1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Win32.Obfuscated.en PLEASE help me I'm dumb about malware

Discussion in 'Virus & Other Malware Removal' started by evanr44, Apr 11, 2008.

Thread Status:
Not open for further replies.
Page 1 of 2
Advertisement
  1. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Alright so long story short I downloaded and installed DivoCodec and after doing a little research I (according to what I've read) have the Trojan.Win32.Obfuscated.en malware. I've had spyware in the past and would just let it go and just backup everything on my computer and reinstall Windows once it got too bad. However, I just purchased this computer about six months ago and have kept great care of it up until this where I convinced myself that, "oh, this thing is just gonna help me view this movie it wont hurt." Anyways, it's my own fault, but I'm trying to figure out how to fix it. I've checked some recent posts on this issue, but there's all sorts of stuff about hijack logs (something like that) and a bunch of other stuff that may as well be Greek to me. If there's anyone who would be able to help walk me through the removal process and let me know what information I need to post and how to post it I would GREATLY appreciate it. I know it's my ******* that got into the mess, but any help would be awesome.

    Thanks,
    Evan
     
    evanr44, Apr 11, 2008
    #1
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
    cybertech, Apr 13, 2008
    #2
  4. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Thanks for responding and helping me out I really appreciate it.

    Here's the log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:41:41 PM, on 4/14/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\HiJackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PLFSet] "rundll32.exe" C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer Assist\launcher.exe"
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.8u1rlkw"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LogMeIn Rescue (LMIRescue) - LogMeIn, Inc. - C:\Windows\LMI782D.tmp\rescue.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7801 bytes
     
    evanr44, Apr 14, 2008
    #3
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy the entire report and paste it in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
     
    cybertech, Apr 14, 2008
    #4
  6. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Malwarebytes' Anti-Malware 1.11
    Database version: 629

    Scan type: Quick Scan
    Objects scanned: 34541
    Time elapsed: 4 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    evanr44, Apr 14, 2008
    #5
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, please post a new hijackthis log.
     
    cybertech, Apr 14, 2008
    #6
  8. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:14:55 PM, on 4/14/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\System32\divxsm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    D:\Program Files\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [PLFSet] "rundll32.exe" C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files\Acer Assist\launcher.exe"
    O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI" Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [drv acid] "C:\ProgramData\EncCopyCopy.8u1rlkw"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LogMeIn Rescue (LMIRescue) - LogMeIn, Inc. - C:\Windows\LMI782D.tmp\rescue.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8047 bytes
     
    evanr44, Apr 14, 2008
    #7
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    With the little bit of malware removal available for Vista you are really doing yourself in running uTorrent on this machine. (n)


    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      C:\Windows\System32\divxsm.exe
C:\ProgramData
    • Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt2
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
     
    cybertech, Apr 14, 2008
    #8
  10. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    C:\Windows\System32\divxsm.exe moved successfully.
    C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} moved successfully.
    C:\ProgramData\Yahoo! Companion\Modules moved successfully.
    C:\ProgramData\Yahoo! Companion\Media moved successfully.
    C:\ProgramData\Yahoo! Companion\Icons moved successfully.
    C:\ProgramData\Yahoo! Companion\Data\neileritchey moved successfully.
    C:\ProgramData\Yahoo! Companion\Data\evanritchey moved successfully.
    C:\ProgramData\Yahoo! Companion\Data\en-US moved successfully.
    C:\ProgramData\Yahoo! Companion\Data\default moved successfully.
    C:\ProgramData\Yahoo! Companion\Data moved successfully.
    C:\ProgramData\Yahoo! Companion moved successfully.
    C:\ProgramData\Viewpoint moved successfully.
    C:\ProgramData\Trend Micro\pc-cillin\Log moved successfully.
    C:\ProgramData\Trend Micro\pc-cillin moved successfully.
    C:\ProgramData\Trend Micro moved successfully.
    C:\ProgramData\Templates moved successfully.
    C:\ProgramData\Symantec\Definitions\VIRUSD~1 moved successfully.
    C:\ProgramData\Symantec\Definitions moved successfully.
    C:\ProgramData\Symantec moved successfully.
    C:\ProgramData\Start Menu moved successfully.
    C:\ProgramData\Microsoft Help moved successfully.
    C:\ProgramData\Microsoft\WPD moved successfully.
    C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{10DBF83C-89D9-4F84-B1E4-0E08DA4FA86D} moved successfully.
    C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces moved successfully.
    C:\ProgramData\Microsoft\Wlansvc\Profiles moved successfully.
    C:\ProgramData\Microsoft\Wlansvc moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Windows Defender\Support scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Windows Defender\Software Explorers\Disabled Startup Folder Items moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Software Explorers moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Scans\History moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Scans moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Quarantine moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8143549F-AEE1-442F-8438-B4AF67536D7C} moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup moved successfully.
    C:\ProgramData\Microsoft\Windows Defender\Definition Updates moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Windows Defender scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dcf5 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dcf4 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report3348dce4 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0063afa8 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1aa14078 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1aa13f7f moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report14696a18 moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report1469690e moved successfully.
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive moved successfully.
    C:\ProgramData\Microsoft\Windows\WER moved successfully.
    C:\ProgramData\Microsoft\Windows\Templates moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War\Rome - Total War Help moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Shadow moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7\Documentations moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI CD & DVD-Maker 7 moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup NOW! 4.7 moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formatting & Document Processing Essentials 61-120 moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Helpful Links moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Codec\Links moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Codec moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crystal Eye webcam moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL Instant Messenger moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Empowering Technology moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\2 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\1 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks\0 moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\PlayTasks moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE} moved successfully.
    C:\ProgramData\Microsoft\Windows\GameExplorer moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\Cache moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM moved successfully.
    C:\ProgramData\Microsoft\Windows moved successfully.
    C:\ProgramData\Microsoft\User Account Pictures\Default Pictures moved successfully.
    C:\ProgramData\Microsoft\User Account Pictures moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Temp scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Search\Data\Config moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Save moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Config moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications\Windows scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data\Applications scheduled to be moved on reboot.
    Folder move failed. C:\ProgramData\Microsoft\Search\Data scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Search\Config moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Search scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\RAC\StateData moved successfully.
    C:\ProgramData\Microsoft\RAC\PublishedData moved successfully.
    C:\ProgramData\Microsoft\RAC moved successfully.
    C:\ProgramData\Microsoft\Provisioning moved successfully.
    C:\ProgramData\Microsoft\OFFICE\DATA moved successfully.
    C:\ProgramData\Microsoft\OFFICE moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Network\Downloader scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\Network\Connections\Pbk moved successfully.
    C:\ProgramData\Microsoft\Network\Connections moved successfully.
    Folder move failed. C:\ProgramData\Microsoft\Network scheduled to be moved on reboot.
    C:\ProgramData\Microsoft\MF moved successfully.
    C:\ProgramData\Microsoft\Media Player moved successfully.
    C:\ProgramData\Microsoft\Media Index moved successfully.
    C:\ProgramData\Microsoft\IdentityCRL\production moved successfully.
    C:\ProgramData\Microsoft\IdentityCRL moved successfully.
    C:\ProgramData\Microsoft\HTML Help moved successfully.
    C:\ProgramData\Microsoft\eHome\thmb moved successfully.
    C:\ProgramData\Microsoft\eHome\Recording moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\SportsTemplate moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate\ScheduleSupplement moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsTemplate moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsSchedule\SportsSchedule moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\SportsSchedule moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\NetTV moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight moved successfully.
    C:\ProgramData\Microsoft\eHome\Packages moved successfully.
    C:\ProgramData\Microsoft\eHome\logs moved successfully.
    C:\ProgramData\Microsoft\eHome\Favorites moved successfully.
    C:\ProgramData\Microsoft\eHome\EPG\tracehelper moved successfully.
    C:\ProgramData\Microsoft\eHome\EPG\prefs moved successfully.
    C:\ProgramData\Microsoft\eHome\EPG moved successfully.
    C:\ProgramData\Microsoft\eHome moved successfully.
    C:\ProgramData\Microsoft\DRM\Server moved successfully.
    C:\ProgramData\Microsoft\DRM moved successfully.
    C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 moved successfully.
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys moved successfully.
    C:\ProgramData\Microsoft\Crypto\RSA moved successfully.
    C:\ProgramData\Microsoft\Crypto\Keys moved successfully.
    C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys moved successfully.
    C:\ProgramData\Microsoft\Crypto\DSS moved successfully.
    C:\ProgramData\Microsoft\Crypto moved successfully.
    C:\ProgramData\Microsoft\Business Contact Manager moved successfully.
    C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US moved successfully.
    C:\ProgramData\Microsoft\Assistance\Client\1.0 moved successfully.
    C:\ProgramData\Microsoft\Assistance\Client moved successfully.
    C:\ProgramData\Microsoft\Assistance moved successfully.
    Folder move failed. C:\ProgramData\Microsoft scheduled to be moved on reboot.
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
    C:\ProgramData\Malwarebytes moved successfully.
    C:\ProgramData\Geek Squad\MRI moved successfully.
    C:\ProgramData\Geek Squad moved successfully.
    C:\ProgramData\Favorites moved successfully.
    C:\ProgramData\Documents moved successfully.
    C:\ProgramData\Desktop moved successfully.
    C:\ProgramData\CyberLink\PowerDVD moved successfully.
    C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version\7.03 moved successfully.
    C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455}\Version moved successfully.
    C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{6F7425F3-EB34-46b0-9B63-430203611455} moved successfully.
    C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID moved successfully.
    C:\ProgramData\CyberLink\OLReg\HKEY_CLASS_ROOT moved successfully.
    C:\ProgramData\CyberLink\OLReg moved successfully.
    C:\ProgramData\CyberLink\EvoParser\PowerDVD\7.03 moved successfully.
    C:\ProgramData\CyberLink\EvoParser\PowerDVD moved successfully.
    C:\ProgramData\CyberLink\EvoParser moved successfully.
    C:\ProgramData\CyberLink moved successfully.
    C:\ProgramData\ATI\ACE moved successfully.
    C:\ProgramData\ATI moved successfully.
    C:\ProgramData\Application Data moved successfully.
    C:\ProgramData\Apple Computer\iTunes\SC Info moved successfully.
    C:\ProgramData\Apple Computer\iTunes moved successfully.
    C:\ProgramData\Apple Computer\Installer Cache\iTunes 7.6.2.9 moved successfully.
    C:\ProgramData\Apple Computer\Installer Cache moved successfully.
    C:\ProgramData\Apple Computer moved successfully.
    C:\ProgramData\Apple\Installer Cache\Bonjour 1.0.104 moved successfully.
    C:\ProgramData\Apple\Installer Cache\Apple Software Update 2.0.2.92 moved successfully.
    C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 1.1.4.7 moved successfully.
    C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 1.1.3.26 moved successfully.
    C:\ProgramData\Apple\Installer Cache moved successfully.
    C:\ProgramData\Apple moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\9 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\8 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\6 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\5 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\4 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\3 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\12 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\11 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\10 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT\1 moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\PERSISTENT moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\METRICS moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\localStorage moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users\BFTS_BBC2683C moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage\All Users moved successfully.
    C:\ProgramData\AOL OCP\AIM\Storage moved successfully.
    C:\ProgramData\AOL OCP\AIM moved successfully.
    C:\ProgramData\AOL OCP moved successfully.
    C:\ProgramData\AOL\UserProfiles moved successfully.
    C:\ProgramData\AOL moved successfully.
    C:\ProgramData\Adobe\Updater5 moved successfully.
    C:\ProgramData\Adobe\Acrobat\8.0\Replicate\Security moved successfully.
    C:\ProgramData\Adobe\Acrobat\8.0\Replicate moved successfully.
    C:\ProgramData\Adobe\Acrobat\8.0 moved successfully.
    C:\ProgramData\Adobe\Acrobat moved successfully.
    C:\ProgramData\Adobe moved successfully.
    Folder move failed. C:\ProgramData scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_194941



    Just so you know, I'm not sure if it means anything but I'm gonna run it by you... When I restarted it to move the file at the end when my computer started back up I got an error message (the first time ever) saying my windows registration key wasn't valid. I just re-entered my key for vista and it ran again fine other than that when my computer starts now, this may be unrelated, but I don't know it's never happened before I'm getting an error on start up that says:

    Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.

    The title on the toolbar in that error is "Windows Defender"

    What do I do to stop the application error from happening and is the windows registration thing something to worry about?
     
    evanr44, Apr 14, 2008
    #9
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open OTMoveit again and click the restore button. When the Open File dialog box opens select the .res file in the Restoreit window select everything. Then click the Restoreit button. Now restart the machine.
     
    cybertech, Apr 15, 2008
    #10
  12. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Where can I find the file to open OTMoveit? I know i've installed it cause I obviously used it earlier, but when I look in C: or my D: or anywhere all I can find is the install file. If I try to open it nothing happens.
     
    evanr44, Apr 15, 2008
    #11
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    C:\_OTMoveIt\MovedFiles is the location to look for the .res file.

    Download the program again here: OTMoveIt2
     
    cybertech, Apr 15, 2008
    #12
  14. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    I did the restore it thing, but a couple files say "source file does not exist" and others say "failed to restore." Problem?
     
    evanr44, Apr 16, 2008
    #13
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Yes, I fear so and it is my error. I failed to remember you are using Vista. :mad: I am truly sorry. :eek:



    If you go into C:\_OTMoveIt\MovedFiles there should be a folder there. Can you manually restore the files and folders from there? Only the ones in C:\ProgramData those should go back to the c:\
     
    cybertech, Apr 16, 2008
    #14
  16. evanr44

    evanr44 Thread Starter

    Joined:
    Apr 11, 2008
    Messages:
    9
    Move the entire ProgramData folder into C: or the folders in it. What do I do with the folder called Windows
     
    evanr44, Apr 16, 2008
    #15

  17. Sponsor

Page 1 of 2
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Trojan Win32 Obfuscated
  1. Sumfeg

    New Trojan:Win32/Bitrep.B

    Sumfeg, Jun 3, 2019, in forum: Virus & Other Malware Removal
    Replies:
    0
    Views:
    1,144
    Sumfeg
    Jun 3, 2019
  2. dreamy.dancer

    In Progress Trojan:Win32/Bitrep.B

    dreamy.dancer, Mar 15, 2019, in forum: Virus & Other Malware Removal
    Replies:
    6
    Views:
    2,152
    iMacg3
    Mar 19, 2019
  3. Milissa-Jane

    Solved Trojan attack on windows 10 and external hard drive

    Milissa-Jane, Nov 20, 2019, in forum: Virus & Other Malware Removal
    Replies:
    5
    Views:
    854
    Curie
    Dec 8, 2019
  4. indeepcrap

    In Progress Terrible Trojan

    indeepcrap, Oct 20, 2019, in forum: Virus & Other Malware Removal
    Replies:
    29
    Views:
    2,785
    iMacg3
    Dec 29, 2019
  5. K1979

    Solved Trojan Virus Worry

    K1979, Sep 27, 2019, in forum: Virus & Other Malware Removal
    Replies:
    26
    Views:
    1,918
    iMacg3
    Oct 18, 2019
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702774

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice