Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Security.Hijack Itunes.exe?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Security.Hijack Itunes.exe?

Unread postby Powderhoney » April 25th, 2011, 6:38 pm

Ello, I recently just scanned my laptop with Malwarebytes and it found a security.hijack/itunes.exe [something like this], it said it removed it, however, I remember that just a few weeks ago I had various problems and this itunes.exe hijack appeared then. I came here and everything was resolved or seemed to be...but after this scan it seems this itunes.exe security hijack has come back. So I'm just concerned it is still not removed...



DDS Log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Myron at 23:35:42.50 on 25/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1642 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Windows\system32\dgdersvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\PLFSetI.exe
C:\Users\Myron\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Myron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Myron\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk
mStart Page = hxxp://en.uk.acer.yahoo.com
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [cacaoweb] "c:\users\myron\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
IFEO: keepass.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: pictureviewer.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: quicktimeplayer.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
IFEO: skype.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\
FF - prefs.js: browser.search.selectedEngine - Plusmedia uk Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox ... B:official
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\myron\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\myron\appdata\roaming\mozilla\firefox\profiles\kx22y9ex.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\myron\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Plusmedia uk Community Toolbar: {193d7001-bd9f-48c2-b5c7-69775aa2201d} - %profile%\extensions\{193d7001-bd9f-48c2-b5c7-69775aa2201d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\myron\appdata\roaming\idm\idmmzcc3
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2009-11-29 43184]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-8 53816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-3-7 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-3-7 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110419.001\BHDrvx86.sys [2011-4-20 802936]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110421.001\IDSvix86.sys [2011-4-22 353912]
R1 RapportCerberus_25973;RapportCerberus_25973;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\25973\RapportCerberus_25973.sys [2011-4-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-8 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-8 158904]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-3-7 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-3-7 330360]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/03 13:27:34];c:\program files\acer arcade deluxe\playmovie\000.fcl [2009-11-29 87536]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-11-29 75048]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2009-11-29 3474432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-25 363344]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.5.0.125\ccsvchst.exe [2011-3-7 130000]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2009-11-29 122368]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-8 870200]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-3-30 1523008]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-22 599344]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-15 102448]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-25 20952]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-22 40752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-8 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-12-8 30312]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-5-15 36640]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-3-21 84240]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-8 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-12-8 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-12-8 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2010-12-8 98152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-11-29 233472]
.
=============== Created Last 30 ================
.
2011-04-25 12:34:19 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-04-25 12:34:19 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-04-25 12:34:18 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-04-24 13:19:01 -------- d-----w- c:\users\myron\appdata\local\Irrational Games
2011-04-24 13:12:17 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-04-23 17:33:54 -------- d-----w- c:\users\myron\appdata\roaming\PACE Anti-Piracy
2011-04-23 17:33:54 -------- d-----w- c:\users\myron\appdata\local\PACE Anti-Piracy
2011-04-23 17:33:54 -------- d-----w- c:\program files\common files\PACE Anti-Piracy
2011-04-23 17:33:54 -------- d-----w- c:\progra~2\PACE Anti-Piracy
2011-04-23 11:19:40 -------- d-----w- c:\users\myron\appdata\roaming\Antares
2011-04-23 11:19:37 -------- d-----w- c:\program files\Antares Audio Technologies
2011-04-23 11:01:50 -------- d-----w- c:\users\myron\appdata\roaming\SynthMaker
2011-04-23 10:59:44 -------- d-----w- c:\users\myron\appdata\roaming\Acoustica
2011-04-23 10:59:43 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2011-04-23 10:56:40 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-04-23 10:50:23 -------- d-----w- c:\program files\VST
2011-04-23 10:50:23 -------- d-----w- c:\progra~2\Acoustica
2011-04-23 10:46:24 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-04-22 18:08:16 -------- d-----w- c:\program files\AMD APP
2011-04-20 16:51:21 -------- d-----w- c:\users\myron\appdata\local\Trusteer
2011-04-19 19:49:31 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-04-19 19:49:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-04-15 13:14:09 -------- d-----w- c:\users\myron\appdata\roaming\cacaoweb
2011-04-14 22:50:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-14 09:53:33 -------- d-----w- c:\program files\Yuna Software
2011-04-14 09:53:02 -------- d-----w- c:\program files\QuickSFV
2011-04-09 15:55:41 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-04-08 19:55:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-08 19:55:20 -------- d-----w- c:\users\myron\appdata\local\temp
2011-04-08 16:06:56 -------- d-----w- c:\program files\MozBackup
2011-04-08 09:17:38 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-04-09 12:07:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 17:02:28 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-21 18:56:22 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-21 18:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 18:55:46 12385792 ----a-w- c:\windows\system32\amdocl.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-09 05:19:22 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 04:57:04 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56:54 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 04:53:44 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53:18 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:52:54 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:51:56 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 04:51:42 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:51:34 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 04:51:28 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:48:46 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 04:34:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 04:34:22 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 04:32:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 04:30:30 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 04:18:08 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:17:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17:48 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 04:17:00 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 04:16:48 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 04:16:24 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-03-09 04:11:04 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-09 03:42:06 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 03:34:12 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 03:18:52 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 03:18:52 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 23:36:28.60 ===============
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm
Advertisement
Register to Remove

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » April 29th, 2011, 3:28 pm

Hi.
Checking your log now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » April 29th, 2011, 3:48 pm

Hi Powderhoney we meet again, welcome back to Malware Removal Forum, sorry for the delay in getting to your topic.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


I know you have run Malwarebytes Anti-Malware previously but please run it again.
  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

    Please download RSIT by random/random... and save it to your desktop.
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Security.Hijack Itunes.exe?

Unread postby Powderhoney » April 30th, 2011, 5:57 am

Hello! Thank you for the help! ^_^ Erm...so far I haven't really seen any unsual computer performance, although, after the infection I got a couple of weeks ago that I had help from here to deal with I have noticed that my firefox has been a bit dodgey with certain websites by saying that the information typed in is going over an unencrypted network, this was on a train website while buying a ticket at the Verify Visa part of the transaction and when I would click okay on this warning it would some not a valid URL and not load. This also about 3-5 days ago when I tried to pay my university accomodation fees. Got the same warning and then is said that the url is not allowed....

Here is the Mbam log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6477

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

30/04/2011 10:46:58
mbam-log-2011-04-30 (10-46-58).txt

Scan type: Quick scan
Objects scanned: 164477
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT's log file:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Myron at 2011-04-30 10:47:47
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 23 GB (20%) free of 114 GB
Total RAM: 3070 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:01, on 30/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Users\Myron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Myron\Desktop\rsit.exe
C:\Program Files\trend micro\Myron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11050 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Epson Printer Software Downloader.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-04-15 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL [2010-12-01 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-04 1037608]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-03-12 397312]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-11-29 3659264]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-04-28 809480]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2011-04-25 3298712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-11-29 3024896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Myron\AppData\Roaming\cacaoweb\cacaoweb.exe"="C:\Users\Myron\AppData\Roaming\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-30 10:47:50 ----D---- C:\Program Files\trend micro
2011-04-30 10:47:47 ----D---- C:\rsit
2011-04-28 20:15:34 ----D---- C:\Users\Myron\AppData\Roaming\IDM
2011-04-28 20:15:20 ----D---- C:\Program Files\Internet Download Manager
2011-04-28 15:38:22 ----D---- C:\Users\Myron\AppData\Roaming\Real
2011-04-28 00:22:41 ----D---- C:\Temp
2011-04-27 23:59:23 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2011-04-27 23:59:22 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdwhnt.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdwh.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdmdm.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdmdfl.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdcmnt.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdcm.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdbus.sys
2011-04-27 23:58:01 ----A---- C:\Windows\system32\Redemption.dll
2011-04-27 23:57:48 ----D---- C:\Program Files\MarkAny
2011-04-27 23:57:48 ----A---- C:\Windows\system32\KiesDeviceErrorRecv.exe
2011-04-27 23:57:48 ----A---- C:\Windows\system32\drivers\dgderdrv.sys
2011-04-27 23:57:48 ----A---- C:\Windows\system32\DIFxAPI.dll
2011-04-27 23:57:48 ----A---- C:\Windows\system32\dgderapi.dll
2011-04-27 23:46:41 ----D---- C:\Program Files\Common Files\Java
2011-04-27 23:46:23 ----A---- C:\Windows\system32\javaws.exe
2011-04-27 23:46:23 ----A---- C:\Windows\system32\javaw.exe
2011-04-27 23:46:23 ----A---- C:\Windows\system32\java.exe
2011-04-27 23:33:06 ----A---- C:\Windows\ntbtlog.txt
2011-04-27 11:37:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-27 11:37:45 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-04-27 11:37:32 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-26 22:09:13 ----D---- C:\Program Files\UltraISO
2011-04-25 16:41:51 ----A---- C:\Windows\system32\drivers\idmwfp.sys
2011-04-25 13:34:19 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-04-25 13:34:19 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-04-25 13:34:18 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-04-24 14:12:17 ----A---- C:\Windows\system32\CmdLineExt03.dll
2011-04-23 18:33:54 ----D---- C:\Users\Myron\AppData\Roaming\PACE Anti-Piracy
2011-04-23 18:33:54 ----D---- C:\ProgramData\PACE Anti-Piracy
2011-04-23 18:33:54 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2011-04-23 12:19:40 ----D---- C:\Users\Myron\AppData\Roaming\Antares
2011-04-23 12:19:37 ----D---- C:\Program Files\Antares Audio Technologies
2011-04-23 12:01:50 ----D---- C:\Users\Myron\AppData\Roaming\SynthMaker
2011-04-23 11:59:44 ----D---- C:\Users\Myron\AppData\Roaming\Acoustica
2011-04-23 11:59:43 ----A---- C:\Windows\system32\Wnaspint.dll
2011-04-23 11:56:40 ----D---- C:\Program Files\Acoustica Shared Effects
2011-04-23 11:50:23 ----D---- C:\ProgramData\Acoustica
2011-04-23 11:50:23 ----D---- C:\Program Files\VST
2011-04-23 11:46:24 ----D---- C:\Program Files\Acoustica Mixcraft 5
2011-04-22 19:08:19 ----D---- C:\ProgramData\ATI
2011-04-22 19:08:16 ----D---- C:\Program Files\AMD APP
2011-04-19 20:49:31 ----A---- C:\Windows\system32\uxtuneup.dll
2011-04-19 20:49:31 ----A---- C:\Windows\system32\authuitu.dll
2011-04-14 23:51:27 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 23:51:26 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 23:51:24 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-14 23:51:19 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 23:51:19 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 23:51:16 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-14 23:51:16 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-14 23:51:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 23:51:09 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 23:51:04 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-14 10:53:33 ----D---- C:\Program Files\Yuna Software
2011-04-14 10:53:02 ----D---- C:\Program Files\QuickSFV
2011-04-14 10:52:43 ----RASH---- C:\MSDOS.SYS
2011-04-14 10:52:43 ----RASH---- C:\IO.SYS
2011-04-10 11:35:52 ----A---- C:\Windows\system32\wininet.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\urlmon.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\msrating.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\msls31.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\iertutil.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-10 11:35:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-10 11:35:51 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\ieui.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\ieframe.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\url.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iesetup.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iernonce.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-10 11:35:50 ----A---- C:\Windows\system32\icardie.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\wextract.exe
2011-04-10 11:35:49 ----A---- C:\Windows\system32\webcheck.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\inseng.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\iexpress.exe
2011-04-10 11:35:48 ----A---- C:\Windows\system32\vbscript.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\occache.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\mshtml.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\mshta.exe
2011-04-10 11:35:48 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-10 11:35:47 ----A---- C:\Windows\system32\jscript9.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\jscript.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\imgutil.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\iepeers.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\ieakui.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\advpack.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\admparse.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-10 11:35:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-09 16:55:15 ----D---- C:\Program Files\QuickTime
2011-04-09 13:08:17 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-04-09 02:46:51 ----D---- C:\Windows\TEMP
2011-04-08 20:55:24 ----SHD---- C:\$RECYCLE.BIN
2011-04-08 19:21:22 ----D---- C:\Windows\ERDNT
2011-04-08 19:17:40 ----D---- C:\Qoobox
2011-04-08 17:06:56 ----D---- C:\Program Files\MozBackup
2011-04-08 10:17:38 ----A---- C:\Windows\system32\drivers\RapportKELL.sys
2011-04-07 22:04:10 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2011-04-30 10:48:01 ----D---- C:\Windows\Prefetch
2011-04-30 10:47:50 ----RD---- C:\Program Files
2011-04-30 10:40:25 ----D---- C:\Windows\System32
2011-04-30 10:40:25 ----D---- C:\Windows\inf
2011-04-30 10:40:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-30 10:34:22 ----D---- C:\Program Files\Common Files\Akamai
2011-04-30 10:34:13 ----SHD---- C:\System Volume Information
2011-04-30 00:49:09 ----D---- C:\Users\Myron\AppData\Roaming\DMCache
2011-04-30 00:33:38 ----A---- C:\Windows\avisplitter.INI
2011-04-29 13:01:49 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 22:36:43 ----SHD---- C:\Windows\Installer
2011-04-28 20:15:46 ----D---- C:\Windows\system32\drivers
2011-04-28 16:35:19 ----D---- C:\Users\Myron\AppData\Roaming\Skype
2011-04-28 16:13:07 ----D---- C:\Users\Myron\AppData\Roaming\skypePM
2011-04-28 10:58:24 ----D---- C:\Windows
2011-04-28 03:04:59 ----D---- C:\Windows\system32\catroot
2011-04-28 03:04:44 ----D---- C:\Windows\winsxs
2011-04-28 03:04:43 ----D---- C:\Windows\AppPatch
2011-04-28 03:00:53 ----D---- C:\Windows\Debug
2011-04-27 23:58:59 ----D---- C:\Windows\system32\catroot2
2011-04-27 23:57:47 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-27 23:55:40 ----D---- C:\Program Files\PC Connectivity Solution
2011-04-27 23:46:41 ----D---- C:\Program Files\Common Files
2011-04-27 23:46:11 ----D---- C:\Program Files\Java
2011-04-27 18:57:30 ----D---- C:\Program Files\Electronic Arts
2011-04-25 13:34:05 ----RSD---- C:\Windows\assembly
2011-04-24 23:22:23 ----D---- C:\ProgramData
2011-04-24 14:12:54 ----D---- C:\Program Files\Common Files\InstallShield
2011-04-23 23:13:57 ----A---- C:\Windows\Sandboxie.ini
2011-04-23 18:38:43 ----ASD---- C:\ProgramData\Microsoft
2011-04-23 18:38:43 ----AD---- C:\Program Files\Common Files\microsoft shared
2011-04-22 19:08:03 ----D---- C:\Program Files\ATI Technologies
2011-04-22 17:50:57 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-22 12:17:11 ----RD---- C:\Program Files\Skype
2011-04-22 00:22:40 ----D---- C:\Program Files\s3pe
2011-04-22 00:09:29 ----D---- C:\ProgramData\Adobe
2011-04-22 00:08:41 ----SD---- C:\Users\Myron\AppData\Roaming\Microsoft
2011-04-22 00:08:41 ----D---- C:\Users\Myron\AppData\Roaming\Adobe
2011-04-19 20:49:12 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-04-19 19:36:01 ----D---- C:\Program Files\Launch Manager
2011-04-18 15:46:44 ----A---- C:\Windows\system32\mrt.exe
2011-04-17 21:02:40 ----D---- C:\Windows\Microsoft.NET
2011-04-15 16:21:42 ----D---- C:\Program Files\Windows Mail
2011-04-15 12:18:33 ----D---- C:\ProgramData\Microsoft Help
2011-04-15 11:57:24 ----D---- C:\Windows\system32\config
2011-04-15 11:57:24 ----D---- C:\Boot
2011-04-14 11:15:19 ----D---- C:\ProgramData\Messenger Plus!
2011-04-14 05:07:59 ----A---- C:\Windows\system32\deployJava1.dll
2011-04-10 18:50:25 ----D---- C:\Windows\rescache
2011-04-10 15:05:30 ----D---- C:\Program Files\Internet Explorer
2011-04-10 15:05:29 ----RD---- C:\Windows\Offline Web Pages
2011-04-10 15:05:29 ----D---- C:\Windows\system32\wbem
2011-04-10 15:05:29 ----D---- C:\Windows\system32\migration
2011-04-10 15:05:29 ----D---- C:\Windows\system32\en-US
2011-04-10 15:05:29 ----D---- C:\Windows\PolicyDefinitions
2011-04-10 15:05:25 ----SD---- C:\Windows\Downloaded Program Files
2011-04-09 13:11:30 ----D---- C:\Program Files\Common Files\Adobe
2011-04-09 13:11:20 ----D---- C:\Program Files\Adobe
2011-04-08 20:53:04 ----A---- C:\Windows\system.ini
2011-04-08 20:52:55 ----D---- C:\Windows\system32\drivers\etc
2011-04-06 01:01:37 ----D---- C:\Windows\en-US
2011-04-05 23:16:52 ----D---- C:\Users\Myron\AppData\Roaming\KeePass
2011-04-04 14:58:46 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2009-11-29 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-05 18992]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2011-04-08 53816]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-02 691696]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2009-05-21 90472]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [2011-04-15 802936]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2011-03-08 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110428.002\IDSvix86.sys [2011-03-14 353912]
R1 RapportCerberus_25973;RapportCerberus_25973; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [2011-04-13 57144]
R1 RapportEI;RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-08 66360]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-08 158904]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS [2010-11-23 50168]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2010-05-15 5632]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/03 13:27:34]; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 87536]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-08 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2009-08-05 48640]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-12-20 20952]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110429.002\NAVENG.SYS [2011-04-25 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110429.002\NAVEX15.SYS [2011-04-25 1393144]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2009-12-01 119296]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS [2010-11-23 509560]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-03-07 126512]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-04 196784]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
S3 akmhvf3x;akmhvf3x; C:\Windows\system32\drivers\akmhvf3x.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 30312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-03-08 20032]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-08 2554368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 132424]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-11-12 32768]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-09 176128]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-11-29 3474432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-07 110592]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-12-01 66560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-22 599344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-08 136176]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe []
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-08 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-10-25 217088]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S4 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

-----------------EOF-----------------


RSIT's Info file:

info.txt logfile of random's system information tool 1.08 2011-04-30 10:48:06

======Uninstall list======

-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" "1033" "0"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer Bio Protection

AAV 6.0.00.12-->"C:\Program Files\Acer\Acer Bio Protection\uninstall.exe"
Acer Crystal Eye webcam Ver:1.1.58.429-->C:\Program Files\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->"C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x9 -removeonly
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 5-->C:\PROGRA~1\ACOUST~1\Unwise.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Reader X (10.0.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Agere Systems HDA Modem-->agrsmdel
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
Antares Auto-Tune Evo VST-->MsiExec.exe /X{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
ATI Catalyst Install Manager-->msiexec /q/x{BC1E438B-1292-C544-D333-6D9E7D9D8726} REBOOT=ReallySuppress
Catalyst Control Center - Branding-->MsiExec.exe /I{0E33EC53-22CE-426C-A88B-2AAC231BAC85}
CCleaner-->"D:\Program Files\CCleaner\uninst.exe"
Champions Online-->D:\Program Files\Cryptic Studios\Uninstall Champions Online.exe
Deadly Sin 2 Shining Faith 1.00-->D:\Program Files\Deadly Sin 2 Shining Faith\Uninstall.exe
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}" "1033" "0"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}\SETUP.EXE -runfromtemp -l0x0009 UNINST -removeonly
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x9 -u
Epson Printer Software Downloader-->MsiExec.exe /I{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}
Epson Printer Software Downloader-->MsiExec.exe /I{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Epson Stylus SX210_SX410_TX210_TX410 Manual-->C:\Program Files\EPSON\TPMANUAL\ESSX210_410_TX210_410\ENG\USE_G\DOCUNINS.EXE
EPSON SX210 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFDE.EXE /R /APD /P:"EPSON SX210 Series"
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Freedom Force® vs The 3rd Reich-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{97573806-3C00-4CE0-9D31-3925DD845DCE}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Glary Utilities 2.29.0.1032-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}
Java(TM) 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
KeePass Password Safe 2.14-->"C:\Program Files\KeePass Password Safe 2\unins000.exe"
K-Lite Mega Codec Pack 3.6.5-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Classic - Home Cinema v. 1.3.1249.0-->"C:\Program Files\MPC HomeCinema\unins000.exe"
Messenger Plus! 5-->C:\Program Files\Yuna Software\Messenger Plus!\Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MozBackup 1.5.1-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox 4.0.1 (x86 en-GB)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
Norton 360-->MsiExec.exe /I{F413B69D-4AD6-42AB-AEA5-0548989FAD50}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.5.0.125\InstStub.exe /X /ARP
Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
Oliveair Games-->"C:\Windows\Oliveair Games Uninstaller.exe"
PCSX2 - Playstation 2 Emulator-->D:\Program Files\PCSX2 0.9.7\Uninst-pcsx2-r3878.exe
QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Rapport-->msiexec /x{1DD81E7D-0D28-4ceb-87B2-C041A4FCB215} /lvx+ "C:\ProgramData\Trusteer\Rapport\logs\uninstall.log"
Rapport-->MsiExec.exe /X{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
s3pe - Sims3 Package Editor-->"C:\Program Files\s3pe\uninst-s3pe.exe"
Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe
Sandboxie 3.42-->"C:\Windows\Installer\SandboxieInstall.exe" /remove
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft Excel 2010 (KB2466146)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4D3B2D30-46D3-4DC0-BA73-85306B10E0AE}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2289161)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F134C2C6-30B3-4169-A325-58482B4CE6FC}" "1033" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1033" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1033" "0"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims™ 3 Ambitions-->"C:\Program Files\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Fast Lane Stuff-->"C:\Program Files\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 High-End Loft Stuff-->"C:\Program Files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\Sims3SP01Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Late Night-->"C:\Program Files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Outdoor Living Stuff-->"C:\Program Files\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\Sims3SP03Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 World Adventures-->"C:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0009 -removeonly
TuneUp Utilities 2011-->C:\Program Files\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{556146F7-74AE-4E0A-B64F-5B8B93469F61}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B5516874-E926-4BFD-B412-D0E70112F244}" "1033" "0"
Update for Microsoft Office 2010 (KB2413186)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{D6CE7280-6EE3-419A-8F47-DB111C040B1B}" "1033" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2493983)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{309EEC22-83CE-4109-B019-BA9392FAA322}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}" "1033" "0"
Update for Microsoft Outlook Social Connector (KB2441641)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{10B78785-65AE-4FDB-B598-73A8EC8598B0}" "1033" "0"
Validity Sensors software-->MsiExec.exe /X{567E8236-C414-4888-8211-3D61608D57AE}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
WIDCOMM Bluetooth Software 6.0.1.5000-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Myron-PC
Event Code: 7024
Message: The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
Record Number: 182729
Source Name: Service Control Manager
Time Written: 20110123204002.000000-000
Event Type: Error
User:

Computer Name: Myron-PC
Event Code: 2511
Message: The server service was unable to recreate the share Media Assignment because the directory C:\Users\Myron\Documents\OneNote Notebooks\Media Assignment no longer exists. Please run "net share Media Assignment /delete" to delete the share, or recreate the directory C:\Users\Myron\Documents\OneNote Notebooks\Media Assignment.
Record Number: 182623
Source Name: Server
Time Written: 20110123203742.000000-000
Event Type: Warning
User:

Computer Name: Myron-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 182606
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110121124409.575759-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Myron-PC
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\IWMSSvc.dll

Record Number: 182602
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110121124408.811359-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Myron-PC
Event Code: 7024
Message: The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).
Record Number: 182542
Source Name: Service Control Manager
Time Written: 20110121101010.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Myron-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13646
Source Name: Microsoft-Windows-WMI
Time Written: 20100602171137.000000-000
Event Type: Error
User:

Computer Name: Myron-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13618
Source Name: Microsoft-Windows-WMI
Time Written: 20100602154248.000000-000
Event Type: Error
User:

Computer Name: Myron-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
7 user registry handles leaked from \Registry\User\S-1-5-21-1005549383-1416332002-2889115387-1000:
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000\Software\Microsoft\SystemCertificates\Root
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000\Software\Microsoft\SystemCertificates\CA
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000\Software\Policies\Microsoft\SystemCertificates
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 744 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1005549383-1416332002-2889115387-1000\Software\Microsoft\SystemCertificates\trust

Record Number: 13595
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100602011216.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Myron-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13585
Source Name: Microsoft-Windows-WMI
Time Written: 20100601143949.000000-000
Event Type: Error
User:

Computer Name: Myron-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13551
Source Name: Microsoft-Windows-WMI
Time Written: 20100601110046.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Myron-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 51232
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101203173103.422585-000
Event Type: Audit Success
User:

Computer Name: Myron-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MYRON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2dc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 51231
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101203173103.422585-000
Event Type: Audit Success
User:

Computer Name: Myron-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: MYRON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2dc
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 51230
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101203173103.422585-000
Event Type: Audit Success
User:

Computer Name: Myron-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 51229
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101203173103.235384-000
Event Type: Audit Success
User:

Computer Name: Myron-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MYRON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-20
Account Name: NETWORK SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e4
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2dc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 51228
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101203173103.235384-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Samsung\Samsung PC Studio 3;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

-----------------EOF-----------------
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » April 30th, 2011, 6:40 am

Hi Powderhoney.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Messenger Plus!

Next.

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select "Run As Administrator" to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select "Run As Administrator" to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    akmhvf3x
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "0BF43445-2F28-4351-9252-17FE6E806AA0"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "C55BBCD6-41AD-48AD-9953-3609C48EACC7"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "32099AAC-C132-4136-9E9A-4E364A424E17"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
    
    :Files
    C:\ProgramData\Messenger Plus!
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • ESET log.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Security.Hijack Itunes.exe?

Unread postby Powderhoney » April 30th, 2011, 11:43 am

OTM log:

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named akmhvf3x was found to stop!
Service\Driver key akmhvf3x not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\0BF43445-2F28-4351-9252-17FE6E806AA0 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\C55BBCD6-41AD-48AD-9953-3609C48EACC7 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\32099AAC-C132-4136-9E9A-4E364A424E17 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
========== FILES ==========
C:\ProgramData\Messenger Plus!\Promotions\Cache folder moved successfully.
C:\ProgramData\Messenger Plus!\Promotions folder moved successfully.
C:\ProgramData\Messenger Plus! folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Myron\Desktop\cmd.bat deleted successfully.
C:\Users\Myron\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Myron
->Temp folder emptied: 8707862 bytes
->Temporary Internet Files folder emptied: 558316 bytes
->Java cache emptied: 5703807 bytes
->FireFox cache emptied: 60620169 bytes
->Flash cache emptied: 10693 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1264 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63096233 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13609 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 04302011_142624

Files moved on Reboot...

Registry entries deleted on Reboot...


RSIT Log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Myron at 2011-04-30 14:52:51
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 22 GB (19%) free of 114 GB
Total RAM: 3070 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:59, on 30/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Myron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Myron\Desktop\RSIT.exe
C:\Program Files\trend micro\Myron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 11019 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Epson Printer Software Downloader.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-04-15 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL [2010-12-01 210360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll [2010-12-04 433080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-04 1037608]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-03-12 397312]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"=C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [2009-11-29 3659264]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-04-28 809480]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2011-04-25 3298712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll [2009-11-29 3024896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Myron\AppData\Roaming\cacaoweb\cacaoweb.exe"="C:\Users\Myron\AppData\Roaming\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-04-30 14:26:24 ----D---- C:\_OTM
2011-04-30 14:24:05 ----D---- C:\Program Files\ERUNT
2011-04-30 10:47:50 ----D---- C:\Program Files\trend micro
2011-04-30 10:47:47 ----D---- C:\rsit
2011-04-28 20:15:34 ----D---- C:\Users\Myron\AppData\Roaming\IDM
2011-04-28 20:15:20 ----D---- C:\Program Files\Internet Download Manager
2011-04-28 15:38:22 ----D---- C:\Users\Myron\AppData\Roaming\Real
2011-04-28 00:22:41 ----D---- C:\Temp
2011-04-27 23:59:23 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2011-04-27 23:59:23 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2011-04-27 23:59:22 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdwhnt.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdwh.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdmdm.sys
2011-04-27 23:59:06 ----A---- C:\Windows\system32\drivers\sscdmdfl.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdcmnt.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdcm.sys
2011-04-27 23:59:05 ----A---- C:\Windows\system32\drivers\sscdbus.sys
2011-04-27 23:58:01 ----A---- C:\Windows\system32\Redemption.dll
2011-04-27 23:57:48 ----D---- C:\Program Files\MarkAny
2011-04-27 23:57:48 ----A---- C:\Windows\system32\KiesDeviceErrorRecv.exe
2011-04-27 23:57:48 ----A---- C:\Windows\system32\drivers\dgderdrv.sys
2011-04-27 23:57:48 ----A---- C:\Windows\system32\DIFxAPI.dll
2011-04-27 23:57:48 ----A---- C:\Windows\system32\dgderapi.dll
2011-04-27 23:46:41 ----D---- C:\Program Files\Common Files\Java
2011-04-27 23:46:23 ----A---- C:\Windows\system32\javaws.exe
2011-04-27 23:46:23 ----A---- C:\Windows\system32\javaw.exe
2011-04-27 23:46:23 ----A---- C:\Windows\system32\java.exe
2011-04-27 23:33:06 ----A---- C:\Windows\ntbtlog.txt
2011-04-27 11:37:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-27 11:37:45 ----A---- C:\Windows\system32\Apphlpdm.dll
2011-04-27 11:37:32 ----A---- C:\Windows\system32\XpsPrint.dll
2011-04-26 22:09:13 ----D---- C:\Program Files\UltraISO
2011-04-25 16:41:51 ----A---- C:\Windows\system32\drivers\idmwfp.sys
2011-04-25 13:34:19 ----A---- C:\Windows\system32\d3dx10_40.dll
2011-04-25 13:34:19 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2011-04-25 13:34:18 ----A---- C:\Windows\system32\D3DX9_40.dll
2011-04-24 14:12:17 ----A---- C:\Windows\system32\CmdLineExt03.dll
2011-04-23 18:33:54 ----D---- C:\Users\Myron\AppData\Roaming\PACE Anti-Piracy
2011-04-23 18:33:54 ----D---- C:\ProgramData\PACE Anti-Piracy
2011-04-23 18:33:54 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2011-04-23 12:19:40 ----D---- C:\Users\Myron\AppData\Roaming\Antares
2011-04-23 12:19:37 ----D---- C:\Program Files\Antares Audio Technologies
2011-04-23 12:01:50 ----D---- C:\Users\Myron\AppData\Roaming\SynthMaker
2011-04-23 11:59:44 ----D---- C:\Users\Myron\AppData\Roaming\Acoustica
2011-04-23 11:59:43 ----A---- C:\Windows\system32\Wnaspint.dll
2011-04-23 11:56:40 ----D---- C:\Program Files\Acoustica Shared Effects
2011-04-23 11:50:23 ----D---- C:\ProgramData\Acoustica
2011-04-23 11:50:23 ----D---- C:\Program Files\VST
2011-04-23 11:46:24 ----D---- C:\Program Files\Acoustica Mixcraft 5
2011-04-22 19:08:19 ----D---- C:\ProgramData\ATI
2011-04-22 19:08:16 ----D---- C:\Program Files\AMD APP
2011-04-19 20:49:31 ----A---- C:\Windows\system32\uxtuneup.dll
2011-04-19 20:49:31 ----A---- C:\Windows\system32\authuitu.dll
2011-04-14 23:51:27 ----A---- C:\Windows\system32\atmfd.dll
2011-04-14 23:51:26 ----A---- C:\Windows\system32\atmlib.dll
2011-04-14 23:51:24 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-14 23:51:23 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-14 23:51:19 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-14 23:51:19 ----A---- C:\Windows\system32\mfc42.dll
2011-04-14 23:51:16 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-14 23:51:16 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-14 23:51:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-14 23:51:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-14 23:51:09 ----A---- C:\Windows\system32\win32k.sys
2011-04-14 23:51:04 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-14 10:53:33 ----D---- C:\Program Files\Yuna Software
2011-04-14 10:53:02 ----D---- C:\Program Files\QuickSFV
2011-04-14 10:52:43 ----RASH---- C:\MSDOS.SYS
2011-04-14 10:52:43 ----RASH---- C:\IO.SYS
2011-04-10 11:35:52 ----A---- C:\Windows\system32\wininet.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\urlmon.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\msrating.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\msls31.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-10 11:35:52 ----A---- C:\Windows\system32\iertutil.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-10 11:35:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-10 11:35:51 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\ieui.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-10 11:35:51 ----A---- C:\Windows\system32\ieframe.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\url.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iesetup.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iernonce.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-10 11:35:50 ----A---- C:\Windows\system32\icardie.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-10 11:35:50 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\wextract.exe
2011-04-10 11:35:49 ----A---- C:\Windows\system32\webcheck.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\inseng.dll
2011-04-10 11:35:49 ----A---- C:\Windows\system32\iexpress.exe
2011-04-10 11:35:48 ----A---- C:\Windows\system32\vbscript.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\occache.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\mshtml.dll
2011-04-10 11:35:48 ----A---- C:\Windows\system32\mshta.exe
2011-04-10 11:35:48 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-10 11:35:47 ----A---- C:\Windows\system32\jscript9.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\jscript.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\imgutil.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\iepeers.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\ieakui.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\advpack.dll
2011-04-10 11:35:47 ----A---- C:\Windows\system32\admparse.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-10 11:35:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-10 11:35:46 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-09 16:55:15 ----D---- C:\Program Files\QuickTime
2011-04-09 13:08:17 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-04-09 02:46:51 ----D---- C:\Windows\TEMP
2011-04-08 20:55:24 ----SHD---- C:\$RECYCLE.BIN
2011-04-08 19:21:22 ----D---- C:\Windows\ERDNT
2011-04-08 19:17:40 ----D---- C:\Qoobox
2011-04-08 17:06:56 ----D---- C:\Program Files\MozBackup
2011-04-08 10:17:38 ----A---- C:\Windows\system32\drivers\RapportKELL.sys
2011-04-07 22:04:10 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2011-04-30 14:43:19 ----D---- C:\Windows\Prefetch
2011-04-30 14:40:43 ----D---- C:\Windows\System32
2011-04-30 14:40:43 ----D---- C:\Windows\inf
2011-04-30 14:40:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-30 14:33:14 ----SHD---- C:\System Volume Information
2011-04-30 14:33:08 ----D---- C:\Program Files\Common Files\Akamai
2011-04-30 14:26:49 ----D---- C:\Windows
2011-04-30 14:26:32 ----D---- C:\ProgramData
2011-04-30 14:24:05 ----RD---- C:\Program Files
2011-04-30 13:27:52 ----D---- C:\Users\Myron\AppData\Roaming\DMCache
2011-04-30 00:33:38 ----A---- C:\Windows\avisplitter.INI
2011-04-29 13:01:49 ----D---- C:\Program Files\Mozilla Firefox
2011-04-28 22:36:43 ----SHD---- C:\Windows\Installer
2011-04-28 20:15:46 ----D---- C:\Windows\system32\drivers
2011-04-28 16:35:19 ----D---- C:\Users\Myron\AppData\Roaming\Skype
2011-04-28 16:13:07 ----D---- C:\Users\Myron\AppData\Roaming\skypePM
2011-04-28 03:04:59 ----D---- C:\Windows\system32\catroot
2011-04-28 03:04:44 ----D---- C:\Windows\winsxs
2011-04-28 03:04:43 ----D---- C:\Windows\AppPatch
2011-04-28 03:00:53 ----D---- C:\Windows\Debug
2011-04-27 23:58:59 ----D---- C:\Windows\system32\catroot2
2011-04-27 23:57:47 ----HD---- C:\Program Files\InstallShield Installation Information
2011-04-27 23:55:40 ----D---- C:\Program Files\PC Connectivity Solution
2011-04-27 23:46:41 ----D---- C:\Program Files\Common Files
2011-04-27 23:46:11 ----D---- C:\Program Files\Java
2011-04-27 18:57:30 ----D---- C:\Program Files\Electronic Arts
2011-04-25 13:34:05 ----RSD---- C:\Windows\assembly
2011-04-24 14:12:54 ----D---- C:\Program Files\Common Files\InstallShield
2011-04-23 23:13:57 ----A---- C:\Windows\Sandboxie.ini
2011-04-23 18:38:43 ----ASD---- C:\ProgramData\Microsoft
2011-04-23 18:38:43 ----AD---- C:\Program Files\Common Files\microsoft shared
2011-04-22 19:08:03 ----D---- C:\Program Files\ATI Technologies
2011-04-22 17:50:57 ----D---- C:\Program Files\Microsoft Silverlight
2011-04-22 12:17:11 ----RD---- C:\Program Files\Skype
2011-04-22 00:22:40 ----D---- C:\Program Files\s3pe
2011-04-22 00:09:29 ----D---- C:\ProgramData\Adobe
2011-04-22 00:08:41 ----SD---- C:\Users\Myron\AppData\Roaming\Microsoft
2011-04-22 00:08:41 ----D---- C:\Users\Myron\AppData\Roaming\Adobe
2011-04-19 20:49:12 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-04-19 19:36:01 ----D---- C:\Program Files\Launch Manager
2011-04-18 15:46:44 ----A---- C:\Windows\system32\mrt.exe
2011-04-17 21:02:40 ----D---- C:\Windows\Microsoft.NET
2011-04-15 16:21:42 ----D---- C:\Program Files\Windows Mail
2011-04-15 12:18:33 ----D---- C:\ProgramData\Microsoft Help
2011-04-15 11:57:24 ----D---- C:\Windows\system32\config
2011-04-15 11:57:24 ----D---- C:\Boot
2011-04-14 05:07:59 ----A---- C:\Windows\system32\deployJava1.dll
2011-04-10 18:50:25 ----D---- C:\Windows\rescache
2011-04-10 15:05:30 ----D---- C:\Program Files\Internet Explorer
2011-04-10 15:05:29 ----RD---- C:\Windows\Offline Web Pages
2011-04-10 15:05:29 ----D---- C:\Windows\system32\wbem
2011-04-10 15:05:29 ----D---- C:\Windows\system32\migration
2011-04-10 15:05:29 ----D---- C:\Windows\system32\en-US
2011-04-10 15:05:29 ----D---- C:\Windows\PolicyDefinitions
2011-04-10 15:05:25 ----SD---- C:\Windows\Downloaded Program Files
2011-04-09 13:11:30 ----D---- C:\Program Files\Common Files\Adobe
2011-04-09 13:11:20 ----D---- C:\Program Files\Adobe
2011-04-08 20:53:04 ----A---- C:\Windows\system.ini
2011-04-08 20:52:55 ----D---- C:\Windows\system32\drivers\etc
2011-04-06 01:01:37 ----D---- C:\Windows\en-US
2011-04-05 23:16:52 ----D---- C:\Users\Myron\AppData\Roaming\KeePass
2011-04-04 14:58:46 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF File System mini-filter; C:\Windows\system32\Drivers\AlfaFF.sys [2009-11-29 43184]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-05 18992]
R0 RapportKELL;RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [2011-04-08 53816]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-02 691696]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2009-05-21 90472]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110419.001\BHDrvx86.sys [2011-04-15 802936]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2011-03-08 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110429.002\IDSvix86.sys [2011-03-14 353912]
R1 RapportCerberus_25973;RapportCerberus_25973; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [2011-04-13 57144]
R1 RapportEI;RapportEI; \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-08 66360]
R1 RapportPG;RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-08 158904]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1205000.07D\SRTSPX.SYS [2010-11-23 50168]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2010-05-15 5632]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/03 13:27:34]; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-11 87536]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-08 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2009-08-05 48640]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-12-20 20952]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110429.037\NAVENG.SYS [2011-04-25 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110429.037\NAVEX15.SYS [2011-04-25 1393144]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2009-12-01 119296]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1205000.07D\SRTSP.SYS [2010-11-23 509560]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2011-03-07 126512]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-04 196784]
R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vfs101x;vfs101x; C:\Windows\system32\drivers\vfs101x.sys [2008-04-22 40752]
S3 a7qktfdu;a7qktfdu; C:\Windows\system32\drivers\a7qktfdu.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 30312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2011-03-08 20032]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-01-08 2554368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 132424]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-11-12 32768]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-09 176128]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-16 75048]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 IGBASVC;iGroupTec Service; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2009-11-29 3474432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-07 110592]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
R2 RapportMgmtService;Rapport Management Service; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-12-01 66560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-04-22 599344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-08 136176]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe []
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-08 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
S4 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S4 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-10-25 217088]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-11-11 820008]
S4 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

-----------------EOF-----------------


ESET didn't find anything and it didn't produce a log either...or at least nothing popped up!

In terms of performance there isn't any unusual behaviour aside from the encryption warning which is preventing me from using my card...but I'll go and check if it is still doing that and post it in my next reply. (:
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » April 30th, 2011, 11:53 am

Hi Powderhoney.
Lets reset FireFox then give me another update.

Reset FireFox:

  • Click on Start > All programs > Accessories > Run.
  • Enter the following command:
    firefox.exe -safe-mode
  • In the open window, select Reset all preferences to default Firefox.
  • Click on Make the changes and restart.
  • After FireFox restarts click on Check for Updates...
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Security.Hijack Itunes.exe?

Unread postby Powderhoney » April 30th, 2011, 3:18 pm

Ahh, thank you! :D It is no longer doing the not allowed URL! :D
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » May 1st, 2011, 4:53 am

Hi Powderhoney.
Ahh, thank you! :D It is no longer doing the not allowed URL! :D

Excellent :thumbleft:
If you are having no further problems you are good to go.
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Security.Hijack Itunes.exe?

Unread postby Powderhoney » May 1st, 2011, 6:18 am

Thank you for all the help. (: Yep, I have read it and the thread can now be closed. ^_^
Powderhoney
Regular Member
 
Posts: 34
Joined: November 9th, 2009, 8:06 pm

Re: Security.Hijack Itunes.exe?

Unread postby Cypher » May 1st, 2011, 6:25 am

Hi Powderhoney.
Thank you for all the help.

You're most welcome good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware