Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
red background privacy in danger red background privacy in danger
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 06-12-2008, 04:26 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


red background privacy in danger
Hello,

i had a virus on my computer an after ranning anti-spyware most of the crap was gone, only a red background saying "your privacy is in danger" won't get away.

I found this topic were a solution was suggested

file:///C:\\WINDOWS\\privacy_danger\\index.htm

but it is not possible to answer to the topic anymore

I attached the requested files and hope someone can help me?

kind regards

Tim
Attached Files
File Type: txt extra.txt (23.4 KB, 0 views)
File Type: txt main.txt (24.9 KB, 2 views)
timmeuh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-13-2008, 03:27 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
this is the main.txt


Deckard's System Scanner v20071014.68
Run by Tim on 2008-06-12 12:58:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 10:58:41 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-11 20:28:34 UTC - RP4 - Software Distribution Service 3.0
3: 2008-06-11 17:07:36 UTC - RP3 - Removed Ad-Aware 2007
2: 2008-06-11 15:51:44 UTC - RP2 - Installed Ad-Aware 2007
1: 2008-06-10 13:43:44 UTC - RP1 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tim\Bureaublad\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: rtsplgob - {0939FF27-A717-4F67-96B5-555F9510F17F} - C:\WINDOWS\rtsplgob.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: xkefqtgs - {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8633 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 13:00:38 0 d-------- C:\Program Files\Trend Micro
2008-06-11 19:42:15 0 d--h----- C:\WINDOWS\PIF
2008-06-11 17:51:45 0 d-------- C:\Program Files\Lavasoft
2008-06-11 10:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 08:53:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 15:00:01 68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 15:00:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 15:00:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 15:00:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 15:00:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 15:00:01 98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 15:00:01 80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 15:00:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 10:40:20 0 d-------- C:\Program Files\ColorUtility
2008-06-10 09:33:44 0 d-------- C:\Program Files\Alwil Software
2008-06-10 08:55:31 0 d-------- C:\Documents and Settings\Tim\Application Data\TmpRecentIcons
2008-06-10 08:55:22 200704 -----n--- C:\WINDOWS\d
2008-06-08 17:33:17 0 d-------- C:\WINDOWS\ShellNew
2008-06-08 17:33:05 0 d-------- C:\Documents and Settings\Tim\Application Data\Microsoft Web Folders
2008-06-08 16:37:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 16:29:13 0 d-------- C:\Program Files\Drivers
2008-06-08 14:18:17 0 d-------- C:\Documents and Settings\Tim\Application Data\LimeWire
2008-06-08 11:40:08 0 d-------- C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-06-08 11:39:58 0 d-------- C:\Program Files\iPod
2008-06-08 11:39:54 0 d-------- C:\Program Files\iTunes
2008-06-08 11:39:21 0 d-------- C:\Program Files\QuickTime
2008-06-08 11:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-08 11:38:40 0 d-------- C:\Program Files\Common Files\Apple
2008-06-08 11:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-08 10:28:31 0 d-------- C:\Program Files\SokkerOrganizer
2008-06-03 11:23:30 0 d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-06-03 11:22:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-03 10:34:42 0 dr-hs---- C:\autorun.inf
2008-06-02 17:13:54 0 d-------- C:\Program Files\AutoCAD Architecture 2008
2008-06-02 13:58:50 0 d-------- C:\Documents and Settings\Tim\Application Data\AdobeUM
2008-05-30 19:47:15 0 d-------- C:\Program Files\MSXML 6.0
2008-05-30 15:34:36 0 d-------- C:\Program Files\Chaos Group
2008-05-30 11:10:54 0 d-------- C:\Program Files\DWG TrueView 2007
2008-05-30 11:10:32 0 d-------- C:\Program Files\Microsoft WSE
2008-05-30 10:47:21 0 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-05-30 10:47:21 0 d-------- C:\Documents and Settings\Tim\Application Data\Autodesk
2008-05-30 10:47:21 0 d-------- C:\Civil 3D Project Templates
2008-05-30 10:36:35 0 d-------- C:\AUTOCAD
2008-05-29 22:24:47 0 d-------- C:\Program Files\MSXML 4.0
2008-05-29 22:11:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 17:48:43 0 d-------- C:\Program Files\LimeWire
2008-05-29 17:46:51 0 d-------- C:\WINDOWS\Sun
2008-05-29 17:46:51 0 d-------- C:\Documents and Settings\Tim\Application Data\Sun
2008-05-29 17:45:59 0 d-------- C:\Program Files\Java
2008-05-29 17:44:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-29 16:49:22 0 d-------- C:\Documents and Settings\Tim\Application Data\vlc
2008-05-29 16:46:41 0 d-------- C:\Program Files\VideoLAN
2008-05-29 16:40:25 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 16:40:04 0 d-------- C:\Program Files\Windows Live
2008-05-29 16:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-29 16:35:20 0 d-------- C:\Program Files\Common Files\ChaosGroup
2008-05-29 16:34:56 0 d-------- C:\Documents and Settings\Tim\Application Data\WinRAR
2008-05-29 16:33:52 0 d-------- C:\autodesk
2008-05-29 16:33:12 0 d-------- C:\Program Files\Autodesk Student Community Download Tool
2008-05-29 16:28:15 0 d-------- C:\Documents and Settings\Tim\Application Data\Adobe
2008-05-29 16:26:58 0 d-------- C:\Documents and Settings\Tim\Contacts
2008-05-29 16:26:28 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-29 16:16:04 0 d-------- C:\Documents and Settings\Tim\Application Data\Google
2008-05-29 16:10:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-29 16:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-29 16:08:42 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-29 16:08:42 0 d-------- C:\Program Files\Google
2008-05-29 16:08:34 0 d-------- C:\WINDOWS\system32\nl-nl
2008-05-29 16:05:15 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-29 16:05:15 0 d-------- C:\Program Files\Autodesk
2008-05-29 16:02:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-29 15:55:05 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-29 15:55:03 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 17:00:00 0 d-------- C:\Documents and Settings\Tim\Application Data\Macromedia
2008-05-28 14:15:21 0 d-------- C:\Documents and Settings\NetworkService\Menu Start
2008-05-28 14:15:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-28 14:00:47 0 d-------- C:\AcerBKTemp
2008-05-28 13:58:34 0 d-------- C:\WINDOWS\system32\autorun
2008-05-28 13:32:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-28 13:31:07 245760 --a------ C:\WINDOWS\system32\Check.exe <Not Verified; acer Inc.; OBRCheck>
2008-05-28 13:31:05 0 d-------- C:\Program Files\acer
2008-05-28 13:30:45 0 d-------- C:\Program Files\Launch Manager
2008-05-28 13:30:44 147456 --a------ C:\WINDOWS\UNINST32.EXE <Not Verified; Dritek System Inc.; Dritek System Inc. Uninstall Application>
2008-05-28 13:30:44 49152 --a------ C:\WINDOWS\system32\QtBtLib.dll <Not Verified; Dritek System Inc.; Dritek System Inc. QtBtLib.DLL>
2008-05-28 13:30:44 16896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
2008-05-28 13:28:23 17119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
2008-05-28 13:28:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 13:28:05 0 d-------- C:\Program Files\WinPCap
2008-05-28 13:27:19 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2008-05-28 13:27:19 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2008-05-28 13:27:19 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2008-05-28 13:27:19 0 d-------- C:\Acer
2008-05-28 13:26:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Sjablonen
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\SendTo
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\Onlangs geopend
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Netwerkprinteromgeving
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\NetHood
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Mijn documenten
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Menu Start
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Local Settings
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Favorieten
2008-05-28 13:26:14 0 d--hs---- C:\Documents and Settings\Tim\Cookies
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Bureaublad
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Application Data
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Application Data\Identities
2008-05-28 13:26:13 4718592 --ah----- C:\Documents and Settings\Tim\NTUSER.DAT
2008-05-28 13:25:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-05-28 13:25:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities


-- Find3M Report ---------------------------------------------------------------

2008-06-11 22:29:26 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-11 10:35:58 457684 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-11 10:35:58 77946 --a------ C:\WINDOWS\system32\perfc013.dat
2008-05-28 12:41:04 471 --a------ C:\WINDOWS\CLEANUP.CMD
2008-05-28 12:41:02 797 --a------ C:\WINDOWS\HotFix.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/02/2005 19:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/02/2005 19:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 23:43]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/02/2005 21:05]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [28/03/2005 18:04]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [24/03/2005 09:13]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28/03/2005 12:20]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23/03/2005 10:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"wsctf.exe"="wsctf.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1379fd8-2cc5-11dd-b4cc-00c09fb72d20}]
AutoRun\command- F:\EXPLORER.EXE
explore\Command- F:\EXPLORER.EXE
open\Command- F:\EXPLORER.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-12 13:01:22 ------------
timmeuh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-14-2008, 08:08 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
is it normal that there is nowboddy that help me? or is there something wrong with my post?
timmeuh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-15-2008, 05:21 AM   #4 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
hello!! is this a forum or what??
timmeuh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-15-2008, 05:37 AM   #5 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Re: red background privacy in danger
Chill out man......there were over 1500 posts in the last 24 hrs, considering you're a brand new member, I don't think that qualifies you for express service.

Run your spyware scans in Safe Mode....

One of the HJT techs will be with you.....patience.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-15-2008, 07:25 AM   #6 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
ok

sorry for not being patient but it drives my crazy, i really tried everything

i will wait a little bit longer
timmeuh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-19-2008, 12:52 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,379
OS: 2000 Pro; XP Pro; XP Home


Re: red background privacy in danger
As CTSNKY has stated, this forum is incredibly busy. It's staffed by volunteers with real lives and jobs, and there are simply more of you than there are of us. Some threads go unattended.

Malware analysis and removal is no easy task. It can take quite a while to examine a set of logs and determine the proper course of action.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"C:\Documents and Settings\Tim\Bureaublad\dss.exe" /config
Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

---------------------------------------------------------------------------------------------

Thank you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-19-2008, 01:49 PM   #8 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
thanks for your reply!

here are the files



the main.txt:


Deckard's System Scanner v20071014.68
Run by Tim on 2008-06-19 22:43:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-06-19 20:43:14 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-06-19 19:49:43 UTC - RP13 - Shockwave Player
12: 2008-06-19 19:48:58 UTC - RP12 - Shockwave Player
11: 2008-06-19 19:48:19 UTC - RP11 -
10: 2008-06-19 19:44:08 UTC - RP10 - Controlepunt van systeem


-- First Restore Point --
1: 2008-06-10 13:43:44 UTC - RP1 - Controlepunt van systeem


Performed disk cleanup.



-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Tim\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: rtsplgob - {0939FF27-A717-4F67-96B5-555F9510F17F} - C:\WINDOWS\rtsplgob.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: xkefqtgs - {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8875 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1864)
2004-08-27 16:42:36 49152 --a------ C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll <Not Verified; CyberLink Corp.; Cyberlink PowerCinema 3.0>


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 21:48:19 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-12 13:00:38 0 d-------- C:\Program Files\Trend Micro
2008-06-11 19:42:15 0 d--h----- C:\WINDOWS\PIF
2008-06-11 17:51:45 0 d-------- C:\Program Files\Lavasoft
2008-06-11 10:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 08:53:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 15:00:01 68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 15:00:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 15:00:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 15:00:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 15:00:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 15:00:01 98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 15:00:01 80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 15:00:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 10:40:20 0 d-------- C:\Program Files\ColorUtility
2008-06-10 09:33:44 0 d-------- C:\Program Files\Alwil Software
2008-06-10 08:55:31 0 d-------- C:\Documents and Settings\Tim\Application Data\TmpRecentIcons
2008-06-10 08:55:22 200704 -----n--- C:\WINDOWS\d
2008-06-08 17:33:17 0 d-------- C:\WINDOWS\ShellNew
2008-06-08 17:33:05 0 d-------- C:\Documents and Settings\Tim\Application Data\Microsoft Web Folders
2008-06-08 16:37:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 16:29:13 0 d-------- C:\Program Files\Drivers
2008-06-08 14:18:17 0 d-------- C:\Documents and Settings\Tim\Application Data\LimeWire
2008-06-08 11:40:08 0 d-------- C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-06-08 11:39:58 0 d-------- C:\Program Files\iPod
2008-06-08 11:39:54 0 d-------- C:\Program Files\iTunes
2008-06-08 11:39:21 0 d-------- C:\Program Files\QuickTime
2008-06-08 11:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-08 11:38:40 0 d-------- C:\Program Files\Common Files\Apple
2008-06-08 11:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-08 10:28:31 0 d-------- C:\Program Files\SokkerOrganizer
2008-06-03 11:23:30 0 d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-06-03 11:22:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-03 10:34:42 0 dr-hs---- C:\autorun.inf
2008-06-02 17:13:54 0 d-------- C:\Program Files\AutoCAD Architecture 2008
2008-06-02 13:58:50 0 d-------- C:\Documents and Settings\Tim\Application Data\AdobeUM
2008-05-30 19:47:15 0 d-------- C:\Program Files\MSXML 6.0
2008-05-30 15:34:36 0 d-------- C:\Program Files\Chaos Group
2008-05-30 11:10:54 0 d-------- C:\Program Files\DWG TrueView 2007
2008-05-30 11:10:32 0 d-------- C:\Program Files\Microsoft WSE
2008-05-30 10:47:21 0 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-05-30 10:47:21 0 d-------- C:\Documents and Settings\Tim\Application Data\Autodesk
2008-05-30 10:47:21 0 d-------- C:\Civil 3D Project Templates
2008-05-30 10:36:35 0 d-------- C:\AUTOCAD
2008-05-29 22:24:47 0 d-------- C:\Program Files\MSXML 4.0
2008-05-29 22:11:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 17:48:43 0 d-------- C:\Program Files\LimeWire
2008-05-29 17:46:51 0 d-------- C:\WINDOWS\Sun
2008-05-29 17:46:51 0 d-------- C:\Documents and Settings\Tim\Application Data\Sun
2008-05-29 17:45:59 0 d-------- C:\Program Files\Java
2008-05-29 17:44:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-29 16:49:22 0 d-------- C:\Documents and Settings\Tim\Application Data\vlc
2008-05-29 16:46:41 0 d-------- C:\Program Files\VideoLAN
2008-05-29 16:40:25 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 16:40:04 0 d-------- C:\Program Files\Windows Live
2008-05-29 16:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-29 16:35:20 0 d-------- C:\Program Files\Common Files\ChaosGroup
2008-05-29 16:34:56 0 d-------- C:\Documents and Settings\Tim\Application Data\WinRAR
2008-05-29 16:33:52 0 d-------- C:\autodesk
2008-05-29 16:33:12 0 d-------- C:\Program Files\Autodesk Student Community Download Tool
2008-05-29 16:28:15 0 d-------- C:\Documents and Settings\Tim\Application Data\Adobe
2008-05-29 16:26:58 0 d-------- C:\Documents and Settings\Tim\Contacts
2008-05-29 16:26:28 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-29 16:16:04 0 d-------- C:\Documents and Settings\Tim\Application Data\Google
2008-05-29 16:10:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-29 16:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-29 16:08:42 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-29 16:08:42 0 d-------- C:\Program Files\Google
2008-05-29 16:08:34 0 d-------- C:\WINDOWS\system32\nl-nl
2008-05-29 16:05:15 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-29 16:05:15 0 d-------- C:\Program Files\Autodesk
2008-05-29 16:02:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-29 15:55:05 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-29 15:55:03 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 17:00:00 0 d-------- C:\Documents and Settings\Tim\Application Data\Macromedia
2008-05-28 14:15:21 0 d-------- C:\Documents and Settings\NetworkService\Menu Start
2008-05-28 14:15:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-28 14:00:47 0 d-------- C:\AcerBKTemp
2008-05-28 13:58:34 0 d-------- C:\WINDOWS\system32\autorun
2008-05-28 13:32:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-28 13:31:07 245760 --a------ C:\WINDOWS\system32\Check.exe <Not Verified; acer Inc.; OBRCheck>
2008-05-28 13:31:05 0 d-------- C:\Program Files\acer
2008-05-28 13:30:45 0 d-------- C:\Program Files\Launch Manager
2008-05-28 13:30:44 147456 --a------ C:\WINDOWS\UNINST32.EXE <Not Verified; Dritek System Inc.; Dritek System Inc. Uninstall Application>
2008-05-28 13:30:44 49152 --a------ C:\WINDOWS\system32\QtBtLib.dll <Not Verified; Dritek System Inc.; Dritek System Inc. QtBtLib.DLL>
2008-05-28 13:30:44 16896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
2008-05-28 13:28:23 17119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
2008-05-28 13:28:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 13:28:05 0 d-------- C:\Program Files\WinPCap
2008-05-28 13:27:19 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2008-05-28 13:27:19 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2008-05-28 13:27:19 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2008-05-28 13:27:19 0 d-------- C:\Acer
2008-05-28 13:26:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Sjablonen
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\SendTo
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\Onlangs geopend
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Netwerkprinteromgeving
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\NetHood
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Mijn documenten
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Menu Start
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Local Settings
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Favorieten
2008-05-28 13:26:14 0 d--hs---- C:\Documents and Settings\Tim\Cookies
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Bureaublad
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Application Data
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Application Data\Identities
2008-05-28 13:26:13 4980736 --ah----- C:\Documents and Settings\Tim\NTUSER.DAT
2008-05-28 13:25:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-05-28 13:25:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities


-- Find3M Report ---------------------------------------------------------------

2008-06-18 23:37:22 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-11 10:35:58 457684 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-11 10:35:58 77946 --a------ C:\WINDOWS\system32\perfc013.dat
2008-05-28 12:41:04 471 --a------ C:\WINDOWS\CLEANUP.CMD
2008-05-28 12:41:02 797 --a------ C:\WINDOWS\HotFix.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/02/2005 19:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/02/2005 19:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 23:43]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/02/2005 21:05]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [28/03/2005 18:04]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [24/03/2005 09:13]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28/03/2005 12:20]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23/03/2005 10:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"wsctf.exe"="wsctf.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7da30ffa-2d87-11dd-b4cd-00c09fb72d20}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9218a6c6-3d7b-11dd-b4f4-00c09fb72d20}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1379fd8-2cc5-11dd-b4cc-00c09fb72d20}]
AutoRun\command- F:\EXPLORER.EXE
explore\Command- F:\EXPLORER.EXE
open\Command- F:\EXPLORER.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-19 22:44:19 ------------









and the extra.txt



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1022.05 MiB / 542.81 MiB
Pagefile Memory (total/avail): 2459.66 MiB / 2027.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.71 MiB

C: is Fixed (FAT32) - 44.99 GiB total, 15.44 GiB free.
D: is Fixed (FAT32) - 45.21 GiB total, 45.17 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9100824A - 93.16 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Unknown - 45 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 45.22 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.8.1201 [VPS 080619-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R9 for x86\\vrlserver.exe"="C:\\Program Files\\Chaos Group\\V-Ray\\3dsmax R9 for x86\\vrlserver.exe:*:Enabled:VRLServer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tim\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELTOURTIM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tim
LOGONSERVER=\\DELTOURTIM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\Autodesk\Backburner;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\DWG TrueView;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\Autodesk\Backburner;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\DWG TrueView;C:\Program Files\QuickTime\QTSystem;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tim\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tim\LOCALS~1\Temp
USERDOMAIN=DELTOURTIM
USERNAME=Tim
USERPROFILE=C:\Documents and Settings\Tim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tim (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer eNetManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x13
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=f:\software\adobe creative suite 2.0\adobe creative suite 2.0/lang=0413
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
ATI - Software-verwijderprogramma --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -c