[SiN187]

First, Let me apologize ahead of time for my lack of knowledge concerning this forum. I'm really new here and was unsure where to post this or even what all you'd need to know in order to help me. So, please...just bear with me and help me through this. Recently, I began getting messages supposedly from my Windows Firewall saying that I have a virus. It's usually something different every time each time and there are about 5 different types that come up. One is listed below and I'll add more as they pop up.

Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger.aa

^^that's the first 2

I have AVG 8 and I've run it. It returned 3 results, all were removed. I'm currently running the scan again to see what the results will be this time around. Even after that first scan and removal, I've still gotten the Windows Firewall warnings.

Could someone please help me identify the problem and remove it. I seen a very similar problem when searching the site, I believe a person by the name of stamper helped that person.

Thanks,
Shane


And here's the logfile:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:31 AM, on 9/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\ShAdm\wlqzsvun.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Amber\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ShAdm] C:\ProgramData\ShAdm\wlqzsvun.exe
O4 - HKCU\..\Run: [60HniRQB9C] C:\ProgramData\mxylwdqj\wpqnaxuf.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9723 bytes

[fenzodahl512]

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Please post these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt


Regards
fenzodahl512

[SiN187]

1.

Malwarebytes' Anti-Malware 1.28
Database version: 1152
Windows 6.0.6001 Service Pack 1

9/15/2008 10:21:58 AM
mbam-log-2008-09-15 (10-21-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 121783
Time elapsed: 1 hour(s), 18 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Amber\AppData\Local\Temp\c.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[SiN187]

Logfile of random's system information tool 1.01 (written by random/random)
Run by Amber at 2008-09-15 09:57:18
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 33 GB (46%) free of 70 GB
Total RAM: 1013 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:57 AM, on 9/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\ShAdm\wlqzsvun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Amber\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Users\Amber\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amber.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ShAdm] C:\ProgramData\ShAdm\wlqzsvun.exe
O4 - HKCU\..\Run: [60HniRQB9C] C:\ProgramData\mxylwdqj\wpqnaxuf.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9801 bytes

Scheduled tasks folder

C:\Windows\tasks\User_Feed_Synchronization-{A453AADA-35B0-475F-A453-187F39CC1AAC}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-13 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-13 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-13 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2008-01-25 155648]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-04 768520]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"eRecoveryService"=C:\Windows\system32\
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-06 102400]
"Acer Product Registration"=C:\Program Files\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-18 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-18 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-18 141848]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-13 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"ShAdm"=C:\ProgramData\ShAdm\wlqzsvun.exe [2008-09-12 98304]
"60HniRQB9C"=C:\ProgramData\mxylwdqj\wpqnaxuf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox]
C:\Users\Amber\AppData\Local\Temp\3062.tmp.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-04-18 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a29a6f-fe13-11dc-80d3-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


List of files/folders created in the last three months

2008-09-15 09:57:18 ----D---- C:\rsit
2008-09-14 17:43:59 ----A---- C:\Windows\ntbtlog.txt
2008-09-14 17:04:56 ----D---- C:\Users\Amber\AppData\Roaming\Malwarebytes
2008-09-14 17:04:43 ----D---- C:\ProgramData\Malwarebytes
2008-09-14 17:04:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 13:10:42 ----D---- C:\SDFix
2008-09-14 05:12:26 ----D---- C:\Program Files\Trend Micro
2008-09-13 01:58:56 ----HD---- C:\$AVG8.VAULT$
2008-09-13 00:04:42 ----A---- C:\Windows\system32\avgrsstx.dll
2008-09-13 00:03:39 ----D---- C:\Program Files\AVG
2008-09-13 00:03:38 ----D---- C:\ProgramData\avg8
2008-09-12 08:42:18 ----D---- C:\ProgramData\mxylwdqj
2008-09-12 08:42:17 ----D---- C:\ProgramData\ShAdm
2008-09-09 20:27:49 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 20:27:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 16:46:48 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 16:46:44 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-09 16:46:42 ----A---- C:\Windows\system32\dataclen.dll
2008-09-09 16:46:42 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 16:15:28 ----D---- C:\Users\Amber\AppData\Roaming\MySpace
2008-09-09 16:15:03 ----D---- C:\Program Files\MySpace
2008-09-07 10:04:31 ----D---- C:\Program Files\Project64 1.6
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wups2.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wucltux.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wups.dll
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wudriver.dll
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wuapi.dll
2008-08-28 19:09:51 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-28 19:09:46 ----A---- C:\Windows\system32\wuapp.exe
2008-08-26 14:57:17 ----D---- C:\Users\Amber\AppData\Roaming\acccore
2008-08-26 14:01:16 ----D---- C:\ProgramData\Viewpoint
2008-08-26 14:01:12 ----D---- C:\Program Files\Viewpoint
2008-08-26 14:01:08 ----D---- C:\ProgramData\acccore
2008-08-26 14:00:37 ----D---- C:\ProgramData\AOL OCP
2008-08-26 14:00:37 ----D---- C:\ProgramData\AOL
2008-08-26 14:00:08 ----D---- C:\Program Files\Common Files\AOL
2008-08-26 13:59:49 ----D---- C:\Program Files\AIM6
2008-08-22 03:01:32 ----A---- C:\Windows\system32\msshooks.dll
2008-08-22 03:01:30 ----A---- C:\Windows\system32\msscb.dll
2008-08-22 03:01:22 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-22 03:01:21 ----A---- C:\Windows\system32\propdefs.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\msstrc.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\msshsq.dll
2008-08-22 03:01:20 ----A---- C:\Windows\system32\propsys.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-22 03:01:17 ----A---- C:\Windows\system32\wsepno.dll
2008-08-22 03:01:17 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-22 03:01:15 ----A---- C:\Windows\system32\offfilt.dll
2008-08-22 03:01:15 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-22 03:01:14 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-22 03:01:14 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-22 03:01:10 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-22 03:01:09 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-22 03:01:09 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-22 03:01:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-22 03:01:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-22 03:01:07 ----A---- C:\Windows\system32\tquery.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssvp.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssrch.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssph.dll
2008-08-14 03:04:42 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 14:58:16 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 14:58:10 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 14:58:09 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 14:58:09 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 14:58:08 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 14:58:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 14:00:24 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 13:57:38 ----A---- C:\Windows\system32\es.dll
2008-08-13 13:53:53 ----A---- C:\Windows\system32\inetcomm.dll
2008-07-25 11:43:20 ----A---- C:\Windows\PaltalkScene Uninstall Log.txt
2008-07-25 02:00:50 ----D---- C:\Users\Amber\AppData\Roaming\WinRAR
2008-07-11 14:38:59 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-11 14:38:53 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-11 14:38:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-09 05:19:09 ----A---- C:\Windows\system32\shell32.dll
2008-07-09 03:59:57 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-09 03:59:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-09 03:59:55 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-09 03:59:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-09 03:49:34 ----A---- C:\Windows\system32\vbscript.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\wshext.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\wscript.exe
2008-07-09 03:49:33 ----A---- C:\Windows\system32\scrrun.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\scrobj.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\jscript.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\cscript.exe
2008-07-08 00:38:10 ----AD---- C:\ProgramData\TEMP
2008-07-02 13:58:11 ----A---- C:\Windows\system32\DVDRProX.dll
2008-07-02 13:58:07 ----D---- C:\Program Files\Fujifilm e-Systems
2008-07-02 13:58:06 ----D---- C:\Users\Amber\AppData\Roaming\InstallShield Installation Information
2008-07-02 13:53:35 ----D---- C:\Users\Amber\AppData\Roaming\Digital Album Organizer
2008-07-02 13:51:42 ----D---- C:\Temp
2008-06-27 10:04:21 ----SHD---- C:\Users\Amber\AppData\Roaming\.#
2008-06-27 10:03:58 ----D---- C:\Users\Amber\AppData\Roaming\CyberLink
2008-06-26 01:29:04 ----D---- C:\Windows\Minidump
2008-06-24 20:00:31 ----D---- C:\Users\Amber\AppData\Roaming\Paltalk
2008-06-24 20:00:22 ----D---- C:\Windows\PaltalkScene
2008-06-24 20:00:22 ----D---- C:\Program Files\Paltalk Messenger
2008-06-24 20:00:01 ----A---- C:\Windows\PaltalkScene Setup Log.txt
2008-06-24 10:14:34 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-06-23 22:13:14 ----D---- C:\Program Files\EA GAMES
2008-06-23 22:13:12 ----RA---- C:\Windows\system32\vp6vfw.dll
2008-06-23 17:36:49 ----D---- C:\Users\Amber\AppData\Roaming\Yahoo!
2008-06-22 23:59:42 ----D---- C:\Program Files\PokerStars
2008-06-22 23:45:06 ----D---- C:\Users\Amber\AppData\Roaming\LimeWire
2008-06-22 23:44:35 ----A---- C:\Windows\system32\javaws.exe
2008-06-22 23:44:35 ----A---- C:\Windows\system32\javaw.exe
2008-06-22 23:44:34 ----A---- C:\Windows\system32\java.exe
2008-06-22 23:42:09 ----D---- C:\Program Files\Java
2008-06-22 23:40:15 ----D---- C:\Program Files\Common Files\Java
2008-06-22 23:36:41 ----D---- C:\Program Files\MSXML 4.0
2008-06-22 23:32:38 ----D---- C:\Program Files\MSN Messenger
2008-06-22 23:27:30 ----A---- C:\Windows\system32\gameux.dll
2008-06-22 23:25:36 ----A---- C:\Windows\system32\quartz.dll
2008-06-22 23:25:28 ----D---- C:\Program Files\LimeWire
2008-06-22 23:25:28 ----A---- C:\Windows\system32\kd1394.dll
2008-06-22 23:25:26 ----A---- C:\Windows\system32\winload.exe
2008-06-22 23:25:26 ----A---- C:\Windows\system32\ci.dll
2008-06-22 23:25:25 ----A---- C:\Windows\system32\winresume.exe
2008-06-22 23:25:12 ----A---- C:\Windows\system32\srcore.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\srclient.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\rstrui.exe
2008-06-22 23:25:10 ----A---- C:\Windows\system32\srdelayed.exe
2008-06-22 23:25:08 ----A---- C:\Windows\system32\kbd106n.dll
2008-06-22 23:24:26 ----A---- C:\Windows\system32\gdi32.dll
2008-06-22 23:17:04 ----D---- C:\Users\Amber\AppData\Roaming\Mozilla
2008-06-22 23:16:34 ----D---- C:\Program Files\Mozilla Firefox
2008-06-22 23:12:05 ----D---- C:\Users\Amber\AppData\Roaming\Adobe
2008-06-22 22:01:49 ----D---- C:\Users\Amber\AppData\Roaming\Leadertech
2008-06-22 22:01:47 ----D---- C:\Users\Amber\AppData\Roaming\Acer
2008-06-22 22:00:45 ----D---- C:\Users\Amber\AppData\Roaming\Identities
2008-06-22 21:59:46 ----D---- C:\Users\Amber\AppData\Roaming\Macromedia
2008-06-22 21:59:37 ----SD---- C:\Users\Amber\AppData\Roaming\Microsoft
2008-06-22 21:59:37 ----D---- C:\Users\Amber\AppData\Roaming\Acer GameZone Console

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-13 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-09-13 26824]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-09-13 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-04-18 2354176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-13 1749376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-06 192816]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

List of services

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2008-01-25 254059]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2008-01-25 114793]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2008-01-25 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

[SiN187]

info.txt logfile of random's system information tool 1.01 2008-09-15 09:58:18

Uninstall list

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Arcade-->C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe -uninstall
Acer Assist-->C:\Program Files\Acer\Acer Assist\uninstall.exe
Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Deluxe\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Security center information

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

[fenzodahl512]

Please uninstall Viewpoint Media Player from your computer..




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please download the OTMoveIt2 by OldTimer <<mirror>>.

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  [kill explorer]
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0}
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ShAdm
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\60HniRQB9C
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox
  HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a29a6f-fe13-11dc-80d3-806e6f6e6963}
  C:\Users\Amber\AppData\Local\Temp\*.tmp.exe
  C:\ProgramData\ShAdm
  C:\ProgramData\mxylwdqj
  C:\ProgramData\Viewpoint
  C:\Program Files\Viewpoint
  EmptyTemp
  purity
  [start explorer]

  
  
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR]>>

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.

Then, please download and install the latest Java from HERE




NEXT


Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
  
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.




Please post these logs in your next reply..

1. OTMoveIt2
2. Kaspersky Online Scanner

[SiN187]

1. OTMoveIt Log

Explorer killed successfully
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} >
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ .
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} >
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ .
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ShAdm >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ShAdm deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\60HniRQB9C >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\60HniRQB9C deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox >
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox\\ .
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a29a6f-fe13-11dc-80d3-806e6f6e6963} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78a29a6f-fe13-11dc-80d3-806e6f6e6963}\\ deleted successfully.
< C:\Users\Amber\AppData\Local\Temp\*.tmp.exe >
File/Folder C:\Users\Amber\AppData\Local\Temp\*.tmp.exe not found.
C:\ProgramData\ShAdm moved successfully.
C:\ProgramData\mxylwdqj moved successfully.
Folder move failed. C:\ProgramData\Viewpoint scheduled to be moved on reboot.
File/Folder C:\Program Files\Viewpoint not found.
< EmptyTemp >
File delete failed. C:\Users\Amber\AppData\Local\Temp\etilqs_IRvuIXdp0aWffOhi3C7M scheduled to be deleted on reboot.
File delete failed. C:\Users\Amber\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Amber\AppData\Local\Temp\~DF13CE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Amber\AppData\Local\Temp\hsperfdata_Amber\5540 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09152008_155556


I'll follow up the next post with the Kaspersky scan log

[SiN187]

my bad...i double-posted...i'll edit THIS post with the Kaspersky log

[fenzodahl512]

Ok.. waiting for you... don't edit the post please.. just post as a new one.. If not, I won't know when you're reply..

[SiN187]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 15, 2008
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 15, 2008 22:59:26
Records in database: 1237903
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 103731
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:35:27


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\09152008_155556\ProgramData\ShAdm\wlqzsvun.exe Infected: Trojan.Win32.Obfuscated.gx 1

The selected area was scanned.

[fenzodahl512]

Well.. That's look very good.. How is your computer now?.. Run RSIT again and post the log here for my final review

[SiN187]

i haven't had any pop ups thus far...here's the final log.

Logfile of random's system information tool 1.01 (written by random/random)
Run by Amber at 2008-09-16 16:29:37
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 31 GB (44%) free of 70 GB
Total RAM: 1013 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:10 PM, on 9/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Amber\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Amber\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amber.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{5669E2A1-DC26-41CF-8569-DE63F6BD7925}: NameServer = 64.91.3.60 64.91.3.46
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9245 bytes

Scheduled tasks folder

C:\Windows\tasks\User_Feed_Synchronization-{A453AADA-35B0-475F-A453-187F39CC1AAC}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-13 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03 312368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-13 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-13 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-11 5296128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 525360]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2008-01-25 155648]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-01-04 768520]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"eRecoveryService"=C:\Windows\system32\
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-06 102400]
"Acer Product Registration"=C:\Program Files\Acer\Acer Registration\ACE1.exe [2007-11-26 3387392]
"Acer Assist Launcher"=C:\Program Files\Acer\Acer Assist\launcher.exe [2007-11-19 1261568]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"SetPanel"=C:\Acer\APanel\APanel.cmd []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-18 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-18 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-18 141848]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-13 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-20 2153472]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox]
C:\Users\Amber\AppData\Local\Temp\3062.tmp.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\Amber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-04-18 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

List of files/folders created in the last three months

2008-09-16 02:58:27 ----D---- C:\Program Files\directx
2008-09-16 02:57:25 ----D---- C:\Program Files\Rockstar Games
2008-09-15 16:54:06 ----A---- C:\Windows\system32\javaws.exe
2008-09-15 16:54:06 ----A---- C:\Windows\system32\javaw.exe
2008-09-15 16:54:05 ----A---- C:\Windows\system32\java.exe
2008-09-15 15:55:56 ----D---- C:\_OTMoveIt
2008-09-15 09:57:18 ----D---- C:\rsit
2008-09-14 17:43:59 ----A---- C:\Windows\ntbtlog.txt
2008-09-14 17:04:56 ----D---- C:\Users\Amber\AppData\Roaming\Malwarebytes
2008-09-14 17:04:43 ----D---- C:\ProgramData\Malwarebytes
2008-09-14 17:04:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 13:10:42 ----D---- C:\SDFix
2008-09-14 05:12:26 ----D---- C:\Program Files\Trend Micro
2008-09-13 01:58:56 ----HD---- C:\$AVG8.VAULT$
2008-09-13 00:04:42 ----A---- C:\Windows\system32\avgrsstx.dll
2008-09-13 00:03:39 ----D---- C:\Program Files\AVG
2008-09-13 00:03:38 ----D---- C:\ProgramData\avg8
2008-09-09 20:27:49 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 20:27:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 16:46:48 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 16:46:44 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-09 16:46:42 ----A---- C:\Windows\system32\dataclen.dll
2008-09-09 16:46:42 ----A---- C:\Windows\system32\cdd.dll
2008-09-09 16:15:28 ----D---- C:\Users\Amber\AppData\Roaming\MySpace
2008-09-09 16:15:03 ----D---- C:\Program Files\MySpace
2008-09-07 10:04:31 ----D---- C:\Program Files\Project64 1.6
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wups2.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wucltux.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-28 19:10:36 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wups.dll
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wudriver.dll
2008-08-28 19:10:09 ----A---- C:\Windows\system32\wuapi.dll
2008-08-28 19:09:51 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-28 19:09:46 ----A---- C:\Windows\system32\wuapp.exe
2008-08-26 14:57:17 ----D---- C:\Users\Amber\AppData\Roaming\acccore
2008-08-26 14:01:16 ----D---- C:\ProgramData\Viewpoint
2008-08-26 14:01:08 ----D---- C:\ProgramData\acccore
2008-08-26 14:00:37 ----D---- C:\ProgramData\AOL OCP
2008-08-26 14:00:37 ----D---- C:\ProgramData\AOL
2008-08-26 14:00:08 ----D---- C:\Program Files\Common Files\AOL
2008-08-26 13:59:49 ----D---- C:\Program Files\AIM6
2008-08-22 03:01:32 ----A---- C:\Windows\system32\msshooks.dll
2008-08-22 03:01:30 ----A---- C:\Windows\system32\msscb.dll
2008-08-22 03:01:22 ----A---- C:\Windows\system32\mssitlb.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-08-22 03:01:21 ----A---- C:\Windows\system32\propdefs.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\msstrc.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\mssprxy.dll
2008-08-22 03:01:21 ----A---- C:\Windows\system32\msshsq.dll
2008-08-22 03:01:20 ----A---- C:\Windows\system32\propsys.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\thawbrkr.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\srchadmin.dll
2008-08-22 03:01:19 ----A---- C:\Windows\system32\korwbrkr.dll
2008-08-22 03:01:17 ----A---- C:\Windows\system32\wsepno.dll
2008-08-22 03:01:17 ----A---- C:\Windows\system32\rtffilt.dll
2008-08-22 03:01:15 ----A---- C:\Windows\system32\offfilt.dll
2008-08-22 03:01:15 ----A---- C:\Windows\system32\mimefilt.dll
2008-08-22 03:01:14 ----A---- C:\Windows\system32\xmlfilter.dll
2008-08-22 03:01:14 ----A---- C:\Windows\system32\nlhtml.dll
2008-08-22 03:01:10 ----A---- C:\Windows\system32\msscntrs.dll
2008-08-22 03:01:09 ----A---- C:\Windows\system32\chtbrkr.dll
2008-08-22 03:01:09 ----A---- C:\Windows\system32\chsbrkr.dll
2008-08-22 03:01:08 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-08-22 03:01:08 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-08-22 03:01:07 ----A---- C:\Windows\system32\tquery.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssvp.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssrch.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssphtb.dll
2008-08-22 03:01:07 ----A---- C:\Windows\system32\mssph.dll
2008-08-14 03:04:42 ----A---- C:\Windows\system32\tzres.dll
2008-08-13 14:58:16 ----A---- C:\Windows\system32\mshtml.dll
2008-08-13 14:58:10 ----A---- C:\Windows\system32\ieframe.dll
2008-08-13 14:58:09 ----A---- C:\Windows\system32\wininet.dll
2008-08-13 14:58:09 ----A---- C:\Windows\system32\urlmon.dll
2008-08-13 14:58:08 ----A---- C:\Windows\system32\mstime.dll
2008-08-13 14:58:06 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-13 14:00:24 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-13 13:57:38 ----A---- C:\Windows\system32\es.dll
2008-08-13 13:53:53 ----A---- C:\Windows\system32\inetcomm.dll
2008-07-25 11:43:20 ----A---- C:\Windows\PaltalkScene Uninstall Log.txt
2008-07-25 02:00:50 ----D---- C:\Users\Amber\AppData\Roaming\WinRAR
2008-07-11 14:38:59 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-11 14:38:53 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-11 14:38:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-09 05:19:09 ----A---- C:\Windows\system32\shell32.dll
2008-07-09 03:59:57 ----A---- C:\Windows\system32\rpcrt4.dll
2008-07-09 03:59:56 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-07-09 03:59:55 ----A---- C:\Windows\system32\pacerprf.dll
2008-07-09 03:59:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-07-09 03:49:34 ----A---- C:\Windows\system32\vbscript.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\wshext.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\wscript.exe
2008-07-09 03:49:33 ----A---- C:\Windows\system32\scrrun.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\scrobj.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\jscript.dll
2008-07-09 03:49:33 ----A---- C:\Windows\system32\cscript.exe
2008-07-08 00:38:10 ----AD---- C:\ProgramData\TEMP
2008-07-02 13:58:11 ----A---- C:\Windows\system32\DVDRProX.dll
2008-07-02 13:58:06 ----D---- C:\Users\Amber\AppData\Roaming\InstallShield Installation Information
2008-07-02 13:53:35 ----D---- C:\Users\Amber\AppData\Roaming\Digital Album Organizer
2008-07-02 13:51:42 ----D---- C:\Temp
2008-06-27 10:04:21 ----SHD---- C:\Users\Amber\AppData\Roaming\.#
2008-06-27 10:03:58 ----D---- C:\Users\Amber\AppData\Roaming\CyberLink
2008-06-26 01:29:04 ----D---- C:\Windows\Minidump
2008-06-24 20:00:31 ----D---- C:\Users\Amber\AppData\Roaming\Paltalk
2008-06-24 20:00:22 ----D---- C:\Windows\PaltalkScene
2008-06-24 20:00:22 ----D---- C:\Program Files\Paltalk Messenger
2008-06-24 20:00:01 ----A---- C:\Windows\PaltalkScene Setup Log.txt
2008-06-24 10:14:34 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-06-23 22:13:14 ----D---- C:\Program Files\EA GAMES
2008-06-23 22:13:12 ----RA---- C:\Windows\system32\vp6vfw.dll
2008-06-23 17:36:49 ----D---- C:\Users\Amber\AppData\Roaming\Yahoo!
2008-06-22 23:59:42 ----D---- C:\Program Files\PokerStars
2008-06-22 23:45:06 ----D---- C:\Users\Amber\AppData\Roaming\LimeWire
2008-06-22 23:42:09 ----D---- C:\Program Files\Java
2008-06-22 23:40:15 ----D---- C:\Program Files\Common Files\Java
2008-06-22 23:36:41 ----D---- C:\Program Files\MSXML 4.0
2008-06-22 23:32:38 ----D---- C:\Program Files\MSN Messenger
2008-06-22 23:27:30 ----A---- C:\Windows\system32\gameux.dll
2008-06-22 23:25:36 ----A---- C:\Windows\system32\quartz.dll
2008-06-22 23:25:28 ----D---- C:\Program Files\LimeWire
2008-06-22 23:25:28 ----A---- C:\Windows\system32\kd1394.dll
2008-06-22 23:25:26 ----A---- C:\Windows\system32\winload.exe
2008-06-22 23:25:26 ----A---- C:\Windows\system32\ci.dll
2008-06-22 23:25:25 ----A---- C:\Windows\system32\winresume.exe
2008-06-22 23:25:12 ----A---- C:\Windows\system32\srcore.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\srclient.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-06-22 23:25:11 ----A---- C:\Windows\system32\rstrui.exe
2008-06-22 23:25:10 ----A---- C:\Windows\system32\srdelayed.exe
2008-06-22 23:25:08 ----A---- C:\Windows\system32\kbd106n.dll
2008-06-22 23:24:26 ----A---- C:\Windows\system32\gdi32.dll
2008-06-22 23:17:04 ----D---- C:\Users\Amber\AppData\Roaming\Mozilla
2008-06-22 23:16:34 ----D---- C:\Program Files\Mozilla Firefox
2008-06-22 23:12:05 ----D---- C:\Users\Amber\AppData\Roaming\Adobe
2008-06-22 22:01:49 ----D---- C:\Users\Amber\AppData\Roaming\Leadertech
2008-06-22 22:01:47 ----D---- C:\Users\Amber\AppData\Roaming\Acer
2008-06-22 22:00:45 ----D---- C:\Users\Amber\AppData\Roaming\Identities
2008-06-22 21:59:46 ----D---- C:\Users\Amber\AppData\Roaming\Macromedia
2008-06-22 21:59:37 ----SD---- C:\Users\Amber\AppData\Roaming\Microsoft
2008-06-22 21:59:37 ----D---- C:\Users\Amber\AppData\Roaming\Acer GameZone Console

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-13 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-09-13 26824]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-01-03 16432]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-01-03 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-09-13 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-04-18 2354176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-11 2077080]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-13 1749376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-06 192816]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

List of services

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-13 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2008-01-25 254059]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2008-01-25 114793]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2008-01-25 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 497712]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-12-20 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-20 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

[fenzodahl512]

Important! Please reboot into Safe Mode


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  

  [kill explorer]
  C:\Users\Amber\AppData\Local\Temp\3062.tmp.exe
  HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0}
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
  EmptyTemp
  purity
  [start explorer]

  
  
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Post me OTMoveIt2 log in your next reply..

[SiN187]

Explorer killed successfully
File/Folder C:\Users\Amber\AppData\Local\Temp\3062.tmp.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Somefox\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09172008_184715

[fenzodahl512]

Looks good.. How is your computer now?


Post me a fresh HijackThis log for my final review..