Trojan.Win32.Obfuscated.en PLEASE help me I'm dumb about malware

[evanr44]

Alright so long story short I downloaded and installed DivoCodec and after doing a little research I (according to what I've read) have the Trojan.Win32.Obfuscated.en malware. I've had spyware in the past and would just let it go and just backup everything on my computer and reinstall Windows once it got too bad. However, I just purchased this computer about six months ago and have kept great care of it up until this where I convinced myself that, "oh, this thing is just gonna help me view this movie it wont hurt." Anyways, it's my own fault, but I'm trying to figure out how to fix it. I've checked some recent posts on this issue, but there's all sorts of stuff about hijack logs (something like that) and a bunch of other stuff that may as well be Greek to me. If there's anyone who would be able to help walk me through the removal process and let me know what information I need to post and how to post it I would GREATLY appreciate it. I know it's my ******* that got into the mess, but any help would be awesome.

Thanks,
Evan

 

[cybertech]

Hi, Welcome to TSG!!


Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[evanr44]

Thanks for responding and helping me out I really appreciate it.

Here's the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:41 PM, on 4/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HiJackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] "rundll32.exe" C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer Assist\launcher.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.8u1rlkw"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Rescue (LMIRescue) - LogMeIn, Inc. - C:\Windows\LMI782D.tmp\rescue.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7801 bytes

 

[cybertech]

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy the entire report and paste it in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

[evanr44]

Malwarebytes' Anti-Malware 1.11
Database version: 629

Scan type: Quick Scan
Objects scanned: 34541
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[cybertech]

OK, please post a new hijackthis log.

 

[evanr44]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:55 PM, on 4/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\divxsm.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
D:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSet] "rundll32.exe" C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer Assist\launcher.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.8u1rlkw"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Rescue (LMIRescue) - LogMeIn, Inc. - C:\Windows\LMI782D.tmp\rescue.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8047 bytes

 

[cybertech]

With the little bit of malware removal available for Vista you are really doing yourself in running uTorrent on this machine.


Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Windows\System32\divxsm.exe
  C:\ProgramData

• Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

[evanr44]

C:\Windows\System32\divxsm.exe moved successfully.
C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} moved successfully.
C:\ProgramData\Yahoo! Companion\Modules moved successfully.
C:\ProgramData\Yahoo! Companion\Media moved successfully.
C:\ProgramData\Yahoo! Companion\Icons moved successfully.
C:\ProgramData\Yahoo! Companion\Data\neileritchey moved successfully.
C:\ProgramData\Yahoo! Companion\Data\evanritchey moved successfully.
C:\ProgramData\Yahoo! Companion\Data\en-US moved successfully.
C:\ProgramData\Yahoo! Companion\Data\default moved successfully.
C:\ProgramData\Yahoo! Companion\Data moved successfully.
C:\ProgramData\Yahoo! Companion moved successfully.
C:\ProgramData\Viewpoint moved successfully.
C:\ProgramData\Trend Micro\pc-cillin\Log moved successfully.
C:\ProgramData\Trend Micro\pc-cillin moved successfully.
C:\ProgramData\Trend Micro moved successfully.
C:\ProgramData\Templates moved successfully.
C:\ProgramData\Symantec\Definitions\VIRUSD~1 moved successfully.
C:\ProgramData\Symantec\Definitions moved successfully.
C:\ProgramData\Symantec moved successfully.
C:\ProgramData\Start Menu moved successfully.
C:\ProgramData\Microsoft Help moved successfully.
C:\ProgramData\Microsoft\WPD moved successfully.
C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{10DBF83C-89D9-4F84-B1E4-0E08DA4FA86D} moved successfully.
C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces moved successfully.
C:\ProgramData\Microsoft\Wlansvc\Profiles moved successfully.
C:\ProgramData\Microsoft\Wlansvc moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows Defender\Support scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Software Explorers moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Quarantine moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8143549F-AEE1-442F-8438-B4AF67536D7C} moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup moved successfully.
C:\ProgramData\Microsoft\Windows Defender\Definition Updates moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Windows Defender scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dcf5 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dcf4 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dce4 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0063afa8 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportQueue moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1aa14078 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1aa13f7f moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report14696a18 moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1469690e moved successfully.
C:\ProgramData\Microsoft\Windows\WER\ReportArchive moved successfully.
C:\ProgramData\Microsoft\Windows\WER moved successfully.
C:\ProgramData\Microsoft\Windows\Templates moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War\Rome - Total War Help moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Shadow moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7\Documentations moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7 moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup NOW! 4.7 moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formatting & Document Processing Essentials 61-120 moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Helpful Links moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Codec\Links moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Codec moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Eye webcam moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Instant Messenger moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\2 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\1 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0 moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE} moved successfully.
C:\ProgramData\Microsoft\Windows\GameExplorer moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\Cache moved successfully.
C:\ProgramData\Microsoft\Windows\DRM moved successfully.
C:\ProgramData\Microsoft\Windows moved successfully.
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures moved successfully.
C:\ProgramData\Microsoft\User Account Pictures moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Temp scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Search\Data\Config moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Save moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Microsoft\Search\Data scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Search\Config moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Search scheduled to be moved on reboot.
C:\ProgramData\Microsoft\RAC\StateData moved successfully.
C:\ProgramData\Microsoft\RAC\PublishedData moved successfully.
C:\ProgramData\Microsoft\RAC moved successfully.
C:\ProgramData\Microsoft\Provisioning moved successfully.
C:\ProgramData\Microsoft\OFFICE\DATA moved successfully.
C:\ProgramData\Microsoft\OFFICE moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Network\Downloader scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Network\Connections\Pbk moved successfully.
C:\ProgramData\Microsoft\Network\Connections moved successfully.
Folder move failed. C:\ProgramData\Microsoft\Network scheduled to be moved on reboot.
C:\ProgramData\Microsoft\MF moved successfully.
C:\ProgramData\Microsoft\Media Player moved successfully.
C:\ProgramData\Microsoft\Media Index moved successfully.
C:\ProgramData\Microsoft\IdentityCRL\production moved successfully.
C:\ProgramData\Microsoft\IdentityCRL moved successfully.
C:\ProgramData\Microsoft\HTML Help moved successfully.
C:\ProgramData\Microsoft\eHome\thmb moved successfully.
C:\ProgramData\Microsoft\eHome\Recording moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplate moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\ScheduleSupplement moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsSchedule\SportsSchedule moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\SportsSchedule moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\NetTV moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight moved successfully.
C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight moved successfully.
C:\ProgramData\Microsoft\eHome\Packages moved successfully.
C:\ProgramData\Microsoft\eHome\logs moved successfully.
C:\ProgramData\Microsoft\eHome\Favorites moved successfully.
C:\ProgramData\Microsoft\eHome\EPG\tracehelper moved successfully.
C:\ProgramData\Microsoft\eHome\EPG\prefs moved successfully.
C:\ProgramData\Microsoft\eHome\EPG moved successfully.
C:\ProgramData\Microsoft\eHome moved successfully.
C:\ProgramData\Microsoft\DRM\Server moved successfully.
C:\ProgramData\Microsoft\DRM moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys moved successfully.
C:\ProgramData\Microsoft\Crypto\RSA moved successfully.
C:\ProgramData\Microsoft\Crypto\Keys moved successfully.
C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys moved successfully.
C:\ProgramData\Microsoft\Crypto\DSS moved successfully.
C:\ProgramData\Microsoft\Crypto moved successfully.
C:\ProgramData\Microsoft\Business Contact Manager moved successfully.
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US moved successfully.
C:\ProgramData\Microsoft\Assistance\Client\1.0 moved successfully.
C:\ProgramData\Microsoft\Assistance\Client moved successfully.
C:\ProgramData\Microsoft\Assistance moved successfully.
Folder move failed. C:\ProgramData\Microsoft scheduled to be moved on reboot.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\ProgramData\Malwarebytes moved successfully.
C:\ProgramData\Geek Squad\MRI moved successfully.
C:\ProgramData\Geek Squad moved successfully.
C:\ProgramData\Favorites moved successfully.
C:\ProgramData\Documents moved successfully.
C:\ProgramData\Desktop moved successfully.
C:\ProgramData\CyberLink\PowerDVD moved successfully.
C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version\7.03 moved successfully.
C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version moved successfully.
C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455} moved successfully.
C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID moved successfully.
C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT moved successfully.
C:\ProgramData\CyberLink\OLReg moved successfully.
C:\ProgramData\CyberLink\EvoParser\PowerDVD\7.03 moved successfully.
C:\ProgramData\CyberLink\EvoParser\PowerDVD moved successfully.
C:\ProgramData\CyberLink\EvoParser moved successfully.
C:\ProgramData\CyberLink moved successfully.
C:\ProgramData\ATI\ACE moved successfully.
C:\ProgramData\ATI moved successfully.
C:\ProgramData\Application Data moved successfully.
C:\ProgramData\Apple Computer\iTunes\SC Info moved successfully.
C:\ProgramData\Apple Computer\iTunes moved successfully.
C:\ProgramData\Apple Computer\Installer Cache\iTunes 7.6.2.9 moved successfully.
C:\ProgramData\Apple Computer\Installer Cache moved successfully.
C:\ProgramData\Apple Computer moved successfully.
C:\ProgramData\Apple\Installer Cache\Bonjour 1.0.104 moved successfully.
C:\ProgramData\Apple\Installer Cache\Apple Software Update 2.0.2.92 moved successfully.
C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 1.1.4.7 moved successfully.
C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 1.1.3.26 moved successfully.
C:\ProgramData\Apple\Installer Cache moved successfully.
C:\ProgramData\Apple moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\9 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\8 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\6 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\5 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\4 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\3 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\12 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\11 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\10 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\1 moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\METRICS moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\localStorage moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users\BFTS_BBC2683C moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage\All Users moved successfully.
C:\ProgramData\AOL OCP\AIM\Storage moved successfully.
C:\ProgramData\AOL OCP\AIM moved successfully.
C:\ProgramData\AOL OCP moved successfully.
C:\ProgramData\AOL\UserProfiles moved successfully.
C:\ProgramData\AOL moved successfully.
C:\ProgramData\Adobe\Updater5 moved successfully.
C:\ProgramData\Adobe\Acrobat\8.0\Replicate\Security moved successfully.
C:\ProgramData\Adobe\Acrobat\8.0\Replicate moved successfully.
C:\ProgramData\Adobe\Acrobat\8.0 moved successfully.
C:\ProgramData\Adobe\Acrobat moved successfully.
C:\ProgramData\Adobe moved successfully.
Folder move failed. C:\ProgramData scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_194941



Just so you know, I'm not sure if it means anything but I'm gonna run it by you... When I restarted it to move the file at the end when my computer started back up I got an error message (the first time ever) saying my windows registration key wasn't valid. I just re-entered my key for vista and it ran again fine other than that when my computer starts now, this may be unrelated, but I don't know it's never happened before I'm getting an error on start up that says:

Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.

The title on the toolbar in that error is "Windows Defender"

What do I do to stop the application error from happening and is the windows registration thing something to worry about?

 

[cybertech]

Open OTMoveit again and click the restore button. When the Open File dialog box opens select the .res file in the Restoreit window select everything. Then click the Restoreit button. Now restart the machine.

 

[evanr44]

Where can I find the file to open OTMoveit? I know i've installed it cause I obviously used it earlier, but when I look in C: or my D: or anywhere all I can find is the install file. If I try to open it nothing happens.

 

[cybertech]

C:\_OTMoveIt\MovedFiles is the location to look for the .res file.

Download the program again here: OTMoveIt2

 

[evanr44]

I did the restore it thing, but a couple files say "source file does not exist" and others say "failed to restore." Problem?

 

[cybertech]

Yes, I fear so and it is my error. I failed to remember you are using Vista. I am truly sorry.



If you go into C:\_OTMoveIt\MovedFiles there should be a folder there. Can you manually restore the files and folders from there? Only the ones in C:\ProgramData those should go back to the c:\

 

[evanr44]

Move the entire ProgramData folder into C: or the folders in it. What do I do with the folder called Windows