples Melomania 1.8.3.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ableton Live 7.03.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acdsee Photo Manager 11.0.85.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acon Digital Media Acoustica Premium 4.1.0.382.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acronis True Image 2009 Home v12.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acronis True Image Home 2009 12 Build 9646.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acronis True Image Home 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Acronis Universal Restore BootCD.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Active Undelete 7.0.045.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Audition CS3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Captivate 3.0 .0.580.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe ColdFusion 8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Creative Suite 4 Master Collection.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Encore CS3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Flash CS3 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe FrameMaker 8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe GoLive 9.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Illustrator CS 3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe OnLocation CS3 3.0.1095.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop 7 (old but useful).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop CS3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop CS4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop Elem ents 6.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop Lightroom 2.1.512205.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Photoshop Lightroom 2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Premiere Pro CS4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adobe Visual Communi cator 3.0.3129.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Adult Downloads.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Advanced System Care Professional 3.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Advanced SystemCare 3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Advanced SystemCare Pro 3 RC1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Agama Web Buttons V2.66.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aio Warez.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aioforum.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aiseesoft DVD Ripper 3.2.16.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aiseesoft DVD to iPod Converter 3.2.16.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aiseesoft Mod Video Converter 3.1.22.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aiseesoft Total Video Converter 3.1.22.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Alcohol Audio 180 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Alcohol Audio 180% 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Alcohol Black Edition 4.08.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aleo Flash MP3 Player Builder 3.1.23.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Alien Skin Software Xenofex 2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\All Office Converter Pro 5.2.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Anti-Porn 9.1.3.29.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AnyDVD &amp; AnyDVD HD 6.4.9.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Apollo PSP Video Converter 4.0.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AppZone.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aqua Data Studio 7.0.17 for x64.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aqua Data Studio 7.0.17.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aquarium Life Screen Saver 3.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ASCII Art Studio 2.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ashampoo Burning Studio 2009 8.03.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ashampoo Burning Studio 7.32.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ashampoo PowerUP 3.23.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Auction Auto Bidder 6.1.608.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AutoCAD 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Autodesk Maya Unlimited + Essential Training (2008).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Autodesk Motion Builder 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Autodesk Revit Architecture 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AV Bros Page Curl Pro 2.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AVG Anti-Virus 8.0.200 Professional Edition.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AVG AntiVirus Plus Firewall 8.0.199.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Avira AntiVir Premium 8.1.0.367.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Avira Antivir Premium 8.2.0.370.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Avira AntiVir Premium 8.2.5..04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\AVS Video Converter 6.2.3.314.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Axialis IconWorkshop 6.32 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Aya All to Ringtone Converter 1.5.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\backstagearchiv.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Batch Watermark Creator 6.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\best 100 Portable Applications.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Beyond Compare V2.5.3.253.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Biorhythm Calculator 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\bLaCk FinaL.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blufftitler DX9 v7.06.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blumentals Easy GIF Animator Pro 4.8.1.39.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blumentals Rapid PHP 2008.9.3.0.101.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blumentals WeBuilder 2008 - v9.3.0.101.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blumentals WeBuilder 2008 9.3.0.101.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Blumentals WeBuilder 2008.9.3.0.101.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Cain &amp; Abel 4.9.18.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Cakewalk Pyro AudioCreator 1.5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Canopus Procoder 3.05.91.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Caricature Studio Green Screen 3.6 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CheckPoint ZoneAlarm ForceField 1.1.82.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CheckPoint ZoneAlarm Pro 8.0.59.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CheckPoint ZoneAlarm With Antivirus 8.0.59.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Clean My Pc Registry Cleaner 4.11.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ClockWatch Pro 4.2.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CloneCD 5.1.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Conduits Pocket Player 3.71.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CONNECTION_SPEED=3000.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\'\share\Convertxtodvd 3.3.0.96.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Cool DDL.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CoolSharez.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Copernic Desktop Search Corporate 3.0.0.61.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Core FTP Pro 2.1.1582.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Coreldraw X3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Cracks & Serials.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CyberLink DVD Suite Ultra 7.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CyberLink DVD Suite v7.0 Ultra.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CyberLink PowerCinema 6.0.0.1309.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CyberLink PowerDirector 7 Build 2305.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\CyberLink PowerDirector 7.00.2305.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Daemon Tools Pro 4.30.0303.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Dameware NT Utilities 6.8.0.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DameWare NT Utilities Software Suite 6.8.0.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Danware Netop School Student 6.0.2008329.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Danware Netop School Teacher 6.0.2008329.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Dead Disk Doctor 1.29.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Design Science MathType 6.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Desksware Desktop iCalendar 1.4.3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Desksware Power Favorites 1.7.4.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Destinator 8.0.20.21.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DFX Audio Enhancer 8.501.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Digitope Pixelshop 5.2.48.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Diskeeper 2009 13.0 Build 835 Pro Premier.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Diskeeper 2009 Pro Premier 13.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Diskeeper Pro Premier 2009 - 13.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Diskeeper Pro Premier 2009 13.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DiskMonitor 8.0.0.26.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Disktrix Ultimatedefrag 2008 2.0.0.53.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DivX 6.8.5.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Donarius 2.972.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Down4Me.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Download Accelerator Plus 8.7.0.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Download Accelerator Plus 9.0.0.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Download4um.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Dr.Web 4.44.1.12010.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Driver Magician 3.32.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVD Catalyst 3.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVD Next Copy Pro 2.9.8.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVD neXt COPY Ultimate v3.0.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Dvd Photo Slideshow Pro 7.92.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVD X Utilities v2.8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVD-Cloner Platinum 6.00.976.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVDFab Platinum 5.0.2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DVDFab Platinum 5.1.2.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DxO FilmPack 1.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DzSoft PHP Editor 4.214.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\DzSoft Quick Web Photo Resizer 2.6.0.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EarthDesk Pro 4.5.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EarthView 3.8.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EASEUS Partition Manager 3.0.1 Ultimate.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EASEUS Partition Manager v3.0.1 Ultimate Edition.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Easy Rapidshare Points v5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\eCover Engineer 5.41.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EditiX XML Editor 2008 SP5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\EditiX XML Editor 2008.SP5.b290908.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Emurasoft EmEditor Professional 8.01.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Error Repair Professional 3.8.9.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ESET Smart Security 3.0.672.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ExeDesk 3.0.5 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ExeDesk 3.0.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Explore Human Anatomy Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Extra Video Effect Editor 6.02.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Extralabs Feed Editor 5.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\eXtreme Movie Manager 6.5.4.0 Deluxe.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\F-secure Anti-virus 2009 V9.00.138.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\FDL4ALL.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\File Scavenger V3.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Flv To Avi Mpeg Wmv 3Gp Mp4 Ipod Converter 3.9.1108.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Folder Locker 5.9.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\FotoWare FotoStation Pro 6.0.122.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Foxit Reader Pro 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Full Shot Enterprise 9.5.1.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Game Collector Pro 3.0.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\GameJackal Pro 3.1.1.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\GetFLV Pro 7.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\GFI MailArchiver for Exchange 6.0.20081107.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\GFI MailEssentials for Exchange SMTP 14.0.20081024.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\GOM Media Player 2.1.9.3754.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Google Chrome 0.3.154.9.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Google Chrome 0.4.154.31 Beta (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Google Earth Pro 4.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\HandyFileSearch 1.1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Hard Disk Manager 2009 Pro 64bit.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Hard Disk Tune-Up 1.0.231.5346.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Hard Disk Tune-Up v1.0.231.5346.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Heatseek Gold Edition 1.3.4.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Heatseek Gold Edition v1.3.4.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Help And Manual Pro 5.0.6.668.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Hirens BootCD 9.6.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\HiYo 1.6.1.0186 (for Windows Live Messenger).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\IDM UltraCompare Professional 6.00.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\IDM UltraEdit 14.20.1.1000.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\iLead DVD to Blackberry 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Img Burn 2.4.2.0 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ImToo dvd to ipod converter v4.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Internet Download Manager 5.14.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Internet Download Manager 5.15 Bulid 3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Internet Download Manager 5.15.2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Internet Download Manager 5.15.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Internet Explorer 8. 8.0.6001.18241 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Invisible Secrets 4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\iTunes 8.0.0.35.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Jaws 8.4.23.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Jaws PDF Creator 4.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Jigsaw Puzzle 2.4.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Jump Jump Jelly Reactor 1.2.8.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Anti Hacker 1.9.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Anti-Virus 2009 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Antivirus 2009 8.0.0.454.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Internet Security & AV 6.0.2.615 Win.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Internet Security 2009 8.0.0.454.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Internet Security 2009 8.0.0.505.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Internet Security 2009 8.0.0.506.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Internet Security 7.0.1.325.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Virus Removal Tool 7.0.0.242.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kaspersky Virus Removal Tool 7.0.0.290 (12-03-08).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kerio WinRoute Firewall 6.5.1.5000.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kingsoft Office 2009 Professional 6.3.0.1733.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kingsoft Office 2009 Professional v6.3.0.1733 Portable.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Klocwork Insight 8.0.7.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kubotek KeyCreator 8.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kundli Pro 5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Kundli Professional Edition 5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Legendarydevils.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Limewire 4.18.8 Pro.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\LimeWire Pro 4.18.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Local Website Archive v2.1.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MainConcept 3.1 MPEG Pro HD Plug-in for Adobe Premiere .zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Malwarebytes Anti Malware 1.30 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Malwarebytes Anti-Malware 1.31 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Mask Surf Pro 2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Maya 2008 Unlimited (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\McAfee Firewall 8.5 Corporate.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\McAfee Total Protection 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MediaPortal 1.0.0.0 RC4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Memory Booster Gold 6.1.1.0162.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Microsoft Office 2007 Ultimate Edition with SP1 v12..zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Microsoft Office Enterprise 2007.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Microsoft Visual Studio 2008.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Microsoft Windows 7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MiniCapture 5.3.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MixVibes Cross 1.1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MKV to AVI Converter 3.4.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Mobile Net Switch V3.73.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MobiTechWorld.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Movie DVD Maker 2.6.1123.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Multi-Timer Ultimate 2.42.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Music Downloads.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\My Notes Keeper 1.9.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\My Video Converter 1.2.38.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MyEclipse Enterprise Workbench 6.6.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\MyUSBOnly 4.9.970.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Nero 9.2.5.0 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Nero 9.2.5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Nero Burning ROM 9.0.9.4d.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Nero Move it v1.2.17.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\NetSarang Xmanager Enterprise 3.0.0172.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\NetSupport School 10.01.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\NOD32 Antivirus 3.5.87.04 ultimate.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Nokia Security Code Resetter 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norman Malware Cleaner 10.22.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norton AntiVirus 2009 16.0.0.125.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norton AntiVirus 2009 Gaming Edition 16.1.0.33.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norton internet security 2008.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norton Internet Security 2009 - 16.1.0.33.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Norton Internet Security 2009 16.0.0.125.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Numerology 369 v1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\One Click Ringtone Converter platinum 2.1.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\OneStopSoft Video Converter 6.0.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\OneStopSoft Video Decompiler 5.5.0.4.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Online Radio Tuner 1.3.1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Opera 10.0.1139 Alpha 1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Panda Internet Security 2009 14.00.00.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Paragon Drive Backup 9.0 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Paragon Drive Backup v9.0 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ParetoLogic Privacy Controls 2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Passware Kit 7.9.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\PDF to Word Converter 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Pepakura Designer 3.0.3a.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Perfect Uninstaller 6.2.7 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Perfect Uninstaller 6.2.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\PerformanceTest 7.0 Beta 2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Pioneer DJS 1.601.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Pixela PixeZoom v1.0 (for Photoshop).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Portable BurnAware Professional 2.1.7 MultiLang.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\PowerSearch v3.4.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Prophecy Master 2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Prophecy Vista SP1 x32.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ProRat 2.0 Special.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Protector Plus 2008 8.0.E01.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Quick Heal Total Security 2008 9.50.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Quick Heal Total Security 2008 v9.50 Final.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Quicken WillMaker Plus 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\QuickOffice Premier Upgrade 6.0.208.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Rainlendar Pro 2.1.b38.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Rapidshare Plus 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Rapidshare Tools 2008 Collection.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\RAR Movie Previewer.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Realbasic 2008 - Release 4.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\RealPlayer 11 Gold Plus.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\RealPlayer Gold 11.0.0.477.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Remotely Anywhere 8 Pro System.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\RENSLT.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Repair Harddisk Bad Sector Pro 2008.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Replay Video Capture 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Rosetta Stone 3 3.2.11 (German Level 1-3).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\RS Downloads.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Samsung PC Studio 3.2.1 GL6.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sandboxie 3.32.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Searchlight 2.1.1 (Mac OS X).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\See Your Self After 20 Years (2008).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Seekers Oasis.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Seo Suite Professional Edition 8.0.39.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Serial Grabber 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Serial Grabber Pro.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Siemens Tecnomatix 8.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sisulizer Enterprise Edition 2008.277.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SkinStudio Pro 5.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SlySoft AnyDVD HD 6.4.8.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SmartSound Sonicfire Pro v5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SmartSVN Enterprise 5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sofimage XSI Advanced 7.01.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sony DVD Architect Studio 5.0a (build 173) (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sony DVD Architect Studio 5.0a (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sony Forge Audio Studio 9.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SourceGear Fortress 1.1.4.18402 for x64.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SourceGear Fortress 1.1.4.18402 for x86.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SourceGear Vault 4.1.4.18402 for x64.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SourceGear Vault 4.1.4.18402 for x86.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Speaking Notepad 5.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\spicyforums.com.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SpyHunter Security Suite v3.7.19.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Spyware Doctor 6.0.0.386.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SqlToTxt 1.1.3.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Sqlyog Enterprise 7.14.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Stardock WindowFX 3.10.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Studio V5 LogoMaker v2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SWF - FLV Toolbox 3.5.23.412.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\SWF Toolbox 3.5.23.412.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Symantec Antivirus Corporate Edition 10.2.2000.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Symantec Norton AntiVirus 10 Corporate.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Symantec Norton AntiVirus 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Symantec PCAnywhere 12.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Symantec System Center 10.1.8000.8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\System Mechanic 8.5 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\System Mechanic Pro 7.5.10.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\System Mechanic Professional 8.5.0.11.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Tag&amp;Rename 3.4.6.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Talking Clock 9.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Talking Dictionary v7.1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Theme XP Pack 1.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Timeline Maker Professional 2.05.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Titan FTP Server 6.24.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\TMPGEnc 4.0 XPress 4.6.3.267.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Torchsoft Registry Workshop 4.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Total Recorder Editor Pro 11.5.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Total Training Microsoft Expression Studio 2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Total Video Converter 3.14.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Total Video Converter 3.31.04.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Trillian Pro 3.1.12.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Trolltech Qt Visual Studio Integration v1.4.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\TuneUp Utilities 2009 8.0.1100.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\TuneUp utilities 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\TuneUp WinStyler Portable 4.1.2420.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Turbotax Premier 2008.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\tuxrepublic.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\UkScouseScene.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ulead Photo Express 6.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ultimate Brush Pack For Adobe Photoshop.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ultimate Defrag 2008 2.0.0.51.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ultra DVD Creator 2.6.1123.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ultra MP3 CD Burner 7.4.3.1953.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Ultra Video Converter 4.1.1123.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\UltraISO Premium Edition 9.32.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\UltraMixer Professional 2.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\UltraMixer Professional v2.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Uniblue RegistryBooster 2009 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Universal Maps Downloader 3.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Utorrent Turbo Booster 2.0.3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VanDyke ClientPack 6.1.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VanDyke SecureFX 6.1.3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Video DVD Maker Pro 3.7.0.17.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Videomach 5.0.5 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VIDEOzilla 2.8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Vista Codec Package 5.04 Final.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Vista Manager 2.0.0 x86 and x64.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Visual Basic 6 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VLC Media Player 0.9.7 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VMware Workstation v6.5.1-126130.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VSO ConvertXtoDVD 3.1.0.26.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VSO ConvertXtoDVD 3.3.0.96.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VSO PhotoDVD 2.9.6.1d.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\VSO Software CopyToDVD 4.1.8.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WarezNET.NET.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Watermark Master 2.2.8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Watto Studios Game Extractor 2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Web Button Maker Deluxe.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Web Cache Illuminator 5.3.0.2.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Webcam Max 5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WebcamMax 5.0.6.8.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WiFi Hopper 1.2 Build 2008-110600.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windows Live Messenger 9.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windows Server 2003 Special Edition 10 in 1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windows Update Agent V3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windows Vista Activator 2007.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windows XP Professional SP3.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Windowsgamez.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WINDOW_X=20.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\'\share\WINDOW_X=220.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\'\share\WinPatrol Plus 15.9.2008.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinRAR 3.80 Pro.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinRAR 3.80.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinTools NET Classic 10.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinTools NET Professional 10.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinTools.NET Professional 10.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\WinXP Manager 5.2.9.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Word Web 5.5.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Word2PDF Converter 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\XenCare Soft Lock 2.0.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Xilisoft DVD Creator 3.0.39.1121.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Xilisoft DVD Creator 3.0.39.1205.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Xilisoft DVD Ripper Ultimate 5.0.46.1128.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Xilisoft Media Toolkit Ultimate 5.0.44.1017.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\Yahoo! Messenger 9.0.0.2034.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\YaRRRR.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\YouTube Get 4.9.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ZC DVD Creator Platinum 6.2.7.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ZD Soft ZD Recorder 3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\'\share\ZoneAlarm Pro 8.0.059.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\AppData\Local\Ares\My Shared Folder\share\EXE Password Protector 1.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\AppData\Local\Ares\My Shared Folder\share\WINDOW_X=220.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\AppData\Local\Ares\My Shared Folder\share\WinRAR Password Remover 1.1.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\AppData\Local\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Paylap.jg 1
C:\Users\Bobby\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\790934C0-00000450.eml Infected: Trojan-Spy.HTML.Paylap.jg 1
C:\Users\Bobby\AppData\Local\VirtualStore\Windows\System32\share\WINDOW_X=20.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\AppData\Local\VirtualStore\Windows\System32\share\WINDOW_X=220.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\Localdir\Setup.zip Infected: Backdoor.Win32.Agent.vmo 1
C:\Users\Bobby\Setup.exe Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\share\WINDOW_X=220.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
C:\Users\Bobby\system32.exe Infected: Net-Worm.Win32.Kolab.aut 1
C:\Windows\System32\MRTMOONS.del Infected: Net-Worm.Win32.Kolab.aut 1
C:\_OTMoveIt\MovedFiles\12282008_145033\Windows\system32\set.exe Infected: Trojan.Win32.Agent.agwc 1
D:\Documents\LimeWire\Saved\share\CONNECTION_SPEED=3000.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
D:\Documents\LimeWire\Saved\share\WINDOW_X=20.zip Infected: Trojan-Dropper.Win32.Agent.xwb 1
D:\Documents\LimeWire\Shared\share\Ableton Live 7.0.3.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Adult Downloads.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Agama Web Buttons v2.66.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\AIOStop.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Alchemy Mindworks Screen Saver Construction Set v2.0a43.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\AnyDVD AnyDVD HD v6.4.9.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Apex Video Converter Super 7.54.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Articulate Quizmaker 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Ashampoo Antivirus 1.61.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Ashampoo PowerUp 3.23.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Auslogics Disk Defrag 1.5.19.330 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Autodesk 3ds Max 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Autodesk Motion Builder 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\BatchPhoto Pro 2.3.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Beyond Compare Pro 3.0.9.9222.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\BitDefender AntiVirus 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Blumentals WeBuilder 9.3.0.101.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Box Shot 3D 2.9.4.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\CCleaner 2.13.720 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Colasoft MAC Scanner Professional 2.2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\ColorWasher 2.03 for Adobe Photoshop.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Conceiva DownloadStudio 5.1.2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Convert X to DVD 3.2.155.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Cracks & Serials.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\CyberLink DVD Suite Ultra 7.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\CyberLink PowerCinema 6.0.2221.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Digitope Picture Converter 1.2.83.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\DiskMonitor 8.0.0.26.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\DivX Pro 6.8.4.7.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\East-Tec Eraser 2009 9.0.1.100.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\EditiX XML Editor 2008.SP5.b290908.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Elecard MPEG Player v5.5.15247.081119.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Error Repair Pro 3.87 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\ESET NOD32 Antivirus Buisness Edition 3.0.672.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\ESET Smart Security 3.0.669.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\EXE Password Protector 1.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\F-Prot Antivirus Corporate 6.0.9.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\file4ever.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Forumcraze.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Future Decks Pro v1.2.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Garmin City Navigator Europe NT 2008 (DVD).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\GFI MailArchiver For Exchange 6.0.20081107.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\GFI MailEssentials For Exchange SMTP 14.0.20081024.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Glary Utilities PRO 2.9.0.518.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Hard Disk Tune-Up 1.0.231.5346.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Hard Disk Tune-Up 1.0.231.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Help And Manual Pro 5.0.6.668.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\IDM UltraCompare Professional 6.00.3.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Image Video Machine 4.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\IndigoRose AutoPlay Media Studio 7.5 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Instant Color Picker 2.5.0.31.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Jit Bit Macro Recorder 3.64.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\K-Lite Codec Pack 4.3.4.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Kaspersky Anti-Virus 2009 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Kaspersky Anti-Virus 8.0.0.506.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Klocwork Insight 8.0.7.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Malware Defender v1.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Malwarebytes Anti Malware 1.30 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\MediaPortal 1.0.0.0 RC4.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Messenger Detect v2.86.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Microsoft Office 2007.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\MP3 Cutter and Joiner 2.20.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Music Downloads.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\My Notes Keeper 1.9.2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Native Instruments Traktor 3.3.2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Norton Gamer's Edition 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Norton Gamers Edition 2009.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\OneStopSoft Video Converter 6.0.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Outpost Security Suite Pro 2009 Build 6.5.2359.316.0607.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Paragon Drive Backup v9.0 Professional.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Paragon Partition Manager V9.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Perfect Menu v4.0.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Perfect Uninstaller 6.2.5.0 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Perfect Uninstaller 6.3.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Podmaxx 2009 v3.0.8.2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Raxco PerfectDisk 2008 Professional v9 Build 55.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Registry Mechanic v8.0.0.900.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Remote Desktop Control 2007.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Resco Keyboard Pro 5.11.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\RS Download.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Sandboxie 3.32.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Seekers Oasis.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Serial Grabber 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\SmartSound Sonicfire Pro 5.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\softwares world.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Speaking Notepad 5.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\spicyforums.com.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Super Cleaner 2.95 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\TechSmith.Camtasia.Studio 6.0.0.6.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\TextPad 5.20.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Total Training Microsoft Expression Studio 2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Total Uninstall 5 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Totaltext (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\UltimateDefrag 2008 2.0.0 (Portable).zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\UltraMixer Professional v2.2.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Video Fab Converter 1.0.1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\VMWare ThinApp (Thinstall) v4.0.0.200.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\VNC Enterprise Edition 4.4.2.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\VSO ConvertXtoDVD 3.3.0.96.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WallpapersMania #135,136.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WarezGarden.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WarezScene.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WebcamMax 5.0.6.8.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Website Ripper Copier 3.0.0.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WinCare Tech Memory Booster Gold 6.1.1.0162.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Windows Live Messenger 9.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Windowsgamez.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Winrar 3.80.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\WinRAR Password Remover 1.1.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Wondershare DVD Ripper Platinum 4.0.2.17.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Word2PDF Converter 1.0.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\Documents\LimeWire\Shared\share\Xilisoft Media Toolkit Ultimate 5.0.44.1017.zip Infected: Backdoor.Win32.Agent.vmo 1
D:\resycled\boot.com Infected: Packed.Win32.Krap.d 1

The selected area was scanned.


-------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:49 PM, on 12/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Bobby\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://taturousushi.miemasu.net/bl_camera.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/Game ... meHost.cab
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/M ... Upload.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14858 bytes
bobbyxcanxdisco
Active Member
 
Posts: 11
Joined: December 23rd, 2008, 9:39 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 491 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware