svchost virus!

Unknown · January 2009

I recently acquired a virus which views this error at startup:

after a while, it will cause the blue screen error to pop up and my computer has to reboot. Windows Security becomes disabled and I used Norton Security to remove a backdoor virus, but the problem is not resolved. OKAY, now norton keeps asking for a restart in order to remove the virus, and everytime i reboot it still asks for a reboot at startup. I am also getting an automatic updates problem that continues to pop up after it is resolved, stating that "Windows Automatic Update is set to download updates but not install them etc..." I realized that I had two antispyware running, so I deleted both of them and got AVG instead. It found the trojan horse downloader.zlob and a runtime packed yoda. Please help me solve this problem! Thank you in advance this virus is a killer.

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:46 AM, on 1/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Users\Elaine\AppData\Roaming\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Users\Elaine\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Elaine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elaine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [*svchostBoot] C:\Users\Elaine\AppData\Roaming\svchost.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10794 bytes

Katana · January 2009

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

visionaryjunky · January 2009

Combofix at first encountered some problems. It said to note some rootkit activity:

C:\Windows\System32\drivers\TDSSmcmc.sys
C:\Windows\System32\drivers\senekapeajuerx.sys
C:\Windows\System32\senekaxuomcbif.dll
C:\Windows\System32\senekafpnncxuo.dat
C:\Windows\System32\senekaqiwhtjis.dll
C:\Windows\System32senekapddbwxiy.dat
C:\Windows\System32\TDSSogue.dll

Then there is some catchfme.exe error, and computer restarts. Upon restart, when preparing log the blue screen comes up and computer crashes.

Anyway, I tried combofix again and was able to get these results:

ComboFix 09-01-21.02 - Elaine 2009-01-21 23:19:34.2 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.1526.508 [GMT -8:00]
Running from: c:\users\Elaine\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\senekabirvmrpw.sys
c:\windows\system32\senekakjhknvve.dat
c:\windows\system32\senekarmqlpcbp.dll
c:\windows\system32\senekaswceiyqo.dat
c:\windows\system32\senekawndmteqc.dll
.
---- Previous Run

.
c:\users\Elaine\AppData\Roaming\inst.exe
c:\windows\system32\drivers\senekapeajuerx.sys
c:\windows\system32\drivers\TDSSmcmc.sys
c:\windows\system32\senekafpnncxuo.dat
c:\windows\system32\senekapddbwxiy.dat
c:\windows\system32\senekaqiwntjis.dll
c:\windows\system32\senekaxuomcbif.dll
c:\windows\system32\TDSSogue.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

\Service_TDSSSERV.SYS

\Service_SENEKA

\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-12-22 to 2009-01-22 )))))))))))))))))))))))))))))))
.

2009-01-21 23:23 . 2009-01-21 23:23 1,416 --a

c:\windows\System32\senekasqtydjum.dat
2009-01-21 23:22 . 2009-01-21 23:22 0 --a

c:\windows\System32\drivers\seneka.sys
2009-01-21 23:06 . 2009-01-21 23:07 216,422,193 --a

c:\windows\MEMORY.DMP
2009-01-21 22:54 . 2009-01-21 23:22 0 --a

c:\windows\System32\senekapop.dll
2009-01-21 22:54 . 2009-01-21 22:54 0 --a

c:\windows\System32\drivers\senekaxobfntyb.sys
2009-01-21 12:46 . 2009-01-21 12:46 <DIR> d

c:\program files\CCleaner
2009-01-21 12:42 . 2009-01-21 12:42 <DIR> d

c:\users\Elaine\AppData\Roaming\Malwarebytes
2009-01-21 12:42 . 2009-01-21 12:42 <DIR> d

c:\users\All Users\Malwarebytes
2009-01-21 12:42 . 2009-01-21 12:42 <DIR> d

c:\programdata\Malwarebytes
2009-01-21 12:42 . 2009-01-21 12:42 <DIR> d

c:\program files\Malwarebytes' Anti-Malware
2009-01-21 12:42 . 2009-01-14 16:11 38,496 --a

c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-21 12:42 . 2009-01-14 16:11 15,504 --a

c:\windows\System32\drivers\mbam.sys
2009-01-21 12:26 . 2009-01-21 12:26 43,008 --a

c:\windows\System32\chert10-303361.exe
2009-01-21 12:26 . 2009-01-21 12:26 43,008 --a

c:\windows\Osoriqu.dll
2009-01-21 01:16 . 2009-01-21 17:28 <DIR> d--h

C:\$AVG8.VAULT$
2009-01-21 00:13 . 2009-01-21 17:02 <DIR> d

c:\windows\System32\drivers\Avg
2009-01-21 00:13 . 2009-01-21 00:13 325,128 --a

c:\windows\System32\drivers\avgldx86.sys
2009-01-21 00:13 . 2009-01-21 00:13 107,272 --a

c:\windows\System32\drivers\avgtdix.sys
2009-01-21 00:13 . 2009-01-21 00:13 12,552 --a

c:\windows\System32\drivers\avgrkx86.sys
2009-01-21 00:13 . 2009-01-21 00:13 10,520 --a

c:\windows\System32\avgrsstx.dll
2009-01-21 00:12 . 2009-01-21 13:23 <DIR> d

c:\users\All Users\avg8
2009-01-21 00:12 . 2009-01-21 13:23 <DIR> d

c:\programdata\avg8
2009-01-21 00:12 . 2009-01-21 00:12 <DIR> d

c:\program files\AVG
2009-01-20 23:46 . 2009-01-20 23:46 46,640 --a

c:\windows\System32\msln.exe
2009-01-20 21:58 . 2009-01-20 22:35 <DIR> d

c:\users\All Users\NOS
2009-01-20 21:58 . 2009-01-20 22:35 <DIR> d

c:\programdata\NOS
2009-01-20 21:58 . 2009-01-20 22:35 <DIR> d

c:\program files\NOS
2009-01-20 20:38 . 2009-01-20 20:38 0 --a

c:\windows\Kruptos.INI
2009-01-20 19:58 . 2009-01-20 19:58 <DIR> d

c:\program files\Trend Micro
2009-01-20 17:57 . 2009-01-21 17:03 59 --a

c:\windows\System32\senekapddbwxiy.dat
2009-01-20 17:52 . 2009-01-20 17:52 108,336 --a

c:\windows\System32\mswinsck.ocx
2009-01-20 17:52 . 2009-01-20 17:52 52,224 --a

c:\windows\System32\drivers\senekapeajuerx.sys
2009-01-20 17:52 . 2009-01-21 22:49 34,816 --a

c:\windows\System32\senekaxuomcbif.dll
2009-01-20 17:52 . 2009-01-21 22:50 22,452 --a

c:\windows\System32\senekafpnncxuo.dat
2009-01-20 17:52 . 2009-01-20 17:52 14,848 --a

c:\windows\System32\senekaqiwntjis.dll
2009-01-20 17:51 . 2009-01-20 17:51 <DIR> d

c:\users\Elaine\AppData\Roaming\_0b7e1a89eefe4b962b2872d709e76aa0
2009-01-20 17:51 . 2009-01-20 17:51 33 --a

c:\users\Elaine\AppData\Roaming\__t.bin
2009-01-20 17:49 . 2009-01-20 17:49 47,360 --a

c:\windows\System32\drivers\pcouffin.sys
2009-01-20 17:49 . 2009-01-20 18:09 47,360 --a

c:\users\Elaine\AppData\Roaming\pcouffin.sys
2009-01-20 17:46 . 2009-01-20 18:09 <DIR> d

c:\users\Elaine\AppData\Roaming\Vso
2009-01-14 15:03 . 2008-12-15 18:42 288,768 --a

c:\windows\System32\drivers\srv.sys
2009-01-12 19:41 . 2009-01-12 19:41 58,760 --a

C:\symlcsv1.exe
2009-01-09 11:12 . 2009-01-09 11:12 <DIR> d

c:\program files\Xvid
2009-01-09 11:12 . 2008-04-27 10:33 765,952 --a

c:\windows\System32\xvidcore.dll
2009-01-09 11:12 . 2008-04-27 10:35 180,224 --a

c:\windows\System32\xvidvfw.dll
2009-01-09 11:12 . 2007-06-28 18:55 77,824 --a

c:\windows\System32\xvid.ax
2009-01-08 18:14 . 2009-01-08 18:14 854,275 --a

c:\windows\usrinis.exe
2009-01-08 16:36 . 2009-01-20 19:04 <DIR> d

c:\users\Elaine\AppData\Roaming\uTorrent
2009-01-07 13:32 . 2009-01-07 13:32 <DIR> d

c:\program files\Kruptos
2009-01-07 13:14 . 2009-01-07 13:15 <DIR> d

c:\program files\CDSHiELD SE
2009-01-05 19:53 . 2009-01-05 19:53 <DIR> d

c:\users\All Users\Seagate
2009-01-05 19:53 . 2009-01-05 19:53 <DIR> d

c:\programdata\Seagate
2009-01-05 19:53 . 2009-01-05 19:53 <DIR> d

c:\program files\Seagate
2009-01-05 19:45 . 2009-01-05 19:45 <DIR> d--hs---- c:\windows\ftpcache
2009-01-05 19:45 . 2009-01-05 20:00 <DIR> d

c:\windows\Downloaded Installations
2009-01-05 12:17 . 2009-01-05 12:17 <DIR> d

c:\program files\Common Files\TI Shared
2009-01-05 12:17 . 2004-02-04 11:27 49,536 --a

c:\windows\System32\drivers\tiehdusb.sys
2009-01-05 12:17 . 2003-11-14 15:53 11,520 --a

c:\windows\System32\drivers\wdmstub.sys
2009-01-05 12:15 . 2007-06-08 13:15 194,362 --a

c:\windows\System32\drivers\windrvr6.sys
2009-01-05 12:15 . 2007-06-08 13:15 102,400 --a

c:\windows\System32\wdapi811.dll
2009-01-05 12:15 . 2007-01-10 13:23 17,424 --a

c:\windows\System32\drivers\ezusb.sys
2009-01-05 12:14 . 2009-01-05 12:14 <DIR> d

c:\program files\Common Files\Vernier Software
2009-01-05 12:13 . 2009-01-05 12:13 <DIR> d

c:\program files\Vernier Software
2009-01-04 23:06 . 2009-01-04 23:06 <DIR> d

C:\MERRIAM
2009-01-02 16:00 . 2009-01-02 16:00 <DIR> d

c:\program files\Wavefunction
2009-01-02 14:36 . 2009-01-02 14:57 <DIR> d

c:\users\All Users\PrevxCSI
2009-01-02 14:36 . 2009-01-02 14:57 <DIR> d

c:\programdata\PrevxCSI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 07:18 34,816 ----a-w c:\windows\System32\senekarmqlpcbp.dll
2009-01-22 06:57 14,848 ----a-w c:\windows\System32\senekawndmteqc.dll
2009-01-21 09:08

d

w c:\users\Elaine\AppData\Roaming\OpenOffice.org2
2009-01-21 08:21

d

w c:\program files\Common Files\Symantec Shared
2009-01-21 08:18

d

w c:\programdata\Symantec
2009-01-21 08:18

d

w c:\program files\Symantec
2009-01-21 06:18

d

w c:\program files\Java
2009-01-21 03:04

d

w c:\program files\Common Files\Adobe
2009-01-15 09:14

d

w c:\program files\Windows Mail
2009-01-09 19:13

d

w c:\program files\Google
2009-01-06 05:11

d

w c:\users\Elaine\AppData\Roaming\LimeWire
2009-01-06 04:05

d--h--w c:\program files\InstallShield Installation Information
2009-01-03 06:43

d

w c:\program files\Common Files\logishrd
2008-12-21 08:08 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-14 04:51

d

w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-14 04:51

d

w c:\program files\iTunes
2008-12-14 04:51

d

w c:\program files\iPod
2008-12-14 04:51

d

w c:\program files\Common Files\Apple
2008-12-14 04:48

d

w c:\program files\QuickTime
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-07-25 20:22 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-25 20:22 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-04 04:38 174 --sha-w c:\program files\desktop.ini
2008-03-25 04:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-25 04:56 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-25 04:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-21_23.02.10.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-22 06:57:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-22 07:24:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-22 06:57:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-22 07:24:35 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-22 06:59:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 07:27:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 07:27:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-22 06:59:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-22 07:27:16 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-22 06:55:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-22 07:23:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-22 06:55:23 180,224 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-22 07:23:30 180,224 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-22 06:55:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-22 07:23:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-22 06:56:44 96,748 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-22 07:23:47 101,350 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-22 06:56:44 582,484 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-22 07:23:47 595,684 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-22 06:52:39 19,212 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4092847571-1172400303-2675678492-1000_UserData.bin
+ 2009-01-22 07:20:35 19,682 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4092847571-1172400303-2675678492-1000_UserData.bin
- 2009-01-22 06:52:39 69,654 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 07:20:35 69,750 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-22 06:52:36 74,018 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 07:20:31 74,616 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-31 68856]
"Google Update"="c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-11 846344]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-21 1601304]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"eRecoveryService"="" [BU]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
c:\acer\AcerTour\Reminder.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a

2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a

2008-09-03 19:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a

2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a

2007-05-17 09:52 505368 c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a

2007-05-17 09:53 780312 c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4CA169D-2031-4108-8A11-8C3288C15E80}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A78C065A-860F-495D-A4F9-E786B3EDE379}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AF8C27C1-75C6-43E8-A01D-65A2973EC44E}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{4AED0C83-7D3E-4AEA-9A96-A05497794497}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{F0F70883-2FCC-40F1-97D8-3FF50F00EC7D}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{422EFDA0-BBF1-444A-B6A7-D9DBA3B9CAA0}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{9C8388DB-7545-4A65-99EE-3646A2DA26C9}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{5B34B338-D46F-4AB1-A386-9F293CD64F48}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2AAC7A3E-FB1A-47A0-AC5E-D0471AF3CE6A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{8D47BFD7-9821-41B2-9CAA-EB368118DE27}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{F0612543-1FC5-44E5-B0CF-2E2627002822}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A23C3E21-06B6-472A-941B-A911D1B54736}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{17DA4ADF-0B4C-41B9-9C1B-19ADC54B34EA}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{94B32423-545A-417E-B15E-6FE15401EEAB}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{F44FC174-6351-4A37-8632-A9E411544AA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{51827674-3953-4A3B-9F03-5960C00EE5EF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D405EEF1-9243-4B27-BC19-41FB418A5EE1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9193B8E2-29FC-4419-AC14-68FD89A36C59}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{4A578210-30E2-48FF-B485-78D464C3517B}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{440E2857-7500-46A5-BCEF-77A35AB7CF44}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{492C23AC-E2DD-4FFC-A1F7-7577751EAB16}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EAA04F5A-AC0D-4E9C-934E-201DFD6A82BB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DEA666FD-E79D-4AF2-AEA5-3A19CB4D4A45}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D14C5760-5930-4F7E-A2F7-D7AB32172C99}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E786A747-B149-42D6-8128-1AD1F4775AE1}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{DEE025FD-E60A-49D4-AB02-4E4FBB7471B1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E5E016DC-B80B-445A-B0AB-4432B4B08547}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{275ED80A-7F93-441C-8E55-CFF1647D4B24}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{CDF5E0BF-2A77-4F00-B805-620671C0C653}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C1AA3C40-B523-4746-A043-C1D3E00B59AF}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{33EE0FE8-31A5-4790-BF3B-AC05A2BCFE1A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-01-21 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-21 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-21 107272]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-21 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-21 298264]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-25 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
S4 EraserSvc10824;Symantec Eraser Service;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7937f8e6-b3a3-11dc-a3a9-0016d3e5fc69}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4092847571-1172400303-2675678492-1000.job
- c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 00:45]
.
.

Supplementary Scan

.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 23:27:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'Explorer.exe'(13928)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.

Other Running Processes

.
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\acer\Mobility Center\MobilityService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\users\Elaine\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
indows\System32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-01-21 23:31:17 - machine was rebooted [Elaine]
ComboFix-quarantined-files.txt 2009-01-22 07:31:03

Pre-Run: 7,895,740,416 bytes free
Post-Run: 7,744,614,400 bytes free

361 --- E O F --- 2009-01-20 03:12:35

Katana · January 2009

That's looking a bit better

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

visionaryjunky · January 2009

Thanks for the quick response!

MALLOG.TXT

Malwarebytes' Anti-Malware 1.33
Database version: 1682
Windows 6.0.6001 Service Pack 1

1/23/2009 3:39:33 AM
mbam-log-2009-01-23 (03-39-33).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 118824
Time elapsed: 3 hour(s), 36 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Music\music beat producer\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekaqiwntjis.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekaxuomcbif.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekapeajuerx.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\senekaxobfntyb.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\senekapop.dll (Trojan.Agent) -> Quarantined and deleted successfully.

LOG.TXT
[/U]
Logfile of random's system information tool 1.05 (written by random/random)
Run by Elaine at 2009-01-23 11:36:30
MicrosoftÂ® Windows Vistaâ„¢ Home Basic Service Pack 1
System drive C: has 8 GB (25%) free of 33 GB
Total RAM: 1526 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:50 AM, on 1/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Elaine\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Elaine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elaine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Elaine\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Elaine\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Elaine.exe
C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: Symantec Eraser Service (EraserSvc10824) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10197 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4092847571-1172400303-2675678492-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-21 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-09 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-09 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-09 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-09 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-09 865840]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eRecoveryService"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-11 846344]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-21 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-21 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-31 68856]
"Google Update"=C:\Users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-21 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-05-17 505368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-05-17 780312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="G"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7937f8e6-b3a3-11dc-a3a9-0016d3e5fc69}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Info.exe protect.ed 480 480

======List of files/folders created in the last 1 months======

2009-01-23 11:36:30 ----D---- C:\rsit
2009-01-21 23:31:19 ----A---- C:\ComboFix.txt
2009-01-21 22:55:44 ----A---- C:\Windows\PSEXESVC.EXE
2009-01-21 22:55:37 ----D---- C:\Windows\temp
2009-01-21 22:45:22 ----A---- C:\Windows\zip.exe
2009-01-21 22:45:22 ----A---- C:\Windows\VFIND.exe
2009-01-21 22:45:22 ----A---- C:\Windows\SWXCACLS.exe
2009-01-21 22:45:22 ----A---- C:\Windows\SWSC.exe
2009-01-21 22:45:22 ----A---- C:\Windows\SWREG.exe
2009-01-21 22:45:22 ----A---- C:\Windows\sed.exe
2009-01-21 22:45:22 ----A---- C:\Windows\NIRCMD.exe
2009-01-21 22:45:22 ----A---- C:\Windows\grep.exe
2009-01-21 22:45:22 ----A---- C:\Windows\fdsv.exe
2009-01-21 22:45:09 ----D---- C:\Windows\ERDNT
2009-01-21 22:45:09 ----D---- C:\Qoobox
2009-01-21 12:46:31 ----D---- C:\Program Files\CCleaner
2009-01-21 12:42:34 ----D---- C:\Users\Elaine\AppData\Roaming\Malwarebytes
2009-01-21 12:42:24 ----D---- C:\ProgramData\Malwarebytes
2009-01-21 12:42:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-21 12:26:59 ----A---- C:\Windows\Osoriqu.dll
2009-01-21 12:26:58 ----A---- C:\Windows\system32\chert10-303361.exe
2009-01-21 01:16:53 ----HD---- C:\$AVG8.VAULT$
2009-01-21 00:13:52 ----A---- C:\Windows\system32\avgrsstx.dll
2009-01-21 00:12:29 ----D---- C:\Program Files\AVG
2009-01-21 00:12:26 ----D---- C:\ProgramData\avg8
2009-01-21 00:09:39 ----SHD---- C:\Config.Msi
2009-01-20 23:46:07 ----A---- C:\Windows\system32\msln.exe
2009-01-20 21:58:17 ----D---- C:\ProgramData\NOS
2009-01-20 21:58:17 ----D---- C:\Program Files\NOS
2009-01-20 20:38:36 ----A---- C:\Windows\Kruptos.INI
2009-01-20 19:58:47 ----D---- C:\Program Files\Trend Micro
2009-01-20 18:00:51 ----D---- C:\Windows\Minidump
2009-01-20 17:51:19 ----D---- C:\Users\Elaine\AppData\Roaming\_0b7e1a89eefe4b962b2872d709e76aa0
2009-01-20 17:46:34 ----D---- C:\Users\Elaine\AppData\Roaming\Vso
2009-01-12 19:41:29 ----A---- C:\symlcsv1.exe
2009-01-09 11:12:20 ----A---- C:\Windows\system32\xvidcore.dll
2009-01-09 11:12:19 ----D---- C:\Program Files\Xvid
2009-01-09 11:12:19 ----A---- C:\Windows\system32\xvidvfw.dll
2009-01-08 18:14:28 ----A---- C:\Windows\usrinis.exe
2009-01-08 16:36:57 ----D---- C:\Users\Elaine\AppData\Roaming\uTorrent
2009-01-07 13:32:43 ----D---- C:\Program Files\Kruptos
2009-01-07 13:14:43 ----D---- C:\Program Files\CDSHiELD SE
2009-01-05 19:53:02 ----D---- C:\ProgramData\Seagate
2009-01-05 19:53:02 ----D---- C:\Program Files\Seagate
2009-01-05 19:45:59 ----D---- C:\Windows\Downloaded Installations
2009-01-05 19:45:52 ----SHD---- C:\Windows\ftpcache
2009-01-05 12:17:16 ----D---- C:\Program Files\Common Files\TI Shared
2009-01-05 12:15:01 ----A---- C:\Windows\system32\wdapi811.dll
2009-01-05 12:14:29 ----D---- C:\Program Files\Common Files\Vernier Software
2009-01-05 12:13:18 ----D---- C:\Program Files\Vernier Software
2009-01-04 23:06:50 ----D---- C:\MERRIAM
2009-01-02 16:00:05 ----D---- C:\Program Files\Wavefunction
2009-01-02 14:36:40 ----D---- C:\ProgramData\PrevxCSI

======List of files/folders modified in the last 1 months======

2009-01-23 11:33:08 ----AD---- C:\Windows\System32
2009-01-23 11:33:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-23 11:33:07 ----D---- C:\Windows\inf
2009-01-23 11:28:20 ----AD---- C:\Windows\system32\drivers
2009-01-22 15:42:31 ----SHD---- C:\System Volume Information
2009-01-22 13:52:37 ----D---- C:\Users\Elaine\AppData\Roaming\OpenOffice.org2
2009-01-22 13:49:52 ----AD---- C:\Windows
2009-01-21 23:31:22 ----D---- C:\Windows\system32\en-US
2009-01-21 23:27:29 ----A---- C:\Windows\system.ini
2009-01-21 23:22:05 ----D---- C:\Program Files\Common Files
2009-01-21 23:22:04 ----D---- C:\Windows\AppPatch
2009-01-21 22:56:12 ----SHD---- C:\Boot
2009-01-21 22:56:12 ----D---- C:\Windows\system32\config
2009-01-21 13:29:19 ----D---- C:\Windows\Debug
2009-01-21 13:23:56 ----D---- C:\Windows\system32\catroot2
2009-01-21 13:22:00 ----RD---- C:\Program Files
2009-01-21 12:42:24 ----HD---- C:\ProgramData
2009-01-21 01:05:10 ----D---- C:\Program Files\Mozilla Firefox
2009-01-21 00:52:13 ----D---- C:\Windows\Tasks
2009-01-21 00:52:13 ----D---- C:\Windows\system32\Tasks
2009-01-21 00:21:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-21 00:18:41 ----SHD---- C:\Windows\Installer
2009-01-21 00:18:33 ----D---- C:\Program Files\Symantec
2009-01-21 00:18:29 ----D---- C:\ProgramData\Symantec
2009-01-21 00:03:36 ----SD---- C:\Users\Elaine\AppData\Roaming\Microsoft
2009-01-20 22:18:43 ----D---- C:\Program Files\Java
2009-01-20 22:04:31 ----D---- C:\Program Files\Adobe
2009-01-20 19:05:26 ----D---- C:\Windows\system32\wbem
2009-01-20 19:04:51 ----D---- C:\Windows\system32\spool
2009-01-20 19:04:51 ----D---- C:\Windows\system32\Msdtc
2009-01-20 19:04:51 ----D---- C:\Windows\system32\CodeIntegrity
2009-01-20 19:04:48 ----D---- C:\Program Files\Common Files\Adobe
2009-01-20 19:04:44 ----D---- C:\Windows\registration
2009-01-20 18:49:41 ----D---- C:\Windows\Logs
2009-01-20 18:46:17 ----D---- C:\Windows\Prefetch
2009-01-20 18:34:15 ----D---- C:\ProgramData\Adobe
2009-01-20 18:33:38 ----D---- C:\Windows\winsxs
2009-01-20 17:50:45 ----D---- C:\Windows\system32\catroot
2009-01-15 01:14:17 ----D---- C:\Program Files\Windows Mail
2009-01-09 17:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-09 11:13:18 ----D---- C:\Program Files\Google
2009-01-09 11:09:01 ----D---- C:\ProgramData\Google
2009-01-05 21:11:22 ----D---- C:\Users\Elaine\AppData\Roaming\LimeWire
2009-01-05 20:05:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-05 12:14:29 ----RSD---- C:\Windows\Fonts
2009-01-02 22:43:43 ----D---- C:\Program Files\Common Files\logishrd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-21 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-21 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-01-21 107272]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-10 1792792]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-05-11 25888]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-20 6144]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-09 185392]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2007-06-08 194362]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-05-11 2107808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-05-11 2142752]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-01 429056]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-01-20 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-01 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-21 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-21 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-04-23 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-07-03 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 24576]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-05-11 187168]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-05-11 133920]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 167936]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 EraserSvc10824;Symantec Eraser Service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-05-11 142112]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-09 137200]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]

EOF

INFO.TXT

info.txt logfile of random's system information tool 1.05 2009-01-23 11:36:52

======Uninstall list======

Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Agere Systems HDA Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDSHiELD SE-->"C:\Program Files\CDSHiELD SE\unins000.exe"
EPSON CX7400 User's Guide-->C:\Program Files\epson\guide\cx7400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
EZ Vinyl Converter by MixMeister 1.0.5-->"C:\Program Files\MixMeister EZ Vinyl Converter\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kruptos 2-->MsiExec.exe /I{A2273570-B532-4F8D-892E-14999C591E25}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logger Pro 3.6.1-->C:\Program Files\InstallShield Installation Information\{DA4D8E62-E49C-423B-9F24-44834201A24A}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech QuickCam-->MsiExec.exe /X{7D53DF17-8AED-4ACE-A474-002372AAB399}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spartan Student V3.1.2-->MsiExec.exe /I{12620321-A608-4F0C-B0B2-C94E783CF2D6}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AS: Windows Defender

System event log

Computer Name: Elaine-PC
Event Code: 10029
Message: DCOM started the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 148343
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090123193219.000000-000
Event Type: Information
User:

Computer Name: Elaine-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 148344
Source Name: Service Control Manager
Time Written: 20090123193220.000000-000
Event Type: Information
User:

Computer Name: Elaine-PC
Event Code: 10029
Message: DCOM started the service LiveUpdate with arguments "" in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}
Record Number: 148345
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090123193351.000000-000
Event Type: Information
User:

Computer Name: Elaine-PC
Event Code: 7036
Message: The LiveUpdate service entered the running state.
Record Number: 148346
Source Name: Service Control Manager
Time Written: 20090123193351.000000-000
Event Type: Information
User:

Computer Name: Elaine-PC
Event Code: 7036
Message: The LiveUpdate service entered the stopped state.
Record Number: 148347
Source Name: Service Control Manager
Time Written: 20090123193407.000000-000
Event Type: Information
User:

Application event log

Computer Name: Elaine-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 51788
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090123193308.000000-000
Event Type: Information
User:

Computer Name: Elaine-PC
Event Code: 101
Message: Information Level: success

Scheduler launched Automatic LiveUpdate.
Record Number: 51789
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090123193352.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Elaine-PC
Event Code: 101
Message: Information Level: success

Automatic LiveUpdate has terminated.
Record Number: 51790
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090123193402.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Elaine-PC
Event Code: 101
Message: Information Level: success

The next run has been scheduled to occur at approximately 3:04 PM.
Record Number: 51791
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090123193402.000000-000
Event Type: Information
User: NT AUTHORITY\SYSTEM

Computer Name: Elaine-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 51792
Source Name: LightScribeService
Time Written: 20090123193652.000000-000
Event Type: Information
User:

Security event log

Computer Name: Elaine-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39724
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090123193648.900425-000
Event Type: Audit Failure
User:

Computer Name: Elaine-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39725
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090123193648.932425-000
Event Type: Audit Failure
User:

Computer Name: Elaine-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39726
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090123193648.964425-000
Event Type: Audit Failure
User:

Computer Name: Elaine-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39727
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090123193648.995425-000
Event Type: Audit Failure
User:

Computer Name: Elaine-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 39728
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090123193649.026425-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

EOF

Katana · January 2009

Information

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire
uTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Windows\Osoriqu.dll
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\Windows\usrinis.exe

If Virustotal is too busy please try Jotti

Step 2

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7937f8e6-b3a3-11dc-a3a9-0016d3e5fc69}]
:Files
C:\Windows\Osoriqu.dll
C:\Windows\system32\chert10-303361.exe
C:\Windows\usrinis.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]

Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 3

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Virus Total Log
OTMI Log
Kaspersky Log
How are things running now ?

Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

visionaryjunky · January 2009

********Virus Total Log

The file,
C:\Windows\Osoriqu.dll
failed to submit and prompted for an administator.

File has already been analysed:
MD5: c174bdc327b0177147e7e72a09708300
First received: 01.10.2009 01:32:53 (CET)
Date: 01.10.2009 01:32:45 (CET) [>14D]
Results: 2/38
Permalink: analisis/e053154ef7d68ce9b9c24b17bc70796c

******OTMI LOG

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ .
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService .
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder\\ .
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7937f8e6-b3a3-11dc-a3a9-0016d3e5fc69}\\ deleted successfully.
========== FILES ==========
LoadLibrary failed for C:\Windows\Osoriqu.dll
C:\Windows\Osoriqu.dll NOT unregistered.
File move failed. C:\Windows\Osoriqu.dll scheduled to be moved on reboot.
C:\Windows\system32\chert10-303361.exe moved successfully.
File move failed. C:\Windows\usrinis.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Elaine\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\0137420f-0e52-4334-b072-3baa2f96280c.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\04d7b6c2-9761-43f8-8988-2577f35715cf.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\0510e7ef-e0e0-45cb-94a6-9de43aa83e4a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\07eac7ce-52ad-48ce-bcf6-681e4d7f9b60.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\130d6e0e-d8ab-42e9-af2c-34d1cf83cf60.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\15c41e4d-b97a-4cbc-b7e2-bc0c37544ede.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\19054b8b-00b0-4624-ba38-ec774d1caf24.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\19b1f18a-65cf-4e8b-965f-b35f12c18f07.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\1fc03d98-4092-496b-81dc-24b400970fdb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\2716f253-8175-4107-ba10-6f1cec68deb0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\29df9070-aa5d-49e6-a1ae-f834e49b510e.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\2f05a801-1d83-4639-aa80-f0755a81f979.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\32113d0d-9255-4730-a853-4ce678d1084d.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\3235ea43-bbf8-4873-8f95-5f9c049dd1ec.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\3b7cbb6b-c567-4c20-9dba-13aba8558f93.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\41fd0e40-e9df-4d33-ab87-5b1a9b8b5459.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\48264c04-1043-460b-8ed0-99bf79b7eee7.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\4f6348e8-0cc5-4cbf-8aff-50bf427afaad.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\50bb542c-275c-4e45-9b0b-4ff61d071c8f.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\54e42fc9-3a1a-42ce-9e59-99b28a8f0580.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\5677917f-f406-4e8d-9fc9-98f764ac9b2b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\65858bbe-057d-4b62-9694-7a160bbe1fff.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\788e0663-308e-40e7-bfd3-f1f8f33e5324.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\97cce7d4-ff98-4f3a-9540-7faf0549da7e.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9a4f7797-21b7-46d7-9a5a-efe0af4b8ef1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9b122a98-a331-465a-b243-3a05ffacc643.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9cf426d1-3e1b-47ee-a4f1-eebc3492dac9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a55ad30f-14c8-4d0c-9989-5ea04ddf8fbb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a5c81dd3-c234-4e1e-8732-b02622850675.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a64a1543-f84d-429a-bb6b-570c70ecea4a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a76e93e9-0603-4349-9589-917e1dbc5c38.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a8563c67-3ee7-420f-91cd-001e8e127c0d.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\a96f5004-10dc-4b28-91d6-b485042499af.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ac0ec9a4-e2ea-4906-a236-3340fb5225d8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\b61b41ff-9fe6-4f43-8c39-89c014e018cb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\bd4eab19-31ec-4007-ba9a-80ed3eb48623.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\be21a503-5c69-48a4-b5e7-d08a2c44ad50.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\bf1d6982-ad77-4332-bd25-4785500c6dbb.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\c82a58c1-deec-4ec7-a1e2-9e21a65c1642.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\c952a880-5dca-4524-a497-d975676e39e9.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d1e034e1-4c63-459d-8918-a2d43eaa57ac.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d2422cab-a9b0-4386-b961-969ebe273cff.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\d665d0b8-3128-4117-b400-e16228e89f09.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\da4c9411-1063-498a-bae2-7312b0103432.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\dea09e85-1baa-484f-b7a7-120d59ed3be2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\eb3019a5-da9b-4e25-9dcb-2f2b73d53006.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\edd72c22-ced0-45c7-b462-26de1de0057b.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f1283d82-1662-4624-aa7d-c4dcbadfa75a.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f1dbfafa-17d4-4e02-adc8-9487dacfd8f4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f1eb0ab8-fa05-400d-bdb4-267cebf9ae21.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f30e07f3-95aa-4e4c-a087-9abb3b4206df.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\f62c0b59-5a8a-421e-8369-6790582778b8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fb9e6c4d-787f-460c-93e4-aecdb03837df.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP0000005FDB98D67AA9AF3B76 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01232009_235420

Files moved on Reboot...
LoadLibrary failed for C:\Windows\Osoriqu.dll
C:\Windows\Osoriqu.dll NOT unregistered.
File move failed. C:\Windows\Osoriqu.dll scheduled to be moved on reboot.
File move failed. C:\Windows\usrinis.exe scheduled to be moved on reboot.
C:\Users\Elaine\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File move failed. C:\Windows\temp\0137420f-0e52-4334-b072-3baa2f96280c.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\04d7b6c2-9761-43f8-8988-2577f35715cf.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\0510e7ef-e0e0-45cb-94a6-9de43aa83e4a.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\07eac7ce-52ad-48ce-bcf6-681e4d7f9b60.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\130d6e0e-d8ab-42e9-af2c-34d1cf83cf60.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\15c41e4d-b97a-4cbc-b7e2-bc0c37544ede.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\19054b8b-00b0-4624-ba38-ec774d1caf24.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\19b1f18a-65cf-4e8b-965f-b35f12c18f07.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\1fc03d98-4092-496b-81dc-24b400970fdb.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\2716f253-8175-4107-ba10-6f1cec68deb0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\29df9070-aa5d-49e6-a1ae-f834e49b510e.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\2f05a801-1d83-4639-aa80-f0755a81f979.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\32113d0d-9255-4730-a853-4ce678d1084d.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\3235ea43-bbf8-4873-8f95-5f9c049dd1ec.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\3b7cbb6b-c567-4c20-9dba-13aba8558f93.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\41fd0e40-e9df-4d33-ab87-5b1a9b8b5459.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\48264c04-1043-460b-8ed0-99bf79b7eee7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\4f6348e8-0cc5-4cbf-8aff-50bf427afaad.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\50bb542c-275c-4e45-9b0b-4ff61d071c8f.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\54e42fc9-3a1a-42ce-9e59-99b28a8f0580.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\5677917f-f406-4e8d-9fc9-98f764ac9b2b.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\65858bbe-057d-4b62-9694-7a160bbe1fff.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\788e0663-308e-40e7-bfd3-f1f8f33e5324.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\97cce7d4-ff98-4f3a-9540-7faf0549da7e.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\9a4f7797-21b7-46d7-9a5a-efe0af4b8ef1.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\9b122a98-a331-465a-b243-3a05ffacc643.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\9cf426d1-3e1b-47ee-a4f1-eebc3492dac9.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a55ad30f-14c8-4d0c-9989-5ea04ddf8fbb.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a5c81dd3-c234-4e1e-8732-b02622850675.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a64a1543-f84d-429a-bb6b-570c70ecea4a.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a76e93e9-0603-4349-9589-917e1dbc5c38.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a8563c67-3ee7-420f-91cd-001e8e127c0d.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\a96f5004-10dc-4b28-91d6-b485042499af.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ac0ec9a4-e2ea-4906-a236-3340fb5225d8.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\b61b41ff-9fe6-4f43-8c39-89c014e018cb.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\bd4eab19-31ec-4007-ba9a-80ed3eb48623.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\be21a503-5c69-48a4-b5e7-d08a2c44ad50.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\bf1d6982-ad77-4332-bd25-4785500c6dbb.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\c82a58c1-deec-4ec7-a1e2-9e21a65c1642.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\c952a880-5dca-4524-a497-d975676e39e9.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\d1e034e1-4c63-459d-8918-a2d43eaa57ac.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\d2422cab-a9b0-4386-b961-969ebe273cff.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\d665d0b8-3128-4117-b400-e16228e89f09.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\da4c9411-1063-498a-bae2-7312b0103432.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dea09e85-1baa-484f-b7a7-120d59ed3be2.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\eb3019a5-da9b-4e25-9dcb-2f2b73d53006.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\edd72c22-ced0-45c7-b462-26de1de0057b.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\f1283d82-1662-4624-aa7d-c4dcbadfa75a.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\f1dbfafa-17d4-4e02-adc8-9487dacfd8f4.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\f1eb0ab8-fa05-400d-bdb4-267cebf9ae21.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\f30e07f3-95aa-4e4c-a087-9abb3b4206df.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\f62c0b59-5a8a-421e-8369-6790582778b8.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\fb9e6c4d-787f-460c-93e4-aecdb03837df.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LVCOMSX.LOG scheduled to be moved on reboot.
File move failed. C:\Windows\temp\MpSigStub.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TMP0000005FDB98D67AA9AF3B76 scheduled to be moved on reboot.

********KAPERSKY LOG

Tuesday, January 27, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 27, 2009 05:31:27
Records in database: 1703638
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 101478
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:33:34

No malware has been detected. The scan area is clean.
The selected area was scanned.

*********How are things running?

Computer is still slow, and taking up memory.
The pop up doesn't appear at start up anymore but I still get
alerts from AVG antispyware for infections.

Katana · January 2009

There is no visible malware now, when is the computer slow and what does AVG find ?

Please post a fresh RSIT log

svchost virus!

Comments