View Full Version : Cannot Get Rid Of Zlob.DNSChanger Trojan... Help?
BlackMachineVii
2008-10-21, 18:39
I cannot get rid of the Zlob.DNSchanger Trojan. It infects my Windows half of the hard drive, and my Linux's other half of the hard drive. I have tried a lot of things to get rid of it, and none have worked. I see you guys have helped plenty of people on this forum. So I thought I may as well try my luck on here.
I am using Windows Vista SP1 by the way.
Here is my Trend Micro HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:03 AM, on 10/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10438 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
BlackMachineVii
2008-10-26, 06:55
Hello, I just recently redid my Windows Vista side of the hardrive due to failure to boot up. Do I need to post a new HijackThis Log?
That should sort your problems nicely :eek:
If you have no problems now, we can close this thread.
BlackMachineVii
2008-10-27, 01:00
Unfortunately, it is still effecting my computer. I guess the Trojan was in my Ubuntu side of the hard drive too. I am not sure why, but my comp is running super slow now, and the pop ups are getting worse and worse. I still get the same results during a SpyBot scan. So I take it my comp is still infected cause of the other half of my drive being used up by Ubuntu? Should I do another HiJack This scan and post the log?
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
BlackMachineVii
2008-10-27, 17:29
Here is the Log Text
Logfile of random's system information tool 1.04 (written by random/random)
Run by Corey Jay at 2008-10-27 11:25:50
Microsoft® Windows Vista™ Home Premium
System drive C: has 43 GB (71%) free of 61 GB
Total RAM: 1790 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:54 AM, on 10/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Corey Jay\Desktop\RSIT.exe
C:\Program Files\trend micro\Corey Jay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Acer Tour] C:\Acer\AcerTour\AcerTour.exe
O4 - HKLM\..\Run: [SetPanel] C:\AcerSW\APanel.exe /F:C:\AcerSW\SetPanel.ini
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5930 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-01-02 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-10-24 1006264]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe [2007-01-26 540672]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-22 815104]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]
"Acer Tour"=C:\Acer\AcerTour\AcerTour.exe [2007-01-14 327680]
"SetPanel"=C:\AcerSW\APanel.exe [2006-12-19 11776]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2006-12-13 3166208]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2006-12-07 1261568]
"eRecoveryService"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-10-24 1232896]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ebf934c-a245-11dd-a2f1-806e6f6e6963}]
shell\AutoRun\command - D:\CDSetup.exe
======List of files/folders created in the last 1 months======
2008-10-27 02:00:58 ----D---- C:\Program Files\trend micro
2008-10-27 02:00:57 ----D---- C:\rsit
2008-10-25 01:30:40 ----D---- C:\ProgramData\McAfee
2008-10-25 01:20:04 ----SHD---- C:\Config.Msi
2008-10-25 01:16:07 ----D---- C:\Users\Corey Jay\AppData\Roaming\Adobe
2008-10-25 01:03:54 ----D---- C:\Users\Corey Jay\AppData\Roaming\Mozilla
2008-10-25 01:03:40 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 00:27:13 ----D---- C:\ATI
2008-10-25 00:17:21 ----D---- C:\Users\Corey Jay\AppData\Roaming\Acer
