i need help or else its the river for me

[kali498]

ok so my acer is acting wild, the hardrive icon is always on, the cpu usage is always at 10-20 percent usage so i open up task manager to see what was running and i don't really see anything other then the task manager it self and and system idle process...my notebook runs slow, freezes at times, i cant watch youtube or listen to itunes because i get a video skip or music skipping. basically i cannot enjoy my notebook like i once did and it bothers me every day i have to deal with this crap. below is my hijack log, maybe you can help me. my os is windows xp sp2.

Logfile of HijackThis v1.99.1
Scan saved at 2:57:32 AM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

[Billy O'Neal]

Hello, kali498
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER

1. Please download gmer.zip and save to your desktop.
   • alternate download site 1
   • alternate download site 2
2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
3. When you have done this, disconnect from the Internet and close all running programs.
   Note: There is a small chance this application may crash your computer so save any work you have open.
4. Double-click on Gmer.exe to start the program.
5. Allow the gmer.sys driver to load if asked.
6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
7. Click on "Settings", then check the first five settings:
   • System Protection and Tracing
   • Processes
   • Save created processes to the log
   • Drivers
   • Save loaded drivers to the log
8. You will be prompted to restart your computer. Please do so.
9. Run Gmer again and click on the Rootkit tab.
10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

[kali498]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/21/2008 11:52:23 AM
System Uptime: 11/25/2008 11:51:53 PM (39 hours ago)

Motherboard: Acer | | Garda-910
Processor: Intel(R) Celeron(R) M processor 1.60GHz | U1 | 1596/100mhz
BIOS: PhoenixBIOS 4.0 Release 6.1 | PTLTD - 6040000 | V1.06 | 5/22/2006 7:00:00 PM

==== Disk Partitions =========================

C: is FIXED (FAT32) - 17 GiB total, 3.998 GiB free.
D: is FIXED (FAT32) - 17 GiB total, 8.07 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Generic CardBus Controller
Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_006A1025&REV_01\4&AD1B67F&0&48F0
Manufacturer: Microsoft
Name: Generic CardBus Controller
PNP Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_006A1025&REV_01\4&AD1B67F&0&48F0
Service: pcmcia

==== System Restore Points ===================

RP12: 10/22/2008 8:39:07 PM - System Checkpoint
RP13: 10/25/2008 9:43:44 PM - Installed Windows Live Messenger
RP14: 10/26/2008 9:24:09 PM - Installed iTunes
RP15: 10/27/2008 6:03:02 PM - Spyware Doctor: Cleaning Threats
RP16: 10/28/2008 10:39:13 PM - System Checkpoint
RP17: 10/30/2008 9:46:27 PM - Installed Canon ScanGear Starter
RP18: 10/30/2008 9:47:43 PM - Installed PhotoStudio
RP19: 10/30/2008 9:49:08 PM - Installed OmniPage SE
RP20: 10/30/2008 10:12:32 PM - Installed PhotoStudio
RP21: 10/30/2008 10:13:01 PM - Installed PhotoStudio
RP22: 10/30/2008 10:13:14 PM - Installed PhotoStudio
RP23: 10/30/2008 11:33:06 PM - Installed Microsoft Office Professional Edition 2003
RP24: 11/1/2008 1:00:48 AM - Removed Adobe Reader 7.0
RP25: 11/1/2008 1:01:00 AM - Installed Adobe Reader 9.
RP26: 11/3/2008 1:53:00 AM - Spyware Doctor: Cleaning Threats
RP27: 11/9/2008 9:43:33 PM - System Checkpoint
RP28: 11/11/2008 12:17:12 AM - System Checkpoint
RP29: 11/12/2008 1:02:39 AM - System Checkpoint
RP30: 11/14/2008 1:47:40 AM - Spyware Doctor: Cleaning Threats
RP31: 11/14/2008 7:04:06 PM - Spyware Doctor: Cleaning Threats
RP32: 11/15/2008 6:05:23 PM - Spyware Doctor: Cleaning Threats
RP33: 11/16/2008 6:07:57 PM - Spyware Doctor: Cleaning Threats
RP34: 11/17/2008 6:04:25 PM - Spyware Doctor: Cleaning Threats
RP35: 11/18/2008 6:04:15 PM - Spyware Doctor: Cleaning Threats
RP36: 11/19/2008 9:01:59 PM - System Checkpoint
RP37: 11/21/2008 1:14:34 PM - System Checkpoint
RP38: 11/22/2008 3:46:04 PM - System Checkpoint
RP39: 11/23/2008 5:42:53 PM - System Checkpoint
RP40: 11/24/2008 8:24:51 PM - System Checkpoint
RP41: 11/26/2008 2:01:41 AM - System Checkpoint
RP42: 11/26/2008 8:33:28 PM - Installed Java(TM) 6 Update 10
RP43: 11/26/2008 8:36:12 PM - Installed Java Runtime Environment
RP44: 11/27/2008 3:24:15 AM - Spyware Doctor: Cleaning Threats

==== Installed Programs ======================

Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.26
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 5.0
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Bonjour
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CCleaner (remove only)
CinemaForge
Free 3GP Video Converter version 3.1
Free YouTube to Mp3 Converter version 3.1
Google Earth
Google Updater
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java(TM) 6 Update 10
Launch Manager V1.1.0.1
Microsoft Office Professional Edition 2003
Mozilla Firefox (3.0.4)
OmniPage SE 2.0
PDF Settings
QuickTime
Realtek AC'97 Audio
Soft Data Fax Modem with SmartCP
SoftV90 Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
Spyware Doctor 6.0
Switch Sound File Converter
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Windows XP (KB912945)
VLC media player 0.9.4
WavePad Sound Editor
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live Messenger
WinRAR archiver

==== Event Viewer Messages ===================

11/23/2008 12:00:46 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
11/22/2008 4:54:05 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
11/20/2008 2:47:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IKFileSec
11/24/2008 8:03:37 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0016CE3EA0FF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/26/2008 10:16:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 0016CE3EA0FF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[kali498]

DDS (Version 1.0) - FAT32x86
Run by acen at 14:47:20.56 on Thu 11/27/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.499 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\acen\My Documents\gmer.exe
C:\Documents and Settings\acen\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mDefault_Page_URL = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [OPSE reminder] "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.exe" -r "c:\program files\scansoft\omnipagese2.0\eregeng\ereg.ini"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 Hotkey;Hotkey;c:\windows\system32\drivers\Hotkey.sys [2008-10-21 9867]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2008-10-21 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2004-7-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2005-4-7 78208]
R2 int15.sys;int15.sys;\??\c:\acer\empowering technology\erecovery\int15.sys [2008-10-21 69632]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2008-10-21 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2008-10-21 4010]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2008-10-21 4392]
S1 mailKmd;mailKmd; []
S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys []

=============== Created Last 30 ================

2008-11-27 14:42 345 a------- c:\windows\gmer.ini
2008-11-26 20:35 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-26 20:35 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-24 09:16 <DIR> --d----- c:\docume~1\acen\applic~1\Move Networks
2008-11-20 00:32 <DIR> --d----- c:\windows\system32\LogFiles
2008-11-15 09:08 21,504 a------- c:\windows\system32\hidserv.dll
2008-11-15 09:08 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-11-15 09:08 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2008-11-15 09:08 14,848 a------- c:\windows\system32\dllcache\kbdhid.sys
2008-11-15 09:08 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-11-15 09:08 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys
2008-11-10 14:20 <DIR> --d----- c:\program files\NCH Software
2008-11-10 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-11-10 14:11 <DIR> --d----- c:\docume~1\acen\applic~1\NCH Swift Sound
2008-11-10 14:10 <DIR> --d----- c:\program files\NCH Swift Sound
2008-11-10 14:06 880,912 a------- c:\windows\WM8EUTIL.exe
2008-11-10 14:06 <DIR> --d----- c:\program files\CD to MP3 Freeware
2008-10-31 00:34 376 a------- c:\windows\ODBC.INI
2008-10-31 00:34 17,920 a------- c:\windows\system32\mdimon.dll
2008-10-31 00:33 <DIR> --d----- c:\windows\SHELLNEW
2008-10-31 00:33 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-10-30 22:55 <DIR> --d----- c:\docume~1\acen\applic~1\Canon
2008-10-30 22:52 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-10-30 22:52 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-10-30 22:50 <DIR> --d----- c:\program files\Canon
2008-10-30 22:49 <DIR> --d----- c:\docume~1\acen\applic~1\ScanSoft
2008-10-30 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanWizard
2008-10-30 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SSScanAppDataDir
2008-10-30 22:49 532 a------- c:\windows\MAXLINK.INI
2008-10-30 22:49 <DIR> --d----- c:\program files\ScanSoft
2008-10-30 22:49 <DIR> --d----- c:\program files\common files\ScanSoft Shared
2008-10-30 22:47 212,480 a------- c:\windows\PCDLIB32.DLL
2008-10-30 22:47 <DIR> --d----- c:\windows\Profiles
2008-10-30 22:46 <DIR> --d----- c:\windows\system32\Adobe
2008-10-30 22:46 <DIR> --d----- c:\docume~1\acen\applic~1\InterTrust
2008-10-30 22:46 352,256 a------- c:\windows\system32\CNQL1213.DLL
2008-10-30 22:46 57,344 a------- c:\windows\system32\CNQU110.DLL
2008-10-30 22:46 <DIR> --d-h--- C:\CanoScan

==================== Find3M ====================

2008-10-26 21:31 <DIR> --d----- c:\program files\CinemaForge
2008-10-26 21:29 <DIR> --d----- c:\program files\DVDVideoSoft
2008-10-26 21:29 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2008-10-26 21:24 <DIR> --d----- c:\program files\iPod
2008-10-26 21:24 <DIR> --d----- c:\program files\iTunes
2008-10-26 21:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 22:43 <DIR> --d----- c:\program files\MSN Messenger
2008-10-23 21:35 <DIR> --d----- c:\docume~1\acen\applic~1\vlc
2008-10-23 21:34 <DIR> --d----- c:\program files\VideoLAN
2008-10-21 13:37 <DIR> --d----- c:\program files\Spyware Doctor
2008-10-21 13:37 <DIR> --d----- c:\docume~1\acen\applic~1\PC Tools
2008-10-21 12:22 <DIR> --d----- c:\program files\Bonjour
2008-10-21 12:17 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-10-21 12:06 <DIR> --d----- c:\program files\CCleaner
2008-10-21 11:59 <DIR> --d----- c:\docume~1\acen\applic~1\Acer
2008-10-21 11:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Acer
2008-10-21 11:55 <DIR> --d----- c:\program files\Launch Manager
2006-04-29 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec

============= FINISH: 14:47:45.87 ===============

[kali498]

2008-11-27 14:57:42 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2008-11-27 14:57:42 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2008-11-27 14:57:42 gmer.sys System [4]: CreateProcess C:\WINDOWS\SYSTEM32\SMSS.EXE
2008-11-27 14:57:42 gmer.sys SMSS.EXE [488]: CreateProcess C:\WINDOWS\SYSTEM32\AUTOCHK.EXE
2008-11-27 14:57:42 gmer.sys AUTOCHK.EXE [512]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Fastfat
2008-11-27 14:57:46 gmer.sys SMSS.EXE [488]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2008-11-27 14:57:59 gmer.sys SMSS.EXE [488]: CreateProcess C:\WINDOWS\SYSTEM32\CSRSS.EXE
2008-11-27 14:57:59 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\ialmrnt5.dll
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\ialmdnt5.dll
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\vga.dll
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\ialmrnt5.dll
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\ialmdev5.DLL
2008-11-27 14:58:00 gmer.sys CSRSS.EXE [544]: LoadDriver \SystemRoot\System32\ialmdd5.DLL
2008-11-27 14:59:45 gmer.sys System [4]: LoadDriver system32\DRIVERS\ipnat.sys
2008-11-27 14:59:45 gmer.sys System [4]: LoadDriver system32\DRIVERS\wanarp.sys
2008-11-27 14:59:45 gmer.sys System [4]: CreateProcess C:\WINDOWS\SYSTEM32\SMSS.EXE
2008-11-27 14:59:45 gmer.sys SMSS.EXE [480]: CreateProcess C:\WINDOWS\SYSTEM32\AUTOCHK.EXE
2008-11-27 14:59:45 gmer.sys AUTOCHK.EXE [504]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Fastfat
2008-11-27 14:59:48 gmer.sys SMSS.EXE [480]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Cdfs
2008-11-27 15:00:02 gmer.sys SMSS.EXE [480]: CreateProcess C:\WINDOWS\SYSTEM32\CSRSS.EXE
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\drivers\dxg.sys
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\ialmrnt5.dll
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\ialmdnt5.dll
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\vga.dll
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\ialmrnt5.dll
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\ialmdev5.DLL
2008-11-27 15:00:02 gmer.sys CSRSS.EXE [536]: LoadDriver \SystemRoot\System32\ialmdd5.DLL
2008-11-27 15:00:02 gmer.sys SMSS.EXE [480]: CreateProcess C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2008-11-27 15:00:03 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\SYSTEM32\SERVICES.EXE
2008-11-27 15:00:03 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\SYSTEM32\LSASS.EXE
2008-11-27 15:00:03 gmer.sys CSRSS.EXE [560]: LoadDriver \SystemRoot\System32\ATMFD.DLL
2008-11-27 15:00:03 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:04 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:04 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:04 gmer.sys SERVICES.EXE [604]: LoadDriver system32\DRIVERS\ndisuio.sys
2008-11-27 15:00:04 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:05 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:05 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\SYSTEM32\LOGONUI.EXE
2008-11-27 15:00:08 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
2008-11-27 15:00:09 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\SYSTEM32\USERINIT.EXE
2008-11-27 15:00:09 gmer.sys USERINIT.EXE [1428]: CreateProcess C:\WINDOWS\EXPLORER.EXE
2008-11-27 15:00:09 gmer.sys SVCHOST.EXE [916]: LoadDriver system32\DRIVERS\rdbss.sys
2008-11-27 15:00:09 gmer.sys SVCHOST.EXE [916]: LoadDriver system32\DRIVERS\mrxsmb.sys
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\RUNXMLPL.EXE
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE
2008-11-27 15:00:12 gmer.sys RUNXMLPL.EXE [1672]: CreateProcess C:\WINDOWS\XMLAUNCH.EXE
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE
2008-11-27 15:00:12 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\SYSTEM32\HKCMD.EXE
2008-11-27 15:00:13 gmer.sys RUNXMLPL.EXE [1672]: CreateProcess C:\WINDOWS\XMLAUNCH.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
2008-11-27 15:00:13 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
2008-11-27 15:00:13 gmer.sys RUNXMLPL.EXE [1672]: CreateProcess C:\WINDOWS\LAUNAPP.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\LAUNCH MANAGER\LAUNCHAP.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\LAUNCH MANAGER\HOTKEYAPP.EXE
2008-11-27 15:00:13 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\LAUNCH MANAGER\CTRLVOL.EXE
2008-11-27 15:00:14 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\LAUNCH MANAGER\OSDCTRL.EXE
2008-11-27 15:00:14 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\LAUNCH MANAGER\WBUTTON.EXE
2008-11-27 15:00:14 gmer.sys SYNTPENH.EXE [1768]: CreateProcess C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
2008-11-27 15:00:14 gmer.sys CSRSS.EXE [1776]: LoadDriver \SystemRoot\System32\vga.dll
2008-11-27 15:00:14 gmer.sys CSRSS.EXE [1776]: LoadDriver \SystemRoot\System32\vga.dll
2008-11-27 15:00:14 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\EPM-DM.EXE
2008-11-27 15:00:14 gmer.sys CSRSS.EXE [1776]: LoadDriver \SystemRoot\System32\vga.dll
2008-11-27 15:00:14 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\ACER EPOWER MANAGEMENT.EXE
2008-11-27 15:00:14 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\MONITOR.EXE
2008-11-27 15:00:15 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\ADMTRAY.EXE
2008-11-27 15:00:15 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
2008-11-27 15:00:15 gmer.sys SERVICES.EXE [604]: LoadDriver system32\DRIVERS\mrxdav.sys
2008-11-27 15:00:15 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
2008-11-27 15:00:15 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
2008-11-27 15:00:16 gmer.sys SERVICES.EXE [604]: LoadDriver \Registry\Machine\System\CurrentControlSet\Services\Serial
2008-11-27 15:00:16 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
2008-11-27 15:00:16 gmer.sys SERVICES.EXE [604]: CreateProcess C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
2008-11-27 15:00:16 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\EREGENG\EREG.EXE
2008-11-27 15:00:16 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\PROGRAM FILES\ADOBE\READER 9.0\READER\READER_SL.EXE
2008-11-27 15:00:17 gmer.sys SERVICES.EXE [604]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
2008-11-27 15:00:17 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE
2008-11-27 15:00:17 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Program Files\Java\jre6\bin\jusched.exe
2008-11-27 15:00:18 gmer.sys EDSLOADER.EXE [2032]: CreateProcess C:\WINDOWS\SYSTEM32\REGSVR32.EXE
2008-11-27 15:00:19 gmer.sys EDSLOADER.EXE [2032]: CreateProcess C:\WINDOWS\SYSTEM32\REGSVR32.EXE
2008-11-27 15:00:19 gmer.sys EDSLOADER.EXE [2032]: CreateProcess C:\WINDOWS\EXPLORER.EXE
2008-11-27 15:00:20 gmer.sys EDSLOADER.EXE [2032]: CreateProcess C:\WINDOWS\SYSTEM32\REGSVR32.EXE
2008-11-27 15:00:24 gmer.sys SERVICES.EXE [604]: CreateProcess C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
2008-11-27 15:00:24 gmer.sys SERVICES.EXE [604]: LoadDriver \??\C:\WINDOWS\system32\drivers\epm-psd.sys
2008-11-27 15:00:24 gmer.sys SERVICES.EXE [604]: LoadDriver \??\C:\WINDOWS\system32\drivers\epm-shd.sys
2008-11-27 15:00:24 gmer.sys SERVICES.EXE [604]: CreateProcess C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
2008-11-27 15:00:24 gmer.sys SERVICES.EXE [604]: CreateProcess C:\Program Files\Java\jre6\bin\jqs.exe
2008-11-27 15:00:28 gmer.sys SERVICES.EXE [604]: LoadDriver system32\DRIVERS\mdmxsdk.sys
2008-11-27 15:00:28 gmer.sys SERVICES.EXE [604]: LoadDriver \??\C:\WINDOWS\system32\drivers\osaio.sys
2008-11-27 15:00:28 gmer.sys SVCHOST.EXE [916]: LoadDriver system32\DRIVERS\srv.sys
2008-11-27 15:00:29 gmer.sys SERVICES.EXE [604]: LoadDriver \??\C:\WINDOWS\system32\drivers\osanbm.sys
2008-11-27 15:00:29 gmer.sys SERVICES.EXE [604]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
2008-11-27 15:00:35 gmer.sys SERVICES.EXE [604]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
2008-11-27 15:00:52 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:00:52 gmer.sys PCTSSVC.EXE [1560]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
2008-11-27 15:01:04 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\system32\fxssvc.exe
2008-11-27 15:01:16 gmer.sys SVCHOST.EXE [916]: LoadDriver system32\DRIVERS\ipnat.sys
2008-11-27 15:01:30 gmer.sys PCTSSVC.EXE [1560]: LoadDriver \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
2008-11-27 15:02:00 gmer.sys SVCHOST.EXE [916]: CreateProcess C:\WINDOWS\system32\wuauclt.exe
2008-11-27 15:02:16 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\system32\imapi.exe
2008-11-27 15:02:23 gmer.sys PCTSSVC.EXE [1560]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
2008-11-27 15:02:27 gmer.sys SERVICES.EXE [604]: CreateProcess C:\Program Files\iPod\bin\iPodService.exe
2008-11-27 15:02:32 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2008-11-27 15:02:33 gmer.sys SERVICES.EXE [604]: LoadDriver System32\Drivers\NdisFilt.sys
2008-11-27 15:02:33 gmer.sys SERVICES.EXE [604]: LoadDriver System32\Drivers\HTTP.sys
2008-11-27 15:02:33 gmer.sys SVCHOST.EXE [916]: CreateProcess C:\WINDOWS\system32\wscntfy.exe
2008-11-27 15:02:34 gmer.sys SERVICES.EXE [604]: LoadDriver \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
2008-11-27 15:02:39 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2008-11-27 15:02:40 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\System32\alg.exe
2008-11-27 15:03:32 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2008-11-27 15:03:34 gmer.sys SERVICES.EXE [604]: CreateProcess C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2008-11-27 15:03:50 gmer.sys firefox.exe [2864]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2008-11-27 15:04:55 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Documents and Settings\acen\My Documents\gmer.exe
2008-11-27 15:05:00 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\WINDOWS\system32\NOTEPAD.EXE
2008-11-27 15:05:19 gmer.sys jusched.exe [388]: CreateProcess C:\Program Files\Java\jre6\bin\java.exe
2008-11-27 1548 gmer.sys PCTSTRAY.EXE [160]: CreateProcess C:\Program Files\Spyware Doctor\sdloader.exe
2008-11-27 1551 gmer.sys sdloader.exe [3992]: CreateProcess C:\Program Files\Spyware Doctor\pctsGui.exe
2008-11-27 1554 gmer.sys sdloader.exe [3992]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
2008-11-27 15:07:03 gmer.sys sdloader.exe [3992]: CreateProcess C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
2008-11-27 15:07:05 gmer.sys sdloader.exe [3992]: CreateProcess C:\Program Files\Spyware Doctor\drvctl.exe
2008-11-27 15:22:40 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\acer.SCR
2008-11-27 15:23:36 gmer.sys EPM-DM.EXE [1916]: CreateProcess C:\ACER\EMPOWERING TECHNOLOGY\EPOWER\ACER EPOWER MANAGEMENT.EXE
2008-11-27 15:36:21 gmer.sys WINLOGON.EXE [560]: CreateProcess C:\WINDOWS\acer.SCR
2008-11-27 15:41:41 gmer.sys SVCHOST.EXE [916]: CreateProcess C:\WINDOWS\system32\defrag.exe
2008-11-27 15:41:42 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\WINDOWS\system32\DfrgFat.exe
2008-11-27 15:47:27 gmer.sys SVCHOST.EXE [916]: CreateProcess C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
2008-11-27 15:47:41 gmer.sys SVCHOST.EXE [764]: CreateProcess C:\WINDOWS\system32\wbem\wmiprvse.exe
2008-11-27 19:26:05 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2008-11-27 19:26:23 gmer.sys firefox.exe [2840]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2008-11-27 19:28:11 gmer.sys GOOGLEUPDATERSE [880]: CreateProcess C:\Program Files\Google\Google Updater\GoogleUpdater.exe
2008-11-27 19:28:13 gmer.sys GoogleUpdater.e [1468]: CreateProcess C:\Program Files\Google\Google Updater\GoogleUpdater.exe
2008-11-27 19:31:05 GMER.EXE[3976]: ERROR Exception HookRemove: ZwCreateSection
2008-11-27 19:36:04 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Program Files\Mozilla Firefox\firefox.exe
2008-11-27 19:36:05 gmer.sys firefox.exe [1512]: CreateProcess C:\Program Files\Java\jre6\bin\jqsnotify.exe
2008-11-27 19:45:29 gmer.sys EXPLORER.EXE [1452]: CreateProcess C:\Documents and Settings\acen\My Documents\gmer.exe

[Billy O'Neal]

Hello, kali498
I don't see any malware in there. Are you still having problems?

I would like us to use ESET (NOD32)'s Online Scanner

1. Please go to ESET OnlineScan (NOD32)
2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
3. Now click Start
4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
5. Click Start
   • Note: (the Onlinescanner will now prepare itself for running on your pc)
6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
7. Press Scan
8. The Onlinescan will now start and scan your pc (this could take a while)
9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
11. The Scanresults will now open in Notepad
12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
13. Right-click again and chose "Copy" (or <Control>+C)
14. Close/Exit Notepad
15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:

• ESET OnlineScan's Log

Billy3

[Billy O'Neal]

Hello, kali498
Are you still here?

Billy3

[kali498]

yea i'm still here, after you told me that you didnt find anything i reinstalled my os, now its running ok but i know it will come back, once it does i will download the ESET (NOD32)'s Online Scanner. i hope you will still be around to help me then. thanx.

[Billy O'Neal]

Hello, kali498
Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Billy3