Hjelp! windows vista lukker utforsker av seg selv

Engern · 26. februar 2008

Hjelp!

Jeg har en ganske så ny Acer M5100 med Vista Home Premium.

Men nå får jeg opp to feilmeldinger hver gang jeg starter opp windows å kommer til skrivebordet.

RunDLL

C:\Users\Engern\AppData\Local\Temp\wvurq.dll

Den angitte modulen ble ikke funnet

Og

RunDLL

C:\Users\Engern\AppData\Local\Temp\vlfgggee.dll

Den angitte modulen ble ikke funnet

Å nå fungerer ikke utforsker lenger eller andre vinduer jeg åpner.De er åpne i noen sekunder også bare forsvinner de(lukkers og fjernes)helt av seg selv.

Oppgavelinjen og start menyen har også begynt å forsvinne i det siste. Hver gang jeg åpner ett nytt vindu.Av og til dukker den opp igjen. Hvis ikke må windows restartes for å få dne frem igjen.

Pluss at ikonene på skrivebordet bytter med hverandre eller forsvinner helt sånn av og til.

Er det noen som vet hvordan jeg kan fikse dette?

(har prøvd systemscan og defragmentering)

På forhånd TAKK!

Endret 26. februar 2008 av Engern

snippsat · 26. februar 2008

wvurq.dll er en fil med virus.

Trojan.Vundo.B

Nå ligger filen i temp folder din.

Du kan ha en del mere grums og.

Du får prøve og boote til safemodus og rydde litt der først.

Boot trykk f8 flere ganger.

Velg sikkerhet modus med nettverk.

Last ned VirtumundoBeGone

Kjør denne.

Last ned oppdatere kjør SAS free

Post logg.

Restart se om det går bedere i normalmodus.

Da må jeg ha en HijackThis logg.

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Do a system scan and save a logfile" .

Loggfilen kopierer du og limer inn i posten din.

Endret 26. februar 2008 av SNIPPSAT

Engern · 26. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:10:17, on 26.02.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\GameSpy\Comrade\Comrade.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe

C:\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Engern\AppData\Local\Temp\wvurq.dll,#1

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Engern\AppData\Local\Temp\vlfgggee.dll",run

O4 - HKCU\..\Run: [b08ee145] rundll32.exe "C:\Users\Engern\AppData\Local\Temp\qkomxgnp.dll",b

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\registrybooster 2\StartRegistryBooster.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARES\chatServer.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12341 bytes

Nå ser det ut til at alt fungerer normalt igjen,bortsett fra meldinger om noen dll filer med rare navn som windows ikke finner når windows startes.

Endret 26. februar 2008 av Engern

snippsat · 26. februar 2008

Start HijackThis finn disse linjene merk dem,så trykk fixed checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Engern\AppData\Local\Temp\wvurq.dll,#1

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Engern\AppData\Local\Temp\vlfgggee.dll",run

O4 - HKCU\..\Run: [b08ee145] rundll32.exe "C:\Users\Engern\AppData\Local\Temp\qkomxgnp.dll",b

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

Restart og en ny HijackThis logg.

Engern · 27. februar 2008

ComboFix 08-02-25.3 - Engern 2008-02-27 17:55:18.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1961 [GMT 1:00]

Running from: C:\Users\Engern\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\C4349EBD2A.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-27 16:44 --------- d-----w C:\Program Files\Steam

2008-02-26 21:37 396,288 ----a-w C:\HijackThis.exe

2008-02-26 20:50 --------- d-----w C:\Program Files\Windows Live

2008-02-26 20:40 --------- d-----w C:\Users\Engern\AppData\Roaming\SUPERAntiSpyware.com

2008-02-26 20:40 --------- d-----w C:\ProgramData\Symantec

2008-02-26 20:39 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-02-26 19:53 --------- d-----w C:\ProgramData\NtiDvdCopy

2008-02-26 17:23 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-02-26 15:13 --------- d-----w C:\Users\Engern\AppData\Roaming\Uniblue

2008-02-25 16:42 --------- d-----w C:\ProgramData\Microsoft Help

2008-02-25 16:42 --------- d-----w C:\Program Files\Microsoft Works

2008-02-25 16:42 --------- d-----w C:\Program Files\Google

2008-02-25 15:27 --------- d-----w C:\ProgramData\NVIDIA

2008-02-25 15:08 --------- d-----w C:\Users\Engern\AppData\Roaming\ErrorSmart

2008-02-24 17:23 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-02-22 14:19 --------- d-----w C:\Program Files\Norton Internet Security

2008-02-22 13:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-22 13:05 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-02-22 13:05 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-02-22 13:05 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-02-22 13:05 --------- d-----w C:\Program Files\Symantec

2008-02-21 22:44 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-21 22:44 --------- d-----w C:\Users\Engern\AppData\Roaming\Musicmatch

2008-02-21 22:44 --------- d-----w C:\Program Files\Musicmatch

2008-02-20 17:46 --------- d-----w C:\Users\Engern\AppData\Roaming\LimeWire

2008-02-20 17:04 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition

2008-02-20 17:00 --------- d-----w C:\ProgramData\WLInstaller

2008-02-20 15:26 --------- d-----w C:\Users\Engern\AppData\Roaming\DivX

2008-02-19 21:12 --------- d-----w C:\Program Files\Java

2008-02-19 20:21 --------- d-----w C:\Users\Engern\AppData\Roaming\Command & Conquer 3 Tiberium Wars

2008-02-19 20:10 --------- d-----w C:\Program Files\DivX

2008-02-19 18:38 --------- d-----w C:\Users\Engern\AppData\Roaming\FrostWire

2008-02-19 18:02 --------- d-----w C:\Program Files\Common Files\Java

2008-02-19 18:02 --------- d-----w C:\Program Files\AskSBar

2008-02-19 17:55 --------- d-----w C:\Program Files\Ares Galaxy Turbo Booster

2008-02-19 16:10 --------- d-----w C:\Program Files\The_Pirate_Bay

2008-02-19 16:10 --------- d-----w C:\Program Files\Conduit

2008-02-19 16:00 174 --sha-w C:\Program Files\desktop.ini

2008-02-19 15:59 --------- d-----w C:\Program Files\Windows Mail

2008-02-19 15:57 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-02-19 15:57 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-02-19 15:57 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-02-19 15:57 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-02-19 15:56 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2008-02-19 15:56 8,704 ----a-w C:\Windows\System32\hccoin.dll

2008-02-19 15:56 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys

2008-02-19 15:56 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2008-02-19 15:56 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2008-02-19 15:56 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2008-02-19 15:56 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys

2008-02-19 15:56 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys

2008-02-19 15:56 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-02-19 15:55 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-19 15:55 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-19 15:55 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-19 15:55 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-19 15:55 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-19 15:55 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-02-19 15:54 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-02-19 15:43 --------- d-----w C:\Users\Engern\AppData\Roaming\Kazaa Lite

2008-02-19 15:15 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-19 15:15 --------- d-----w C:\Program Files\Windows Calendar

2008-02-19 15:10 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-02-19 15:10 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-02-19 15:10 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-02-19 15:10 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-02-19 15:10 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-02-19 15:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-19 15:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-19 15:06 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-02-19 15:05 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-19 15:05 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-19 15:05 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-19 15:05 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-02-19 15:05 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-19 15:05 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-19 15:05 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-19 15:05 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-19 15:05 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-02-19 15:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-02-19 15:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-02-19 15:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-02-19 14:59 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2008-02-19 14:59 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2008-02-19 14:59 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2008-02-19 14:59 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2008-02-19 14:59 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2008-02-19 14:56 --------- d-----w C:\Program Files\MSXML 4.0

2008-02-19 14:55 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-19 14:55 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-19 14:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-19 14:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-19 14:54 750,080 ----a-w C:\Windows\System32\qmgr.dll

2008-02-19 14:54 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-19 14:50 --------- d-----w C:\Program Files\Common Files\Steam

2008-02-19 14:22 53,080 ----a-w C:\Windows\System32\wuauclt.exe

2008-02-19 14:22 43,352 ----a-w C:\Windows\System32\wups2.dll

2008-02-19 14:22 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll

2008-02-19 14:22 1,524,224 ----a-w C:\Windows\System32\wucltux.dll

2008-02-19 14:21 80,896 ----a-w C:\Windows\System32\wudriver.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

2008-02-19 19:02 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-19 16:02 1232896]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

"Steam"="c:\program files\steam\steam.exe" [2008-02-19 15:49 1266936]

"Acer Tour Reminder"="" []

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-19 22:15 171448]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

"Uniblue RegistryBooster 2"="c:\registrybooster 2\StartRegistryBooster.exe" [ ]

"ares"="C:\ARES\Ares.exe" [2008-02-20 15:33 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-14 19:53 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 12:06 4669440 C:\Windows\RtHDVCpl.exe]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 05:44 107112]

"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-11-21 05:42 22696]

"Acer Tour"="" []

"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 09:27 319488]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 23:04 464168]

"PlayMovie"="C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 22:24 178280]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]

"Skytel"="Skytel.exe" [2007-06-15 17:45 1826816 C:\Windows\SkyTel.exe]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]

"MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe" [2006-01-19 11:06 110592]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 17:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-05 23:18:24 528384]

Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]

PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-05 23:22:52 200812]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{64048293-F327-484A-8412-11F8111BAF31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7C8221AB-6183-4551-96DB-2E400DD0570A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E0663390-50D4-494F-908F-14F22C8DCB99}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live|Desc=Acer Arcade Live

"{D4C148B6-6294-4575-936B-2C6BEE8D3A6F}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess|Desc=SlideShow DVD workprocess

"{6A0DC1D7-DC2E-4464-9D3B-2535FFE8AA1A}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess|Desc=DV Magician ARA workprocess

"{123289ED-3F8A-401F-82D4-69F87EC672A5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess|Desc=DV Magician AVAX workprocess

"{5C84AC23-D575-436E-9E97-8FAA1D25843C}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine|Desc=DVDivine

"{A4B05E83-5A13-49E2-8130-7449D1890B5B}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia

"{B4D2704A-61DB-43F6-95BA-6785EAFF0ECF}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect|Desc=HomeMedia Connect

"{4AAEA8A4-EA8D-4454-94F3-E2532C237638}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service|Desc=HomeMedia Connect Service

"{D842B27B-51FD-4185-99C9-00D8D557D6A6}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician

"{7D2476C5-5D3D-4911-89E4-E1FEC32DD7BC}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie|Desc=PlayMovie

"{AAB90380-DD04-4B44-A224-70E1177F38A7}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program|Desc=PlayMovie Resident Program

"{877B1CE5-45C8-4C05-B9F2-249218735ED2}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{9100A7AE-FA51-43B9-8710-34846007E30F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{C6775FE3-1CFC-427D-9190-B36922469CA4}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{C7541BCF-2E79-4C21-BCA8-BDF800882731}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{2EE32519-396C-4A45-9746-EC859E5BEE8B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{1057C6A2-2C2C-4D0D-826B-D6718B4BE216}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{336B5E2A-94DA-4C40-8B20-7173637C34F8}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{AC116A50-78B5-4B25-95E7-CF0F28EBC237}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{4A12689A-C94F-4406-861B-5C930A06DA56}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"TCP Query User{6C694E9D-9F1F-4D5E-AFEA-6F6EE31AFF96}C:\ares\ares.exe"= UDP:C:\ares\ares.exe:Ares|Desc=Ares

"UDP Query User{9C7D20C5-1447-4F46-9EC1-0BCEA92B242A}C:\ares\ares.exe"= TCP:C:\ares\ares.exe:Ares|Desc=Ares

"TCP Query User{C5C5118E-74A7-4012-9D11-812914305CF1}C:\program files\ares\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows|Desc=Ares p2p for windows

"UDP Query User{B5FF20EE-8915-4CCE-9D35-80C5C87B583E}C:\program files\ares\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows|Desc=Ares p2p for windows

"{B515E29A-1012-4493-A652-16B7A33DE7DE}"= UDP:C:\FrostWire\FrostWire.exe:LimeWire

"{0BA8008A-973C-426A-9D0F-5CF81B708130}"= TCP:C:\FrostWire\FrostWire.exe:LimeWire

"TCP Query User{71F8CB9E-62AB-45BF-B3AB-AA71FD8B64F4}C:\users\engern\appdata\local\temp\electronicarts_patcher_000.exe"= UDP:C:\users\engern\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe|Desc=electronicarts_pat

her_000.exe

"UDP Query User{728DDDEB-3B39-466A-B4BA-235067AF03B3}C:\users\engern\appdata\local\temp\electronicarts_patcher_000.exe"= TCP:C:\users\engern\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe|Desc=electronicarts_pat

her_000.exe

"TCP Query User{1B97CC8A-1F4A-4063-9F0B-BCDAAFAF2EC7}C:\program files\gamespy\comrade\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade|Desc=Comrade

"UDP Query User{19229E34-4BBD-479A-B9C5-990C7315080A}C:\program files\gamespy\comrade\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade|Desc=Comrade

"{7F4D1E4D-A773-4425-A919-E6E4D0CB24A8}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Tiberium Wars|Desc=This feature allows users to play Command & Conquer 3 multiplayer games.

"TCP Query User{8A856AB1-7DE9-4ECF-BF17-E92A7629CC77}C:\program files\steam\steamapps\commander_engern\half-life 2 deathmatch\hl2.exe"= UDP:C:\program files\steam\steamapps\commander_engern\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2

"UDP Query User{F67FB7BF-DF84-4225-84E6-CBF4AEC85A27}C:\program files\steam\steamapps\commander_engern\half-life 2 deathmatch\hl2.exe"= TCP:C:\program files\steam\steamapps\commander_engern\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2

"TCP Query User{134322B2-6DEB-4BA8-8A60-90D9B68FC78E}C:\warez\warez.exe"= UDP:C:\warez\warez.exe:Warez|Desc=Warez

"UDP Query User{B5959A3F-2214-42EC-8737-970D8CC34CE0}C:\warez\warez.exe"= TCP:C:\warez\warez.exe:Warez|Desc=Warez

"TCP Query User{B7E4AF4A-7C01-4814-BAD2-C188258AF2AD}C:\onemx\onemx.exe"= UDP:C:\onemx\onemx.exe:OneMX|Desc=OneMX

"UDP Query User{C63ED420-2D15-4FE7-9837-E5CD3BDEB135}C:\onemx\onemx.exe"= TCP:C:\onemx\onemx.exe:OneMX|Desc=OneMX

"TCP Query User{8C949D4D-A950-4085-8ECC-659ABD6376EA}C:\imesh\imesh.exe"= UDP:C:\imesh\imesh.exe:iMesh|Desc=iMesh

"UDP Query User{65173338-2288-4405-A297-63FBFEA1B467}C:\imesh\imesh.exe"= TCP:C:\imesh\imesh.exe:iMesh|Desc=iMesh

"{A6BF9F66-BE17-45CA-A905-8D0BA9DB63DA}"= UDP:C:\LimeWire\LimeWire.exe:LimeWire

"{9445A74B-609E-499C-B2B2-4CBF1BAA2FEA}"= TCP:C:\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-06 23:04]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-06 23:04]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-06 23:04]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080226.002\IDSvix86.sys [2008-02-14 02:51]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 15:24]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-04 17:54]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-06 23:04]

R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 14:22]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-19 15:49]

S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-02-27 02:30:00 C:\Windows\Tasks\ErrorSmart Scheduled Scan.job"

- C:\Program Files\ErrorSmart\ErrorSmart.ex

- C:\Program Files\ErrorSmart.Engern+Runs ErrorSmart to optimize your registry.

"2008-02-22 19:00:10 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Engern.job"

- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:

"2008-02-19 14:14:45 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-27 17:56:41

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-27 17:57:14

ComboFix-quarantined-files.txt 2008-02-27 16:57:12

.

2008-02-26 20:50:40 --- E O F ---

Engern · 27. februar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:53:03, on 27.02.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\ARES\Ares.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe