1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Annoying pop-up about TROJAN

Discussion in 'Malware and Virus Removal Archive' started by xelor, 2008/06/14.

  1. 2008/06/14
    xelor

    xelor Inactive Thread Starter

    Joined:
    2008/06/14
    Messages:
    2
    Likes Received:
    0
    Ok. So got this weird virus.
    ALMOST every time I open something for example folders or the Internet.
    A error/pop-up says:
    Attention (my name)! Some dangerous trojan horses was detected in your system. Windows Vista (TM) Home Premium files corrupted.
    This may lead to the destruction of inportant files in C:\Windows.
    Download protection software now!

    Click OK to download the antispyware. (Recommended)!

    So I got fooled and installed it. It said that I had alot of viruses, but that wasn't true. At that moment I knew that I got tricked.
    So now I'm trying to fix this problem without formating the Harddrive.

    But nothing have changed. So I decided to get some help from experts :p
    So please help me.
    Here is a log from the Hijackthis freeware program:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:04, on 2008-06-14
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Sigma plugin - {B095AF15-2FB6-4239-95AD-D1E27ECC11C7} - C:\Windows\tosect8x.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
    O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 8096 bytes
     
    xelor,
    #1
  2. 2008/06/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi xelor
    Welcome to windowsbbs. :)

    OK lets get a deeper look at what was installed, please do this.

    Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/06/15
    xelor

    xelor Inactive Thread Starter

    Joined:
    2008/06/14
    Messages:
    2
    Likes Received:
    0
    So heres is the main.txt:
    Deckard's System Scanner v20071014.68
    Run by Dennis on 2008-06-14 15:55:52
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    10: 2011-06-14 10:41:15 UTC - RP65 - Installation av enhetsdrivrutinspaket: Symantec Nätverkstjänst
    9: 2011-06-14 10:08:04 UTC - RP64 - Norton Internet Security post configuration restore point
    8: 2008-09-01 11:10:34 UTC - RP67 - Removed LiveUpdate (Symantec Corporation)
    7: 2008-06-29 20:36:25 UTC - RP61 - Installation av enhetsdrivrutinspaket: Symantec Nätverkstjänst
    6: 2008-06-14 11:41:50 UTC - RP69 - Norton Internet Security post configuration restore point


    -- First Restore Point --
    1: 2008-06-11 09:50:12 UTC - RP58 - Windows Update


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 1023 MiB (1024 MiB recommended).


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-06-14 15:59:22
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Windows\System32\conime.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Windows\System32\taskeng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Users\Dennis\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv.intl.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv.intl.acer.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Sigma plugin - {B095AF15-2FB6-4239-95AD-D1E27ECC11C7} - C:\Windows\tosect8x.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\RunOnce: [Lusetup] C:\PROGRA~1\Symantec\LIVEUP~1\LUSetup.exe -s -a -q -log -version
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [?????????] ??????????????e
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


    --
    End of file - 9536 bytes

    -- File Associations -----------------------------------------------------------

    .bat - batfile - DefaultIcon - C:\Windows\system32\imageres.dll,-68
    .inf - inffile - DefaultIcon - C:\Windows\system32\imageres.dll,-69
    .ini - inifile - DefaultIcon - C:\Windows\system32\imageres.dll,-69
    .txt - txtfile - DefaultIcon - C:\Windows\system32\imageres.dll,-102


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 PSDFilter - c:\windows\system32\drivers\psdfilter.sys <Not Verified; HiTRUST; >
    R0 PSDNServ (PSDNSERVER) - c:\windows\system32\drivers\psdnserv.sys <Not Verified; HiTRUST; >
    R0 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys <Not Verified; HiTRUST; >
    R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 AcerMemUsageCheckService (ePerformance Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; ; MemCheck.Service>
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-14 13:41:43 548 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Dennis.job


    -- Files created between 2008-05-14 and 2008-06-14 -----------------------------

    2008-06-29 22:33:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-06-14 14:22:53 281088 --a------ C:\Windows\tosect8x.dll
    2008-06-14 14:22:49 56 --a------ C:\smp.bat
    2008-06-14 13:36:08 0 d-------- C:\Program Files\Norton Internet Security
    2008-06-14 13:32:11 0 d-------- C:\Program Files\Symantec
    2008-06-14 11:22:13 0 d-------- C:\Users\All Users\Ny mapp
    2008-06-13 22:04:34 0 d-------- C:\Users\All Users\Symantec Temporary Files
    2008-06-08 13:14:34 0 d-------- C:\HiTRUSTDrive
    2008-06-07 12:08:04 0 d-------- C:\Windows\system32\Adobe
    2008-06-03 14:35:09 0 d-------- C:\Program Files\PowerISO
    2008-06-03 00:20:41 0 d-------- C:\Users\All Users\Messenger Plus!
    2008-06-03 00:18:12 0 d-------- C:\Program Files\Messenger Plus! Live
    2008-06-02 20:21:24 0 d-------- C:\Program Files\Alcoda
    2008-06-02 19:52:28 0 d-------- C:\Users\All Users\WinZip
    2008-06-01 11:48:19 0 d-------- C:\Program Files\AC3Filter
    2008-05-30 16:19:05 765952 --a------ C:\Windows\system32\xvidcore.dll
    2008-05-30 16:19:04 180224 --a------ C:\Windows\system32\xvidvfw.dll
    2008-05-30 16:19:04 0 d-------- C:\Program Files\Xvid
    2008-05-30 09:21:08 0 d-------- C:\Program Files\QuickTime
    2008-05-30 09:21:07 0 d-------- C:\Users\All Users\Apple Computer
    2008-05-30 09:20:13 0 d-------- C:\Program Files\Apple Software Update
    2008-05-30 09:20:12 0 d-------- C:\Users\All Users\Apple
    2008-05-29 21:03:55 0 d-------- C:\Program Files\Common Files\xing shared
    2008-05-29 21:03:30 0 d-------- C:\Program Files\Common Files\Real
    2008-05-29 21:03:24 0 d-------- C:\Program Files\Real
    2008-05-29 20:51:54 0 d-------- C:\Program Files\Red Kawa
    2008-05-29 20:51:24 0 d-------- C:\Program Files\ATI
    2008-05-29 20:49:35 0 d-------- C:\Program Files\ATI Technologies
    2008-05-29 20:01:48 0 d-------- C:\Program Files\Stardock
    2008-05-29 19:40:19 0 d-------- C:\ATI
    2008-05-29 18:17:59 0 d-------- C:\Program Files\MSXML 4.0
    2008-05-29 17:55:09 0 d-------- C:\Program Files\TGTSoft
    2008-05-29 17:52:21 0 d-------- C:\Program Files\CCleaner
    2008-05-29 17:44:26 0 d-------- C:\Program Files\Froost
    2008-05-29 16:37:33 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-29 16:36:59 0 d-------- C:\Program Files\Windows Live
    2008-05-29 16:36:04 0 d-------- C:\Users\All Users\WLInstaller
    2008-05-29 14:11:22 0 d-------- C:\Users\All Users\FLEXnet
    2008-05-29 14:08:11 0 d-------- C:\Program Files\Bonjour
    2008-05-29 13:57:39 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-05-29 13:37:24 0 d-------- C:\Windows\WinRAR
    2008-05-29 08:11:15 0 d-------- C:\Program Files\Java
    2008-05-29 08:10:19 0 d-------- C:\Program Files\Common Files\Java
    2008-05-29 07:04:08 0 d-------- C:\Program Files\Microsoft Works
    2008-05-29 07:02:27 0 d-------- C:\Windows\PCHEALTH
    2008-05-29 07:02:27 0 d-------- C:\Program Files\Microsoft.NET
    2008-05-29 07:00:03 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-05-29 06:58:06 0 d-------- C:\Users\All Users\Microsoft Help
    2008-05-29 06:57:26 0 dr-h----- C:\MSOCache
    2008-05-29 06:17:34 0 d-------- C:\Program Files\Pivot Stickfigure Animator
    2008-05-29 05:28:38 0 d-------- C:\Program Files\uTorrent
    2008-05-28 21:20:34 0 d-------- C:\Windows\system32\Macromed
    2008-05-28 21:20:32 0 d-------- C:\Users\All Users\InstallShield
    2008-05-28 21:20:27 0 d-------- C:\Windows\Acer_Wide
    2008-05-28 21:20:27 187392 --a------ C:\Windows\Acer(Wide).scr
    2008-05-28 21:20:27 187392 --a------ C:\Windows\Acer(Normal).scr
    2008-05-28 21:20:27 0 d-------- C:\Program Files\Acer Inc
    2008-05-28 21:20:25 0 d-------- C:\Windows\Acer_Normal
    2008-05-28 21:19:14 327680 --a------ C:\Windows\system32\Remove_eRecovery.exe <Not Verified; Acer Inc.; >
    2008-05-28 21:19:14 16384 --a------ C:\Windows\system32\LauncheRyAgentUser.exe <Not Verified; ; LauncheRyAgentUser>
    2008-05-28 21:19:14 1402880 --a------ C:\Windows\system32\ERUpdateHidden.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-05-28 21:19:14 16384 --a------ C:\Windows\system32\ClearEvent.exe
    2008-05-28 21:19:14 360448 --a------ C:\Windows\system32\CheckD2DSystem.exe <Not Verified; Acer Inc.; CheckD2DSystem.exe>
    2008-05-28 21:18:10 0 d-------- C:\Windows\system32\i386
    2008-05-28 21:16:02 0 d--hs---- C:\$RECYCLE.BIN
    2008-05-28 21:15:57 0 d---s---- C:\Users\Dennis\Searches
    2008-05-28 21:15:40 0 d---s---- C:\Users\Dennis\Contacts
    2008-05-28 21:13:58 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
    2008-05-28 21:13:51 0 d-------- C:\Program Files\Yahoo!
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Videos
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Start-meny
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Skrivare
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\SendTo
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Saved Games
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Recent
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Pictures
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Nätverket
    2008-05-28 21:13:32 2883584 --ahs---- C:\Users\Dennis\NTUSER.DAT
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Music
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Mina dokument
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Mallar
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Local Settings
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Links
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Favorites
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Downloads
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Documents
    2008-05-28 21:13:32 0 d---s---- C:\Users\Dennis\Desktop
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Cookies
    2008-05-28 21:13:32 0 d--hs---- C:\Users\Dennis\Application Data
    2008-05-28 21:13:32 0 d--h----- C:\Users\Dennis\AppData
    2008-05-28 21:03:26 0 d--hs---- C:\Users\Default\Start-meny
    2008-05-28 21:03:26 0 d--hs---- C:\Users\Default\Skrivare
    2008-05-28 21:03:26 0 d--hs---- C:\Users\Default\Nätverket
    2008-05-28 21:03:26 0 d--hs---- C:\Users\Default\Mina dokument
    2008-05-28 21:03:26 0 d--hs---- C:\Users\Default\Mallar
    2008-05-28 21:03:26 0 d--hs---- C:\Users\All Users\Start-meny
    2008-05-28 21:03:26 0 d--hs---- C:\Users\All Users\Skrivbord
    2008-05-28 21:03:26 0 d--hs---- C:\Users\All Users\Mallar
    2008-05-28 21:03:26 0 d--hs---- C:\Users\All Users\Favoriter
    2008-05-28 21:03:26 0 d--hs---- C:\Users\All Users\Dokument
    2008-05-28 21:03:26 0 d--hs---- C:\Program
    2008-05-28 21:03:26 0 d--hs---- C:\Program Files\Delade filer
    2008-05-28 20:48:44 0 d-------- C:\Windows\SoftwareDistribution


    -- Find3M Report ---------------------------------------------------------------

    2011-06-14 12:45:36 0 d-------- C:\Users\Dennis\AppData\Roaming\Symantec
    2008-06-14 13:49:52 0 d-------- C:\Program Files\Common Files
    2008-06-14 13:28:25 0 d-------- C:\Users\Dennis\AppData\Roaming\uTorrent
    2008-06-13 14:07:12 472176 --a------ C:\Windows\system32\perfh01D.dat
    2008-06-13 14:07:12 81308 --a------ C:\Windows\system32\perfc01D.dat
    2008-06-12 08:50:07 0 d-------- C:\Program Files\Windows Mail
    2008-06-11 13:04:00 0 d-------- C:\Users\Dennis\AppData\Roaming\Adobe
    2008-06-05 08:42:36 0 d-------- C:\Users\Dennis\AppData\Roaming\AdobeUM
    2008-05-29 21:15:15 0 d-------- C:\Users\Dennis\AppData\Roaming\Real
    2008-05-29 20:05:06 15819776 --a------ C:\Windows\system32\imageres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-05-29 18:57:54 174 --ahs---- C:\Program Files\desktop.ini
    2008-05-29 18:52:30 0 d-------- C:\Program Files\Windows Calendar
    2008-05-29 18:52:24 0 d-------- C:\Program Files\Windows Defender
    2008-05-29 18:52:12 0 d-------- C:\Program Files\Windows Sidebar
    2008-05-29 14:08:09 0 d-------- C:\Program Files\Common Files\Adobe
    2008-05-29 07:03:58 0 d-------- C:\Program Files\MSBuild
    2008-05-28 21:26:34 0 d-------- C:\Users\Dennis\AppData\Roaming\Macromedia
    2008-05-28 21:20:23 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-28 21:20:23 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-28 21:15:46 0 d-------- C:\Users\Dennis\AppData\Roaming\Identities
    2008-05-28 21:14:14 0 d-------- C:\Program Files\Realtek
    2008-05-28 21:06:52 0 d-------- C:\Users\Dennis\AppData\Roaming\WinRAR
    2008-05-28 21:03:26 0 d-------- C:\Program Files\Windows NT


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B095AF15-2FB6-4239-95AD-D1E27ECC11C7}]
    2008-06-14 14:22 281088 --a------ C:\Windows\tosect8x.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-05-29 18:39]
    "RtHDVCpl "= "RtHDVCpl.exe" [2007-02-15 18:07 C:\Windows\RtHDVCpl.exe]
    "Acer Tour "=" " []
    "Acer Empowering Technology Monitor "= "C:\Windows\system32\SysMonitor.exe" [2006-11-23 16:24]
    "WarReg_PopUp "= "C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48]
    "eDataSecurity Loader "= "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 08:26]
    "eRecoveryService "=" " []
    "GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-29 21:03]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "PWRISOVM.EXE "= "C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-29 18:23]
    "WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter" []
    "????r "=" " []
    "????????? "= "??????????????e" []
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Lusetup "=C:\PROGRA~1\Symantec\LIVEUP~1\LUSetup.exe -s -a -q -log -version

    C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Sk„rmurklipp och start fâ€r OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
    Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-28 02:36:43]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdfb5a32-2ce5-11dd-bff1-806e6f6e6963}]
    AutoRun\command- E:\CDSTART.EXE

    *Newly Created Service* - COMHOST
    *Newly Created Service* - NAVENG
    *Newly Created Service* - NAVEX15
    *Newly Created Service* - SPBBCDRV
    *Newly Created Service* - SRTSP
    *Newly Created Service* - SRTSPX

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-14 16:00:21 ------------
     
    xelor,
    #3
  5. 2008/06/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    OK please do this in the order given.

    ** dss.exe must be on the desktop for the following command to work. **

    Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in the run box, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • Check the box next to the following, then click Fix.
      • .bat
      • .inf
      • .ini
      • .txt
    • Exit when complete.

    Now this.

    Now download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh HijackThis log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Now this.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the MBAM log and the Combofix log.

    Thanks
    Geri
     
    Geri,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...