Windows System Restore Not Working

**pest79456** · #1 7th Mar 2009, 17:18

I have the system restore and try to run it and windows asks if I want to run it and such like always but when I click yes the pop up gos away like always but it won't run when I go to run it again it says its already running.

**evilfantasy** · #2 7th Mar 2009, 17:23

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

**pest79456** · #3 7th Mar 2009, 20:32

you mean this?

Logfile of random's system information tool 1.05 (written by random/random)
Run by Acer at 2009-03-07 19:13:31
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 5 GB (15%) free of 33 GB
Total RAM: 1013 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:15 PM, on 3/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Twain_32\CA561A\SnapDetect.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Windows\System32\rstrui.exe
C:\Users\Acer\Downloads\RSIT.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\MyTravelAccess Web Accelerator\components\NOWImaging.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TheLaptopLock] C:\Program Files\The LaptopLock\LaptopLock.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnapDetect.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10743 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{E3AAF5D3-6234-4CFF-BE95-EDFC19B38F65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{88618A96-6D8A-42E7-B932-9073D5B2080F}]
FlashCatchBHO Class - C:\Program Files\FlashCatch\flashcatch.dll [2008-12-10 1474792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}]
NOW!Imaging - C:\Program Files\MyTravelAccess Web Accelerator\components\NOWImaging.dll [2006-11-20 614400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{10CECF4F-A96E-4803-8AC2-F565FB29FF47} - FlashCatch - C:\Program Files\FlashCatch\flashcatch.dll [2008-12-10 1474792]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - C:\Program Files\NetZero\Toolbar.dll [2008-05-07 325120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-06-21 155648]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-05-24 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-05-24 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-05-24 138008]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-15 768520]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"eRecoveryService"= []
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"snpstd3"=C:\Windows\vsnpstd3.exe [2007-05-10 835584]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-04-21 270336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-14 39792]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"TheLaptopLock"=C:\Program Files\The LaptopLock\LaptopLock.exe [2007-02-01 397312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-04 148888]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"SlipStream"=C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe [2006-11-20 253952]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe [2005-02-16 221184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
SnapDetect.lnk - C:\Windows\Twain_32\CA561A\SnapDetect.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-21 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empo wering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSf su"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\ Empowering Technology\eDataSecurity\encryption.exe:*:Enabled: encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\ Empowering Technology\eDataSecurity\decryption.exe:*:Enabled: decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ae61f3a-a471-11dd-8508-001b38d3d803}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ae61f42-a471-11dd-8508-001b38d3d803}]
shell\AutoRun\command - K:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6777a25d-b90e-11dd-a0ee-001b38d3d803}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6777a25f-b90e-11dd-a0ee-001b38d3d803}]
shell\AutoRun\command - I:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e8624f2a-eddb-11dd-9843-001b38d3d803}]
shell\AutoRun\command - G:\umenu.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-03-07 18:13:43 ----D---- C:\Program Files\trend micro
2009-03-07 18:13:37 ----D---- C:\rsit
2009-03-05 19:26:20 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-05 19:25:22 ----D---- C:\Program Files\iPod
2009-03-05 19:25:15 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
2009-03-05 19:25:15 ----D---- C:\Program Files\iTunes
2009-03-05 19:21:11 ----D---- C:\Program Files\Common Files\Apple
2009-03-05 18:45:38 ----D---- C:\Program Files\QuickTime
2009-03-03 21:17:26 ----D---- C:\Program Files\NetZero
2009-03-03 21:17:23 ----D---- C:\ProgramData\NetZero
2009-03-03 21:17:14 ----D---- C:\NetZeroInstaller
2009-03-02 22:42:21 ----D---- C:\ProgramData\DVD Shrink
2009-03-02 22:42:17 ----D---- C:\Program Files\DVD Shrink
2009-03-02 03:34:00 ----D---- C:\Users\Acer\AppData\Roaming\Yahoo!
2009-03-02 03:34:00 ----D---- C:\ProgramData\Yahoo! Companion
2009-03-02 02:43:17 ----D---- C:\Users\Acer\AppData\Roaming\avidemux
2009-03-01 23:55:38 ----D---- C:\Program Files\Pure Motion
2009-03-01 23:55:36 ----D---- C:\Program Files\Sonic Foundry
2009-03-01 23:15:51 ----A---- C:\Windows\system32\wrap_oal.dll
2009-03-01 23:15:50 ----A---- C:\Windows\system32\OpenAL32.dll
2009-03-01 22:32:51 ----D---- C:\Program Files\CamStudio
2009-02-27 21:34:06 ----D---- C:\Program Files\andLinux
2009-02-26 21:48:49 ----D---- C:\ProgramData\InstallShield
2009-02-26 21:47:30 ----D---- C:\Users\Acer\AppData\Roaming\Nuance
2009-02-26 21:45:57 ----D---- C:\ProgramData\ScanSoft
2009-02-26 21:45:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-02-26 21:45:56 ----D---- C:\Program Files\Common Files\Nuance
2009-02-26 21:42:21 ----D---- C:\ProgramData\Nuance
2009-02-26 21:42:21 ----D---- C:\Program Files\Nuance
2009-02-26 20:07:15 ----A---- C:\rollback.ini
2009-02-23 00:34:03 ----D---- C:\Users\Acer\AppData\Roaming\MailFrontier
2009-02-23 00:02:32 ----D---- C:\ProgramData\Kaspersky SDK
2009-02-22 22:48:57 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-02-22 22:48:57 ----A---- C:\Windows\system32\netiougc.exe
2009-02-22 22:46:51 ----A---- C:\Windows\zllsputility.exe
2009-02-22 22:45:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-02-22 22:45:22 ----A---- C:\Windows\system32\zlcommdb.dll
2009-02-22 22:45:21 ----A---- C:\Windows\system32\zlcomm.dll
2009-02-22 22:45:07 ----A---- C:\Windows\system32\vswmi.dll
2009-02-22 22:44:57 ----A---- C:\Windows\system32\zpeng25.dll
2009-02-22 22:44:56 ----A---- C:\Windows\system32\vsxml.dll
2009-02-22 22:44:54 ----D---- C:\Program Files\Zone Labs
2009-02-22 22:44:54 ----A---- C:\Windows\system32\vspubapi.dll
2009-02-22 22:44:53 ----A---- C:\Windows\system32\vsmonapi.dll
2009-02-22 22:44:26 ----A---- C:\Windows\system32\vsdata.dll
2009-02-22 22:42:26 ----D---- C:\Windows\system32\ZoneLabs
2009-02-22 22:35:29 ----D---- C:\ProgramData\CheckPoint
2009-02-22 22:35:26 ----A---- C:\Windows\system32\vsutil.dll
2009-02-22 22:35:26 ----A---- C:\Windows\system32\vsinit.dll
2009-02-22 22:34:54 ----D---- C:\Windows\Internet Logs
2009-02-21 13:54:07 ----A---- C:\Windows\Tw561a.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ShowBmp.exe
2009-02-21 13:54:07 ----A---- C:\Windows\Setup8a.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ap561.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ap561.exe
2009-02-21 13:54:06 ----D---- C:\Windows\Setup2K
2009-02-17 10:20:06 ----D---- C:\ProgramData\TamoSoft
2009-02-17 05:48:28 ----D---- C:\Users\Acer\AppData\Roaming\SlipStream
2009-02-17 05:48:09 ----D---- C:\Program Files\MyTravelAccess Web Accelerator
2009-02-17 05:48:09 ----A---- C:\Windows\system32\sliprt.dll
2009-02-17 00:49:41 ----D---- C:\Program Files\Alarm
2009-02-16 23:47:57 ----D---- C:\Users\Acer\AppData\Roaming\Desktopicon
2009-02-16 23:47:55 ----D---- C:\Program Files\Unlocker
2009-02-16 23:24:48 ----A---- C:\Windows\ZSSnp211.exe
2009-02-16 23:24:47 ----A---- C:\Windows\Domino.exe
2009-02-16 23:24:34 ----D---- C:\Program Files\Vimicro
2009-02-14 22:50:58 ----D---- C:\Users\Acer\AppData\Roaming\.purple
2009-02-14 22:49:14 ----D---- C:\Program Files\Pidgin
2009-02-14 22:49:00 ----D---- C:\Program Files\Common Files\GTK
2009-02-09 19:44:05 ----A---- C:\Windows\system32\bszip.dll
2009-02-09 19:43:55 ----D---- C:\Program Files\Budget Dialup
2009-02-09 16:19:55 ----D---- C:\Users\Acer\AppData\Roaming\Smith Micro
2009-02-09 16:14:15 ----D---- C:\Program Files\Verizon Wireless
2009-02-09 16:12:02 ----D---- C:\Program Files\LG Drivers

======List of files/folders modified in the last 1 months======

2009-03-07 19:13:48 ----D---- C:\Windows\Temp
2009-03-07 19:07:58 ----D---- C:\Windows\Prefetch
2009-03-07 19:06:31 ----A---- C:\Windows\system32\rpcnetp.exe
2009-03-07 19:06:29 ----A---- C:\Windows\system32\rpcnet.dll
2009-03-07 18:13:43 ----RD---- C:\Program Files
2009-03-07 17:45:15 ----D---- C:\Windows
2009-03-07 16:44:10 ----A---- C:\Windows\system32\rpcnetp.dll
2009-03-07 16:43:48 ----D---- C:\Windows\system32\wbem
2009-03-07 16:42:43 ----D---- C:\Windows\system32\config
2009-03-07 16:42:33 ----D---- C:\Windows\Tasks
2009-03-07 16:42:33 ----D---- C:\Windows\System32
2009-03-07 16:42:32 ----D---- C:\Windows\system32\Tasks
2009-03-07 16:42:32 ----D---- C:\Windows\system32\spool
2009-03-07 16:42:32 ----D---- C:\Windows\system32\Msdtc
2009-03-07 16:42:32 ----D---- C:\Windows\system32\drivers
2009-03-07 16:42:32 ----D---- C:\Windows\system32\CodeIntegrity
2009-03-07 16:42:32 ----D---- C:\Windows\system32\catroot2
2009-03-07 16:42:32 ----D---- C:\Windows\system32\catroot
2009-03-07 16:42:32 ----D---- C:\Windows\inf
2009-03-07 16:42:31 ----D---- C:\Windows\registration
2009-03-07 16:31:43 ----SHD---- C:\System Volume Information
2009-03-05 22:29:29 ----D---- C:\Users\Acer\AppData\Roaming\dvdcss
2009-03-05 19:38:57 ----SHD---- C:\Windows\Installer
2009-03-05 19:38:03 ----D---- C:\Program Files\Safari
2009-03-05 19:26:18 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-05 19:25:15 ----HD---- C:\ProgramData
2009-03-05 19:25:15 ----D---- C:\ProgramData\Apple Computer
2009-03-05 19:24:15 ----D---- C:\Program Files\Bonjour
2009-03-05 19:21:11 ----D---- C:\Program Files\Common Files
2009-03-05 07:59:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-05 07:58:24 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 21:04:18 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-02 03:33:58 ----D---- C:\Program Files\Yahoo!
2009-03-02 03:29:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-02 03:23:20 ----D---- C:\Users\Acer\AppData\Roaming\vlc
2009-03-01 23:55:38 ----D---- C:\Program Files\Adobe
2009-03-01 20:02:36 ----D---- C:\MyWorks
2009-03-01 11:48:37 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2009-03-01 08:08:11 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2009-02-28 12:58:19 ----D---- C:\Windows\Debug
2009-02-27 21:51:07 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-26 21:48:36 ----D---- C:\Windows\winsxs
2009-02-26 21:48:00 ----D---- C:\Windows\Speech
2009-02-26 21:45:56 ----SD---- C:\Windows\Downloaded Program Files
2009-02-26 21:45:56 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-26 20:24:11 ----A---- C:\Windows\system32\rpcnet.exe
2009-02-23 00:46:17 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2009-02-22 23:59:41 ----D---- C:\Windows\system32\migration
2009-02-21 18:11:26 ----D---- C:\Program Files\WinTV
2009-02-21 13:54:07 ----D---- C:\Windows\twain_32
2009-02-17 10:42:08 ----D---- C:\Users\Acer\AppData\Roaming\U3
2009-02-16 13:04:13 ----D---- C:\Users\Acer\AppData\Roaming\gtk-2.0
2009-02-14 23:01:21 ----D---- C:\Program Files\MySpace
2009-02-09 16:56:25 ----D---- C:\Windows\ModemLogs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-12-11 148496]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-15 293528]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-29 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-13 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-21 1771008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-09 1792792]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-31 6144]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-08 1163616]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-28 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-28 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-28 29184]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-14 25280]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver; C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [2008-07-08 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC; C:\Windows\system32\DRIVERS\hcw72ATV.sys [2008-07-08 1198720]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM; C:\Windows\system32\DRIVERS\hcw72DTV.sys [2008-07-08 1191552]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2008-01-11 10398208]
S3 StkAMini;Syntek STK1160; C:\Windows\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; C:\Windows\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\ts_athw.sys [2008-12-25 1351008]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-06-21 257736]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-06-21 118464]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-06-21 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-05 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\System32\rpcnet.exe [2009-02-26 47104]
R2 StkASSrv;Syntek STK1160 Service; C:\Windows\System32\StkASv2K.exe [2006-05-23 24576]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-27 185640]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

**evilfantasy** · #4 7th Mar 2009, 21:24

I see it running in the HJT log. C:\Windows\System32\rstrui.exe

Use Task Manager to stop rstrui.exe then try to run it again.

**pest79456** · #5 7th Mar 2009, 21:39

Logfile of random's system information tool 1.05 (written by random/random)
Run by Acer at 2009-03-07 20:36:53
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 5 GB (15%) free of 33 GB
Total RAM: 1013 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:11 PM, on 3/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Twain_32\CA561A\SnapDetect.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Acer\Desktop\RSIT.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\MyTravelAccess Web Accelerator\components\NOWImaging.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TheLaptopLock] C:\Program Files\The LaptopLock\LaptopLock.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SnapDetect.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10787 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{E3AAF5D3-6234-4CFF-BE95-EDFC19B38F65}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{88618A96-6D8A-42E7-B932-9073D5B2080F}]
FlashCatchBHO Class - C:\Program Files\FlashCatch\flashcatch.dll [2008-12-10 1474792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}]
NOW!Imaging - C:\Program Files\MyTravelAccess Web Accelerator\components\NOWImaging.dll [2006-11-20 614400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{10CECF4F-A96E-4803-8AC2-F565FB29FF47} - FlashCatch - C:\Program Files\FlashCatch\flashcatch.dll [2008-12-10 1474792]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - C:\Program Files\NetZero\Toolbar.dll [2008-05-07 325120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-05 4669440]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-06-21 155648]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-05-24 142104]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-05-24 154392]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-05-24 138008]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-15 768520]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"eRecoveryService"= []
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744]
"snpstd3"=C:\Windows\vsnpstd3.exe [2007-05-10 835584]
"tsnpstd3"=C:\Windows\tsnpstd3.exe [2007-04-21 270336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-14 39792]
"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2008-08-21 267296]
"Skytel"=C:\Windows\Skytel.exe [2007-06-15 1826816]
"TheLaptopLock"=C:\Program Files\The LaptopLock\LaptopLock.exe [2007-02-01 397312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-04 148888]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"SlipStream"=C:\Program Files\MyTravelAccess Web Accelerator\slipcore.exe [2006-11-20 253952]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\IS USPM.exe [2005-02-16 221184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
SnapDetect.lnk - C:\Windows\Twain_32\CA561A\SnapDetect.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-05-21 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empo wering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSf su"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\ Empowering Technology\eDataSecurity\encryption.exe:*:Enabled: encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\ Empowering Technology\eDataSecurity\decryption.exe:*:Enabled: decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ae61f3a-a471-11dd-8508-001b38d3d803}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ae61f42-a471-11dd-8508-001b38d3d803}]
shell\AutoRun\command - K:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6777a25d-b90e-11dd-a0ee-001b38d3d803}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6777a25f-b90e-11dd-a0ee-001b38d3d803}]
shell\AutoRun\command - I:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e8624f2a-eddb-11dd-9843-001b38d3d803}]
shell\AutoRun\command - G:\umenu.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-03-07 18:13:43 ----D---- C:\Program Files\trend micro
2009-03-07 18:13:37 ----D---- C:\rsit
2009-03-05 19:26:20 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-05 19:25:22 ----D---- C:\Program Files\iPod
2009-03-05 19:25:15 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
2009-03-05 19:25:15 ----D---- C:\Program Files\iTunes
2009-03-05 19:21:11 ----D---- C:\Program Files\Common Files\Apple
2009-03-05 18:45:38 ----D---- C:\Program Files\QuickTime
2009-03-03 21:17:26 ----D---- C:\Program Files\NetZero
2009-03-03 21:17:23 ----D---- C:\ProgramData\NetZero
2009-03-03 21:17:14 ----D---- C:\NetZeroInstaller
2009-03-02 22:42:21 ----D---- C:\ProgramData\DVD Shrink
2009-03-02 22:42:17 ----D---- C:\Program Files\DVD Shrink
2009-03-02 03:34:00 ----D---- C:\Users\Acer\AppData\Roaming\Yahoo!
2009-03-02 03:34:00 ----D---- C:\ProgramData\Yahoo! Companion
2009-03-02 02:43:17 ----D---- C:\Users\Acer\AppData\Roaming\avidemux
2009-03-01 23:55:38 ----D---- C:\Program Files\Pure Motion
2009-03-01 23:55:36 ----D---- C:\Program Files\Sonic Foundry
2009-03-01 23:15:51 ----A---- C:\Windows\system32\wrap_oal.dll
2009-03-01 23:15:50 ----A---- C:\Windows\system32\OpenAL32.dll
2009-03-01 22:32:51 ----D---- C:\Program Files\CamStudio
2009-02-27 21:34:06 ----D---- C:\Program Files\andLinux
2009-02-26 21:48:49 ----D---- C:\ProgramData\InstallShield
2009-02-26 21:47:30 ----D---- C:\Users\Acer\AppData\Roaming\Nuance
2009-02-26 21:45:57 ----D---- C:\ProgramData\ScanSoft
2009-02-26 21:45:57 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-02-26 21:45:56 ----D---- C:\Program Files\Common Files\Nuance
2009-02-26 21:42:21 ----D---- C:\ProgramData\Nuance
2009-02-26 21:42:21 ----D---- C:\Program Files\Nuance
2009-02-26 20:07:15 ----A---- C:\rollback.ini
2009-02-23 00:34:03 ----D---- C:\Users\Acer\AppData\Roaming\MailFrontier
2009-02-23 00:02:32 ----D---- C:\ProgramData\Kaspersky SDK
2009-02-22 22:48:57 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-02-22 22:48:57 ----A---- C:\Windows\system32\netiougc.exe
2009-02-22 22:46:51 ----A---- C:\Windows\zllsputility.exe
2009-02-22 22:45:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-02-22 22:45:22 ----A---- C:\Windows\system32\zlcommdb.dll
2009-02-22 22:45:21 ----A---- C:\Windows\system32\zlcomm.dll
2009-02-22 22:45:07 ----A---- C:\Windows\system32\vswmi.dll
2009-02-22 22:44:57 ----A---- C:\Windows\system32\zpeng25.dll
2009-02-22 22:44:56 ----A---- C:\Windows\system32\vsxml.dll
2009-02-22 22:44:54 ----D---- C:\Program Files\Zone Labs
2009-02-22 22:44:54 ----A---- C:\Windows\system32\vspubapi.dll
2009-02-22 22:44:53 ----A---- C:\Windows\system32\vsmonapi.dll
2009-02-22 22:44:26 ----A---- C:\Windows\system32\vsdata.dll
2009-02-22 22:42:26 ----D---- C:\Windows\system32\ZoneLabs
2009-02-22 22:35:29 ----D---- C:\ProgramData\CheckPoint
2009-02-22 22:35:26 ----A---- C:\Windows\system32\vsutil.dll
2009-02-22 22:35:26 ----A---- C:\Windows\system32\vsinit.dll
2009-02-22 22:34:54 ----D---- C:\Windows\Internet Logs
2009-02-21 13:54:07 ----A---- C:\Windows\Tw561a.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ShowBmp.exe
2009-02-21 13:54:07 ----A---- C:\Windows\Setup8a.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ap561.ini
2009-02-21 13:54:07 ----A---- C:\Windows\ap561.exe
2009-02-21 13:54:06 ----D---- C:\Windows\Setup2K
2009-02-17 10:20:06 ----D---- C:\ProgramData\TamoSoft
2009-02-17 05:48:28 ----D---- C:\Users\Acer\AppData\Roaming\SlipStream
2009-02-17 05:48:09 ----D---- C:\Program Files\MyTravelAccess Web Accelerator
2009-02-17 05:48:09 ----A---- C:\Windows\system32\sliprt.dll
2009-02-17 00:49:41 ----D---- C:\Program Files\Alarm
2009-02-16 23:47:57 ----D---- C:\Users\Acer\AppData\Roaming\Desktopicon
2009-02-16 23:47:55 ----D---- C:\Program Files\Unlocker
2009-02-16 23:24:48 ----A---- C:\Windows\ZSSnp211.exe
2009-02-16 23:24:47 ----A---- C:\Windows\Domino.exe
2009-02-16 23:24:34 ----D---- C:\Program Files\Vimicro
2009-02-14 22:50:58 ----D---- C:\Users\Acer\AppData\Roaming\.purple
2009-02-14 22:49:14 ----D---- C:\Program Files\Pidgin
2009-02-14 22:49:00 ----D---- C:\Program Files\Common Files\GTK
2009-02-09 19:44:05 ----A---- C:\Windows\system32\bszip.dll
2009-02-09 19:43:55 ----D---- C:\Program Files\Budget Dialup
2009-02-09 16:19:55 ----D---- C:\Users\Acer\AppData\Roaming\Smith Micro
2009-02-09 16:14:15 ----D---- C:\Program Files\Verizon Wireless
2009-02-09 16:12:02 ----D---- C:\Program Files\LG Drivers

======List of files/folders modified in the last 1 months======

2009-03-07 20:37:07 ----D---- C:\Windows\Temp
2009-03-07 20:36:49 ----D---- C:\Windows\Prefetch
2009-03-07 19:12:48 ----SHD---- C:\System Volume Information
2009-03-07 19:06:31 ----A---- C:\Windows\system32\rpcnetp.exe
2009-03-07 19:06:29 ----A---- C:\Windows\system32\rpcnet.dll
2009-03-07 18:13:43 ----RD---- C:\Program Files
2009-03-07 17:45:15 ----D---- C:\Windows
2009-03-07 16:44:10 ----A---- C:\Windows\system32\rpcnetp.dll
2009-03-07 16:43:48 ----D---- C:\Windows\system32\wbem
2009-03-07 16:42:43 ----D---- C:\Windows\system32\config
2009-03-07 16:42:33 ----D---- C:\Windows\Tasks
2009-03-07 16:42:33 ----D---- C:\Windows\System32
2009-03-07 16:42:32 ----D---- C:\Windows\system32\Tasks
2009-03-07 16:42:32 ----D---- C:\Windows\system32\spool
2009-03-07 16:42:32 ----D---- C:\Windows\system32\Msdtc
2009-03-07 16:42:32 ----D---- C:\Windows\system32\drivers
2009-03-07 16:42:32 ----D---- C:\Windows\system32\CodeIntegrity
2009-03-07 16:42:32 ----D---- C:\Windows\system32\catroot2
2009-03-07 16:42:32 ----D---- C:\Windows\system32\catroot
2009-03-07 16:42:32 ----D---- C:\Windows\inf
2009-03-07 16:42:31 ----D---- C:\Windows\registration
2009-03-05 22:29:29 ----D---- C:\Users\Acer\AppData\Roaming\dvdcss
2009-03-05 19:38:57 ----SHD---- C:\Windows\Installer
2009-03-05 19:38:03 ----D---- C:\Program Files\Safari
2009-03-05 19:26:18 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-05 19:25:15 ----HD---- C:\ProgramData
2009-03-05 19:25:15 ----D---- C:\ProgramData\Apple Computer
2009-03-05 19:24:15 ----D---- C:\Program Files\Bonjour
2009-03-05 19:21:11 ----D---- C:\Program Files\Common Files
2009-03-05 07:59:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-05 07:58:24 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 21:04:18 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-02 03:33:58 ----D---- C:\Program Files\Yahoo!
2009-03-02 03:29:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-02 03:23:20 ----D---- C:\Users\Acer\AppData\Roaming\vlc
2009-03-01 23:55:38 ----D---- C:\Program Files\Adobe
2009-03-01 20:02:36 ----D---- C:\MyWorks
2009-03-01 11:48:37 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2009-03-01 08:08:11 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2009-02-28 12:58:19 ----D---- C:\Windows\Debug
2009-02-27 21:51:07 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-26 21:48:36 ----D---- C:\Windows\winsxs
2009-02-26 21:48:00 ----D---- C:\Windows\Speech
2009-02-26 21:45:56 ----SD---- C:\Windows\Downloaded Program Files
2009-02-26 21:45:56 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-26 20:24:11 ----A---- C:\Windows\system32\rpcnet.exe
2009-02-23 00:46:17 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2009-02-22 23:59:41 ----D---- C:\Windows\system32\migration
2009-02-21 18:11:26 ----D---- C:\Program Files\WinTV
2009-02-21 13:54:07 ----D---- C:\Windows\twain_32
2009-02-17 10:42:08 ----D---- C:\Users\Acer\AppData\Roaming\U3
2009-02-16 13:04:13 ----D---- C:\Users\Acer\AppData\Roaming\gtk-2.0
2009-02-14 23:01:21 ----D---- C:\Program Files\MySpace
2009-02-09 16:56:25 ----D---- C:\Windows\ModemLogs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-12-11 148496]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-15 293528]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-29 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-13 154624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-21 1771008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-09 1792792]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-07-31 6144]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-08 1163616]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-28 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-28 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-28 29184]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 CA561;EZCam III; C:\Windows\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-12-14 25280]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver; C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [2008-07-08 27904]
S3 hcw72ATV;WinTV HVR-950 NTSC; C:\Windows\system32\DRIVERS\hcw72ATV.sys [2008-07-08 1198720]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM; C:\Windows\system32\DRIVERS\hcw72DTV.sys [2008-07-08 1191552]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\Windows\system32\DRIVERS\snpstd3.sys [2008-01-11 10398208]
S3 StkAMini;Syntek STK1160; C:\Windows\System32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image; C:\Windows\System32\Drivers\StkScan.sys [2006-06-27 4772]
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\ts_athw.sys [2008-12-25 1351008]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2007-06-21 257736]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2007-06-21 118464]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2007-06-21 1076832]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-05 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\System32\rpcnet.exe [2009-02-26 47104]
R2 StkASSrv;Syntek STK1160 Service; C:\Windows\System32\StkASv2K.exe [2006-05-23 24576]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-27 185640]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-29 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

**pest79456** · #6 8th Mar 2009, 10:36

OK I ran it again now what?

**evilfantasy** · #7 8th Mar 2009, 12:01

I'm not real sure how System Restore works in Vista compared to XP but I'm sure it doesn't run in all of the time as seen in the HJT log.

Have you done any malware scans?

**pest79456** · #8 8th Mar 2009, 13:01

yeah none of turned up I thought of doing one with clam win

**evilfantasy** · #9 8th Mar 2009, 13:25

Try creating a new restore point and then restart. See if that works. http://www.vista4beginners.com/System-Restore

**pest79456** · #10 9th Mar 2009, 16:17

I did a little research and found that many people have this problem, now what good are windows if it let bugs in.

by the way you know any recovery programs that take whats called a "snapshot" of your hard drive? and/or anything better.