2008-10-25 00:17:20 ----D---- C:\Users\Corey Jay\AppData\Roaming\Leadertech
2008-10-24 23:57:32 ----A---- C:\Windows\system32\Remove_eRecovery.exe
2008-10-24 23:57:32 ----A---- C:\Windows\system32\LauncheRyAgentUser.exe
2008-10-24 23:57:32 ----A---- C:\Windows\system32\ERUpdateHidden.EXE
2008-10-24 23:57:32 ----A---- C:\Windows\system32\ClearEvent.exe
2008-10-24 23:57:32 ----A---- C:\Windows\system32\CheckD2DSystem.exe
2008-10-24 23:57:32 ----A---- C:\Windows\system32\Acer EULA.txt
2008-10-24 23:38:05 ----D---- C:\Windows\SoftwareDistribution
2008-10-24 22:32:16 ----A---- C:\Windows\system32\$Acer$.cmd
2008-10-24 22:32:15 ----A---- C:\Windows\AFirst.cmd
2008-10-24 22:31:31 ----A---- C:\Windows\UNINST32.EXE
2008-10-24 22:31:25 ----A---- C:\Windows\CLEANUP.INI
2008-10-24 22:31:25 ----A---- C:\Windows\CLEANUP.CMD
2008-10-24 21:17:34 ----A---- C:\Windows\system32\winipsec.dll
2008-10-24 21:17:34 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-10-24 21:17:34 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-24 21:17:33 ----A---- C:\Windows\system32\polstore.dll
2008-10-24 21:16:19 ----A---- C:\Windows\system32\riched32.dll
2008-10-24 21:16:19 ----A---- C:\Windows\system32\riched20.dll
2008-10-24 21:16:17 ----A---- C:\Windows\system32\rasser.dll
2008-10-24 21:16:17 ----A---- C:\Windows\system32\rasdiag.dll
2008-10-24 21:16:17 ----A---- C:\Windows\system32\rascfg.dll
2008-10-24 21:16:16 ----A---- C:\Windows\system32\rasmxs.dll
2008-10-24 21:16:16 ----A---- C:\Windows\system32\netcfgx.dll
2008-10-24 21:16:16 ----A---- C:\Windows\system32\msftedit.dll
2008-10-24 21:16:15 ----A---- C:\Windows\system32\wshqos.dll
2008-10-24 21:16:15 ----A---- C:\Windows\system32\ipnathlp.dll
2008-10-24 21:16:15 ----A---- C:\Windows\system32\icsunattend.exe
2008-10-24 21:16:14 ----A---- C:\Windows\system32\traffic.dll
2008-10-24 21:16:14 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-24 21:16:14 ----A---- C:\Windows\system32\localspl.dll
2008-10-24 21:16:14 ----A---- C:\Windows\system32\cdd.dll
2008-10-24 21:16:13 ----A---- C:\Windows\system32\dps.dll
2008-10-24 21:15:14 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-24 21:15:11 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-24 21:15:11 ----A---- C:\Windows\system32\gameux.dll
2008-10-24 21:13:54 ----A---- C:\Windows\system32\msoert2.dll
2008-10-24 21:13:54 ----A---- C:\Windows\system32\msoeacct.dll
2008-10-24 21:13:54 ----A---- C:\Windows\system32\ACCTRES.dll
2008-10-24 21:12:37 ----A---- C:\Windows\system32\wtsapi32.dll
2008-10-24 21:12:34 ----A---- C:\Windows\explorer.exe
2008-10-24 21:12:33 ----A---- C:\Windows\system32\sysmain.dll
2008-10-24 21:12:32 ----A---- C:\Windows\system32\wlansvc.dll
2008-10-24 21:12:32 ----A---- C:\Windows\system32\wlansec.dll
2008-10-24 21:12:32 ----A---- C:\Windows\system32\wlanmsm.dll
2008-10-24 21:12:32 ----A---- C:\Windows\system32\wlanhlp.dll
2008-10-24 21:12:32 ----A---- C:\Windows\system32\wlanapi.dll
2008-10-24 21:11:28 ----A---- C:\Windows\system32\WebClnt.dll
2008-10-24 21:08:32 ----A---- C:\Windows\system32\mcmde.dll
2008-10-24 21:08:31 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-24 21:08:31 ----A---- C:\Windows\system32\EncDec.dll
2008-10-24 21:07:21 ----A---- C:\Windows\system32\csrsrv.dll
2008-10-24 21:07:20 ----A---- C:\Windows\system32\winsrv.dll
2008-10-24 21:03:24 ----A---- C:\Windows\system32\shell32.dll
2008-10-24 21:00:01 ----A---- C:\Windows\system32\tzres.dll
2008-10-24 20:58:47 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-24 20:57:16 ----A---- C:\Windows\system32\msscp.dll
2008-10-24 20:56:22 ----A---- C:\Windows\system32\wmploc.DLL
2008-10-24 20:56:21 ----A---- C:\Windows\system32\wmp.dll
2008-10-24 20:56:21 ----A---- C:\Windows\system32\spwmp.dll
2008-10-24 20:56:20 ----A---- C:\Windows\system32\dxmasf.dll
2008-10-24 20:56:19 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-10-24 20:55:34 ----A---- C:\Windows\system32\wfapigp.dll
2008-10-24 20:55:34 ----A---- C:\Windows\system32\MPSSVC.dll
2008-10-24 20:55:34 ----A---- C:\Windows\system32\icfupgd.dll
2008-10-24 20:55:34 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-10-24 20:55:33 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-10-24 20:55:33 ----A---- C:\Windows\system32\cmifw.dll
2008-10-24 20:54:52 ----A---- C:\Windows\system32\netapi32.dll
2008-10-24 20:51:28 ----A---- C:\Windows\system32\DWWIN.EXE
2008-10-24 20:50:54 ----A---- C:\Windows\system32\msxml3r.dll
2008-10-24 20:50:54 ----A---- C:\Windows\system32\msxml3.dll
2008-10-24 20:49:34 ----A---- C:\Windows\system32\hcrstco.dll
2008-10-24 20:49:34 ----A---- C:\Windows\system32\hccoin.dll
2008-10-24 20:48:24 ----A---- C:\Windows\system32\netcfg.exe
2008-10-24 20:48:23 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-10-24 20:48:23 ----A---- C:\Windows\system32\netiougc.exe
2008-10-24 20:47:34 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-10-24 20:47:34 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-10-24 20:47:34 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-10-24 20:47:34 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-10-24 20:47:33 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-10-24 20:47:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-10-24 20:47:33 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-10-24 20:47:32 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-10-24 20:47:32 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-10-24 20:47:31 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-10-24 20:47:30 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-10-24 20:47:30 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-10-24 20:47:29 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-10-24 20:47:28 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-10-24 20:47:28 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-10-24 20:47:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-10-24 20:47:26 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-10-24 20:47:26 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-10-24 20:47:25 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-10-24 20:47:24 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-10-24 20:47:24 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-10-24 20:47:24 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-24 20:47:24 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-24 20:47:23 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-10-24 20:47:23 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-10-24 20:47:22 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-10-24 20:47:22 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-10-24 20:47:21 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-10-24 20:47:21 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-10-24 20:47:20 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-10-24 20:47:19 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-10-24 20:47:19 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-10-24 20:47:18 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-10-24 20:47:18 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-10-24 20:47:17 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-10-24 20:47:17 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-10-24 20:47:16 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-10-24 20:47:16 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-10-24 20:47:15 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-10-24 20:47:15 ----A---- C:\Windows\system32\NlsData0046.dll
2008-10-24 20:47:15 ----A---- C:\Windows\system32\NlsData0045.dll
2008-10-24 20:47:14 ----A---- C:\Windows\system32\NlsData0049.dll
2008-10-24 20:47:14 ----A---- C:\Windows\system32\NlsData0047.dll
2008-10-24 20:47:14 ----A---- C:\Windows\system32\NlsData0039.dll
2008-10-24 20:47:13 ----A---- C:\Windows\system32\NlsData0022.dll
2008-10-24 20:47:13 ----A---- C:\Windows\system32\NlsData0021.dll
2008-10-24 20:47:13 ----A---- C:\Windows\system32\NlsData0020.dll
2008-10-24 20:47:12 ----A---- C:\Windows\system32\NlsData0027.dll
2008-10-24 20:47:12 ----A---- C:\Windows\system32\NlsData0026.dll
2008-10-24 20:47:12 ----A---- C:\Windows\system32\NlsData0024.dll
2008-10-24 20:47:11 ----A---- C:\Windows\system32\NlsData0013.dll
2008-10-24 20:47:11 ----A---- C:\Windows\system32\NlsData0011.dll
2008-10-24 20:47:11 ----A---- C:\Windows\system32\NlsData0010.dll
2008-10-24 20:47:10 ----A---- C:\Windows\system32\NlsData0018.dll
2008-10-24 20:47:10 ----A---- C:\Windows\system32\NlsData0000.dll
2008-10-24 20:47:09 ----A---- C:\Windows\system32\NlsData0019.dll
2008-10-24 20:47:09 ----A---- C:\Windows\system32\NlsData0003.dll
2008-10-24 20:47:09 ----A---- C:\Windows\system32\NlsData0002.dll
2008-10-24 20:47:09 ----A---- C:\Windows\system32\NlsData0001.dll
2008-10-24 20:47:08 ----A---- C:\Windows\system32\NlsData0009.dll
2008-10-24 20:47:08 ----A---- C:\Windows\system32\NlsData0007.dll
2008-10-24 20:47:07 ----A---- C:\Windows\system32\NlsData004c.dll
2008-10-24 20:47:07 ----A---- C:\Windows\system32\NlsData004b.dll
2008-10-24 20:47:07 ----A---- C:\Windows\system32\NlsData004a.dll
2008-10-24 20:47:06 ----A---- C:\Windows\system32\NlsData004e.dll
2008-10-24 20:47:06 ----A---- C:\Windows\system32\NlsData003e.dll
2008-10-24 20:47:06 ----A---- C:\Windows\system32\NlsData002a.dll
2008-10-24 20:47:06 ----A---- C:\Windows\system32\NlsData001a.dll
2008-10-24 20:47:05 ----A---- C:\Windows\system32\NlsData001d.dll
2008-10-24 20:47:05 ----A---- C:\Windows\system32\NlsData001b.dll
2008-10-24 20:47:04 ----A---- C:\Windows\system32\NlsData000c.dll
2008-10-24 20:47:04 ----A---- C:\Windows\system32\NlsData000a.dll
2008-10-24 20:47:03 ----A---- C:\Windows\system32\NlsData0414.dll
2008-10-24 20:47:03 ----A---- C:\Windows\system32\NlsData000f.dll
2008-10-24 20:47:03 ----A---- C:\Windows\system32\NlsData000d.dll
2008-10-24 20:47:02 ----A---- C:\Windows\system32\NlsData0416.dll
2008-10-24 20:47:02 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-24 20:47:01 ----A---- C:\Windows\system32\NlsData081a.dll
2008-10-24 20:47:01 ----A---- C:\Windows\system32\NlsData0816.dll
2008-10-24 20:47:00 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-10-24 20:47:00 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-10-24 20:43:18 ----A---- C:\Windows\system32\setupapi.dll
2008-10-24 20:42:48 ----A---- C:\Windows\system32\wpd_ci.dll
2008-10-24 20:42:48 ----A---- C:\Windows\system32\srdelayed.exe
2008-10-24 20:42:48 ----A---- C:\Windows\system32\srcore.dll
2008-10-24 20:42:48 ----A---- C:\Windows\system32\srclient.dll
2008-10-24 20:42:48 ----A---- C:\Windows\system32\rstrui.exe
2008-10-24 20:42:47 ----A---- C:\Windows\system32\winresume.exe
2008-10-24 20:42:47 ----A---- C:\Windows\system32\winload.exe
2008-10-24 20:42:47 ----A---- C:\Windows\system32\kd1394.dll
2008-10-24 20:42:47 ----A---- C:\Windows\system32\ci.dll
2008-10-24 20:42:46 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-10-24 20:42:46 ----A---- C:\Windows\system32\nshhttp.dll
2008-10-24 20:42:46 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-24 20:42:46 ----A---- C:\Windows\system32\drvinst.exe
2008-10-24 20:42:46 ----A---- C:\Windows\system32\dpx.dll
2008-10-24 20:42:46 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-10-24 20:42:45 ----A---- C:\Windows\system32\unlodctr.exe
2008-10-24 20:42:45 ----A---- C:\Windows\system32\prflbmsg.dll
2008-10-24 20:42:45 ----A---- C:\Windows\system32\oleaut32.dll
2008-10-24 20:42:45 ----A---- C:\Windows\system32\lodctr.exe
2008-10-24 20:42:45 ----A---- C:\Windows\system32\loadperf.dll
2008-10-24 20:42:44 ----A---- C:\Windows\system32\schedsvc.dll
2008-10-24 20:42:43 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-10-24 20:42:43 ----A---- C:\Windows\system32\dispci.dll
2008-10-24 20:42:43 ----A---- C:\Windows\system32\batt.dll
2008-10-24 20:40:19 ----A---- C:\Windows\system32\WMASF.DLL
2008-10-24 20:40:19 ----A---- C:\Windows\system32\LAPRXY.DLL
2008-10-24 20:40:19 ----A---- C:\Windows\system32\asferror.dll
2008-10-24 20:39:18 ----A---- C:\Windows\system32\gdi32.dll
2008-10-24 20:38:41 ----A---- C:\Windows\system32\slwmi.dll
2008-10-24 20:38:41 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-10-24 20:38:41 ----A---- C:\Windows\system32\SLC.dll
2008-10-24 20:38:41 ----A---- C:\Windows\system32\mcbuilder.exe
2008-10-24 20:38:40 ----A---- C:\Windows\system32\SLUINotify.dll
2008-10-24 20:38:40 ----A---- C:\Windows\system32\SLUI.exe
2008-10-24 20:38:40 ----A---- C:\Windows\system32\SLsvc.exe
2008-10-24 20:38:40 ----A---- C:\Windows\system32\SLLUA.exe
2008-10-24 20:38:40 ----A---- C:\Windows\system32\slcinst.dll
2008-10-24 20:38:04 ----A---- C:\Windows\system32\msxml6r.dll
2008-10-24 20:38:04 ----A---- C:\Windows\system32\msxml6.dll
2008-10-24 20:36:38 ----A---- C:\Windows\system32\schannel.dll
2008-10-24 20:36:38 ----A---- C:\Windows\system32\ntprint.exe
2008-10-24 20:36:38 ----A---- C:\Windows\system32\ntprint.dll
2008-10-24 20:36:36 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-10-24 20:36:36 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-10-24 20:36:36 ----A---- C:\Windows\system32\dhcpcmonitor.dll
2008-10-24 20:36:36 ----A---- C:\Windows\system32\authui.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\msvidc32.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\msvfw32.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\msrle32.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\mciavi32.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\avifil32.dll
2008-10-24 20:36:35 ----A---- C:\Windows\system32\avicap32.dll
2008-10-24 20:36:34 ----A---- C:\Windows\system32\sendmail.dll
2008-10-24 20:35:58 ----A---- C:\Windows\system32\wshrm.dll
2008-10-24 20:35:22 ----A---- C:\Windows\system32\sbunattend.exe
2008-10-24 20:34:40 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-10-24 20:34:40 ----A---- C:\Windows\system32\dnsapi.dll
2008-10-24 20:34:39 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-10-24 20:33:41 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-24 20:33:03 ----A---- C:\Windows\system32\INETRES.dll
2008-10-24 20:33:03 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-24 20:32:38 ----A---- C:\Windows\system32\wmi.dll
2008-10-24 20:32:38 ----A---- C:\Windows\system32\imagehlp.dll
2008-10-24 20:32:16 ----A---- C:\Windows\system32\quartz.dll
2008-10-24 20:31:53 ----A---- C:\Windows\system32\crypt32.dll
2008-10-24 20:31:14 ----D---- C:\Program Files\MSXML 4.0
2008-10-24 20:30:55 ----A---- C:\Windows\system32\poqexec.exe
2008-10-24 20:30:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-24 20:30:29 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-24 20:30:04 ----A---- C:\Windows\system32\user32.dll
2008-10-24 20:28:34 ----A---- C:\Windows\system32\ieapfltr.dll
2008-10-24 20:28:34 ----A---- C:\Windows\system32\advpack.dll
2008-10-24 20:28:33 ----A---- C:\Windows\system32\wininet.dll
2008-10-24 20:28:33 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-24 20:28:33 ----A---- C:\Windows\system32\dxtrans.dll
2008-10-24 20:28:33 ----A---- C:\Windows\system32\dxtmsft.dll
2008-10-24 20:28:32 ----A---- C:\Windows\system32\ieui.dll
2008-10-24 20:28:31 ----A---- C:\Windows\system32\ieframe.dll
2008-10-24 20:28:30 ----A---- C:\Windows\system32\mshtmled.dll
2008-10-24 20:28:29 ----A---- C:\Windows\system32\mshtml.dll
2008-10-24 20:28:28 ----A---- C:\Windows\system32\mstime.dll
2008-10-24 20:28:27 ----A---- C:\Windows\system32\icardie.dll
2008-10-24 20:28:25 ----A---- C:\Windows\system32\ieUnatt.exe
2008-10-24 20:28:24 ----A---- C:\Windows\system32\urlmon.dll
2008-10-24 20:28:24 ----A---- C:\Windows\system32\pngfilt.dll
2008-10-24 20:28:24 ----A---- C:\Windows\system32\iertutil.dll
2008-10-24 20:28:23 ----A---- C:\Windows\system32\iesetup.dll
2008-10-24 20:28:23 ----A---- C:\Windows\system32\iernonce.dll
2008-10-24 20:28:23 ----A---- C:\Windows\system32\ie4uinit.exe
2008-10-24 20:27:25 ----A---- C:\Windows\system32\qmgr.dll
2008-10-24 19:51:50 ----A---- C:\Windows\system32\wups2.dll
2008-10-24 19:51:50 ----A---- C:\Windows\system32\wucltux.dll
2008-10-24 19:51:50 ----A---- C:\Windows\system32\wuauclt.exe
2008-10-24 19:51:49 ----A---- C:\Windows\system32\wuaueng.dll
2008-10-24 19:51:27 ----A---- C:\Windows\system32\wups.dll
2008-10-24 19:51:27 ----A---- C:\Windows\system32\wudriver.dll
2008-10-24 19:51:26 ----A---- C:\Windows\system32\wuapi.dll
2008-10-24 19:51:12 ----A---- C:\Windows\system32\wuwebv.dll
2008-10-24 19:51:12 ----A---- C:\Windows\system32\wuapp.exe
2008-10-24 19:50:36 ----D---- C:\Program Files\Acer Assist
2008-10-24 19:50:35 ----D---- C:\Program Files\Acer Registration
2008-10-24 19:50:04 ----A---- C:\Windows\SETUP.INI
2008-10-24 19:49:19 ----D---- C:\Program Files\Launch Manager
2008-10-24 19:49:05 ----D---- C:\Users\Corey Jay\AppData\Roaming\ATI
2008-10-24 19:48:34 ----SHD---- C:\$RECYCLE.BIN
2008-10-24 19:48:18 ----D---- C:\Users\Corey Jay\AppData\Roaming\Identities
2008-10-24 19:47:58 ----D---- C:\Windows\system32\Macromed
2008-10-24 19:47:57 ----D---- C:\ProgramData\InstallShield
2008-10-24 19:47:56 ----D---- C:\Users\Corey Jay\AppData\Roaming\Macromedia
2008-10-24 19:47:53 ----D---- C:\Program Files\Acer Inc
2008-10-24 19:47:53 ----A---- C:\Windows\Acer.ini
2008-10-24 19:47:52 ----D---- C:\Windows\Acer
2008-10-24 19:47:30 ----D---- C:\Program Files\Yahoo!
2008-10-24 19:47:13 ----SD---- C:\Users\Corey Jay\AppData\Roaming\Microsoft
2008-10-24 19:47:13 ----D---- C:\Users\Corey Jay\AppData\Roaming\Media Center Programs
======List of files/folders modified in the last 1 months======
2008-10-27 11:25:51 ----D---- C:\Windows\Temp
2008-10-27 02:00:58 ----RD---- C:\Program Files
2008-10-27 02:00:24 ----D---- C:\Windows\System32
2008-10-27 02:00:23 ----D---- C:\Windows\inf
2008-10-27 02:00:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-27 01:54:27 ----D---- C:\Windows\system32\catroot2
2008-10-25 01:30:46 ----D---- C:\Windows\Prefetch
2008-10-25 01:30:40 ----HD---- C:\ProgramData
2008-10-25 01:27:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-25 01:26:11 ----D---- C:\Windows
2008-10-25 01:25:17 ----SHD---- C:\Windows\Installer
2008-10-25 01:24:55 ----D---- C:\ProgramData\Symantec
2008-10-25 01:24:14 ----D---- C:\Windows\system32\drivers
2008-10-25 01:24:07 ----D---- C:\Program Files\Common Files
2008-10-25 01:23:04 ----RSD---- C:\Windows\assembly
2008-10-25 00:50:29 ----D---- C:\Windows\system32\WDI
2008-10-25 00:27:03 ----D---- C:\Windows\Microsoft.NET
2008-10-25 00:18:09 ----D---- C:\Windows\system32\Tasks
2008-10-25 00:16:14 ----ASH---- C:\Program Files\desktop.ini
2008-10-25 00:15:59 ----D---- C:\Windows\rescache
2008-10-25 00:09:15 ----D---- C:\Windows\system32\en-US
2008-10-25 00:09:14 ----D---- C:\Windows\system32\ras
2008-10-25 00:09:14 ----D---- C:\Program Files\Windows Calendar
2008-10-25 00:09:13 ----D---- C:\Windows\system32\icsxml
2008-10-25 00:09:12 ----D---- C:\Windows\AppPatch
2008-10-25 00:09:11 ----D---- C:\Windows\system32\XPSViewer
2008-10-25 00:09:11 ----D---- C:\Windows\system32\wbem
2008-10-25 00:09:11 ----D---- C:\Windows\ehome
2008-10-25 00:09:11 ----D---- C:\Program Files\Windows Mail
2008-10-25 00:09:11 ----D---- C:\Program Files\Common Files\System
2008-10-25 00:09:08 ----D---- C:\Program Files\Windows Defender
2008-10-25 00:09:07 ----D---- C:\Windows\servicing
2008-10-25 00:09:07 ----D---- C:\Program Files\Windows Media Player
2008-10-25 00:09:04 ----D---- C:\Windows\system32\migration
2008-10-25 00:09:00 ----D---- C:\Windows\system32\SLUI
2008-10-25 00:08:56 ----D---- C:\Program Files\Windows Sidebar
2008-10-25 00:08:55 ----D---- C:\Program Files\Internet Explorer
2008-10-25 00:08:53 ----D---- C:\Windows\winsxs
2008-10-24 23:38:45 ----D---- C:\Windows\Panther
2008-10-24 21:10:36 ----D---- C:\Windows\system32\catroot
2008-10-24 20:27:13 ----SHD---- C:\System Volume Information
2008-10-24 19:56:57 ----D---- C:\Windows\Logs
2008-10-24 19:50:56 ----A---- C:\Windows\Alaunch.ini
2008-10-24 19:50:33 ----D---- C:\AcerSW
2008-10-24 19:47:52 ----SD---- C:\Windows\Downloaded Program Files
2008-10-24 19:47:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-24 19:47:50 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-24 19:47:37 ----D---- C:\Windows\system32\restore
2008-10-24 19:47:13 ----RD---- C:\Users
2008-10-24 19:43:08 ----D---- C:\Windows\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2006-11-02 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 506368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-24 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-17 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-17 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-03-10 6144]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-05 51200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-10-24 82432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-22 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-10-24 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-21 62464]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-01-02 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 126976]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-28 49152]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
-----------------EOF-----------------
And Here is The Text Info
info.txt logfile of random's system information tool 1.04 2008-10-27 11:25:55
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe
======Security center information======
AS: Windows Defender
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
-----------------EOF-----------------
There is no evidence of infection in those logs ?
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
BlackMachineVii
2008-10-27, 19:54
When I get home from work, I will do a Kaspersky scan and post my log.
But with this Trojan, when I got it, I kept getting a lot of pop ups, and a lot of websites I use to be able to go to, it keeps saying it is not valid address. And I cannot do security updates for Windows, I cannot Install or update my McAfee virus protection (I haven't put it on my comp yet since I redid my Vista side of the hard Drive of this trojan, and it wont let me install, Register, or update McAfee), and I cannot download anything off the internet including SpyBot. Hopefully it will let me run Kaspersky later off IE.
Thanks for your effort of help.
BlackMachineVii
2008-10-28, 01:46
I ran the Kaspersky free online scanner. And I didn't know what area to scan so I scanned the "Critical Areas", and the "My Computer" area. But it said it found no infections, or viruses. Is there a good scanner I should use to scan my Linux side of the hard drive? I will post both logs of the Kaspersky scan now.
My Computer Scan Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 20:30:26
Records in database: 1351940
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 60931
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:33:42
No malware has been detected. The scan area is clean.
The selected area was scanned.
Now the Critical Areas Scan Log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 20:30:26
Records in database: 1351940
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Program Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Corey Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows
Scan statistics:
Files scanned: 55728
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:24:37
No malware has been detected. The scan area is clean.
The selected area was scanned.
I know there is still something in my computer, since I keep getting a bunch of ridiculous pop ups, and I still get the same results of everyone else who has this same Trojan. Hopefully you guys can help figure this out.
Do you get popups when using the Linux install ?
What sort of popups are they, can you describe them in a bit more detail.
BlackMachineVii
2008-10-28, 02:58
I get pop ups in Linux as well. I am running a Kaspersky scan on my Linux hard drive right now. Want me to post a log of my Linux scan when it is done?
Here is a list of problems I am experiencing on my network.
- Sexual Related Pop Ups, From Porn Sites, to Enhancement Pills
- Cannot Access Web Pages I Normally Could Before I Got This Trojan
- Sometimes I get Redirected To Websites Full Of Spam/Pop Ups/Ads
- Slow Internet , and Computer Speed while my connection is at 100% and my Internet Speed is around 5Mbs Download. And I am running a fairly New/Fast Laptop That Has Gotten Slow Out of No Where
- And I Cannot Download any Windows Updates, McAfee Updates, or Anything off The internet For that Matter. I can Only Download, and Update off Linux.
But on a Different Network, I have no problems at all, computer runs at normal speed, and no pop ups or anything. I can access what I want, and update windows along with downloading off the internet. And this network speed is half the speed of mine.
Can it be that the Trojan has opened up ports on my Wireless router? To where it changes the DNS on my specific router? I have this same Trojan on 2 computers on the same Network. I posted the RSIT Scan earlier on my network, and the Kasperky Scan on a different network cause I am not home. Maybe I should re try the Kaspersky scan on my network later and post the scan log?
BlackMachineVii
2008-10-28, 03:00
Here is the Linux Kaspersky Scan Log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 27, 2008
Operating System: Linux
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: 27 October 2008 22:28:07
Records in database: 1352105
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
/
Scan statistics:
Files scanned: 131268
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:35:22
No malware has been detected. The scan area is clean.
The selected area was scanned.
I see nothing, I am going to re do all my scans on my network when I get home to see if I get the same results. I will post logs later when the scans have finished.
It sounds as if the Router has been altered,
make sure you have all the details you need from the ISP to reconnect and reboot your router to factory settings
( there should be a button to do this )
BlackMachineVii
2008-10-28, 17:54
I forgot to add that, there are also ads that are normally not there on web pages like Amazon, and eBay. Cause the ads are always for a male enhancement pills. I wouldn't think eBay, or amazon would put those kinds of ads are their page. Other people say they have the same problem, and they all say they are infected with the Zlob.DNSChanger Trojan. I will reset my router and hope that fixes everything. Not sure if this matters, but I opened up a port on my router to allow P2P to run faster, maybe that is what happened when it comes to the infection?
Not sure if this matters, but I opened up a port on my router to allow P2P to run faster, maybe that is what happened when it comes to the infection?
P2P is a wonderful way to get infected.
BlackMachineVii
2008-10-28, 23:27
Yes I know, but I check everything I download on an old computer of mine before what I download gets put on my main computer.
Anyways... I have did a complete reset of my router, and did a IPConfig through Command Prompt. And my DNS has changed back to the way it was when it was not being infected with the Trojan. I can download all the updates on my network, I can download anything off the internet, no more pop ups, and I can access the web pages I couldn't go to when I was infected. I think I am ok now. Does it sound clear to you?
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
You can delete any logs we have produced and empty your recycle bin.
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
BlackMachineVii
2008-10-29, 00:28
So far these programs you recommended are very good. I have ran a check with SpyBot, and no Viruses/Malware/Trojans found on my computer. I have no problems accessing any web pages, or getting any pop ups are unwanted ads.
Thank you for your help. I plan on doing this same method on my Desktop (If the Trojan is still on my Desktop that is). Thanks again
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.