905

Whenever I turn on my computer, instead of getting a taskbar (including start button) and desktop, I get a black screen and my my documents folder pops up. I can use task manager, and access everything via my my documents but it's really annoying and spyware/hijacking is propably envolved. I cna't find the exe to run norton anti virous due to the lack of the start button, but when scheduled tests run nothing seems to come up. This has been aroung for 3-4 months but everyone I chechked with has never heard about a virus like this before. I'm running windows vista 32-bit and on task manager in the processes it says:Ati2evxx, csrss.exe, dwm.exe, rundll32.exe, taskeng.exe, TSVNCache.exe, and winlogon.exe. The csrss.exe seems to be the legit csrss because when i tried to end it my computer crashed. Not really a tech kind of person so any feedback you can provide would be great.

Ried

Hello 905 and welcome.

No worries, I've seen this many times before. In order to help you, I need to see a set of reports. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help. Download the tools to your desktop then use Task Manager to browse to their locations to run them. Post the requested logs in your next reply.

905

here are the requested logs


DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 16:45:17.25 on 24/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.2155 [GMT -4:00]

AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Security Online *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iZ3D Driver\Win32\S3DCService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\Explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=1208&m=aspire_m5641
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=1208&m=aspire_m5641
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Shell=Explorer.exe c:\windows\csrss.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRunOnce: [Application Restart #0] c:\program files\internet explorer\iexplore.exe -restart /WERRESTART
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.habbo.ca/shockwave_client"
uRunOnce: [Application Restart #1] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe -Embedding
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [eRecoveryService]
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [mswinlogon] c:\windows\mscsrss.exe
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-12-26 133152]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090715.003\IDSvix86.sys [2009-7-25 272432]
R1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files\iz3d driver\win32\S3DInjectionDriver.sys [2009-5-20 23672]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-28 149352]
R2 S3D Service (Win32);S3D Service (Win32);c:\program files\iz3d driver\win32\S3DCService.exe [2009-5-20 233472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-21 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-26 42528]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-8-28 23888]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-09-23 16:33 270,380,310 a------- c:\windows\MEMORY.DMP
2009-09-13 08:17 <DIR> --d----- C:\HammerAutosave
2009-09-10 15:51 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-10 15:51 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-10 15:51 270,848 a------- c:\windows\system32\schannel.dll
2009-09-10 15:51 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-10 15:51 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-10 15:51 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 15:51 72,704 a------- c:\windows\system32\secur32.dll
2009-09-10 15:51 9,728 a------- c:\windows\system32\lsass.exe
2009-09-09 15:40 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 15:40 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 15:40 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 15:40 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 15:40 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 15:40 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 15:40 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 15:40 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 15:40 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 15:40 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 15:39 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 15:39 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-09 15:39 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 15:39 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 15:39 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 15:39 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-04 09:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-04 09:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 11:28 <DIR> --d----- c:\users\owner\appdata\roaming\TortoiseSVN
2009-09-02 11:23 <DIR> --d----- c:\users\owner\appdata\roaming\Subversion
2009-09-02 11:17 <DIR> --d----- c:\program files\TortoiseSVN
2009-09-02 11:17 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-08-27 08:49 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-01 18:14 139,152 a------- c:\users\owner\appdata\roaming\PnkBstrK.sys
2009-08-01 18:14 794,408 a------- c:\windows\system32\pbsvc.exe
2009-07-30 13:15 131,072 a------- c:\windows\system32\SpoonUninstall.exe
2009-07-30 13:15 36,104 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 10:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 09:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 08:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 08:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 06:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-06 08:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-06 08:04 86,016 a------- c:\windows\inf\infstor.dat
2009-07-06 08:04 51,200 a------- c:\windows\inf\infpub.dat
2009-04-18 08:40 179,572 a------- c:\program files\bncache.dat
2009-04-18 08:40 980 a------- c:\program files\BnetLog.txt
2009-01-23 15:02 93 a------- c:\program files\__log.txt
2009-01-23 15:02 1,492 a------- c:\program files\ReadMe.txt
2009-01-23 14:03 636,958 a------- c:\program files\patch_rt.mpq
2009-01-23 14:03 35,902 a------- c:\program files\patch.txt
2009-01-23 14:03 697 a------- c:\program files\bnupdate.log
2009-01-23 14:03 417,792 a------- c:\program files\BNUpdate.exe
2009-01-23 14:02 92,375 a------- c:\program files\License.html
2009-01-23 14:02 65,536 a------- c:\program files\SEditPTB.loc
2009-01-23 14:02 65,536 a------- c:\program files\SEditITA.loc
2009-01-23 14:02 65,536 a------- c:\program files\SEditFRA.loc
2009-01-23 14:02 65,536 a------- c:\program files\SEditESP.loc
2009-01-23 14:02 65,536 a------- c:\program files\SEditENU.loc
2009-01-23 14:02 65,536 a------- c:\program files\SEditDEU.loc
2009-01-23 14:02 52,224 a------- c:\program files\Local.dll
2009-01-23 14:02 66 a------- c:\program files\BwarInst.log
2009-01-10 00:57 1,220,608 a------- c:\program files\StarCraft.exe
2009-01-10 00:57 557,310 a------- c:\program files\battle.snp
2009-01-10 00:57 409,600 a------- c:\program files\storm.dll
2009-01-10 00:57 127,767 a------- c:\program files\standard.snp
2008-12-26 11:57 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-19 23:33 125,440 a------- c:\program files\iccwc3.icc
2008-12-19 23:01 327,680 a------- c:\program files\Launcher.exe
2008-12-19 23:01 128,512 a------- c:\program files\iccscbn.icc
2008-12-19 00:46 24,064 a------- c:\program files\w3lh.dll
2008-12-07 03:08 2,266 a------- c:\program files\unins000.dat
2008-12-07 03:07 691,545 a------- c:\program files\unins000.exe
2008-09-16 22:31 642,560 a------- c:\program files\Chaosplugin.bwl
2008-09-14 04:26 1,104,782 a------- c:\program files\patch_rt.mp_
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2007-09-17 22:16 49,152 a------- c:\program files\ICCUP_reg.exe
2007-09-13 00:20 66,184,491 a------- c:\program files\STARDAT.MPQ
2007-09-13 00:20 23,519,727 a------- c:\program files\BROODAT.MPQ
2007-09-13 00:20 92,672 a------- c:\program files\EditLocal.dll
2007-09-13 00:19 662,474 a------- c:\program files\InstCC.exe
2007-09-13 00:19 315,392 a------- c:\program files\Riched20.dll
2007-09-13 00:19 176,681 a------- c:\program files\StarEdit.hlp
2007-09-13 00:19 150,528 a------- c:\program files\SEditPTG.loc
2007-09-13 00:19 95,232 a------- c:\program files\Smackw32.dll
2007-09-13 00:19 3,483 a------- c:\program files\StarEdit.cnt
2007-08-21 03:21 53,248 a------- c:\program files\nocd1151.bwl
2007-06-27 20:26 27,504 a------- c:\program files\JoinAlert.wav
2007-06-14 14:53 114,688 a------- c:\program files\RepAnalyser.dll
2007-05-17 21:51 1,016,320 a------- c:\program files\StarEdit.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-02-18 07:42 2,831,483 a------- c:\program files\StarCraft.mpq
2006-02-18 07:42 2,831,483 a------- c:\program files\install.ex_
1998-12-16 23:39 32,768 a------- c:\program files\SETUP.EXE

============= FINISH: 16:45:38.64 ===============

Attached Files

	DDS.txt (15.9 KB, 2 views)
	Attach.zip.zip (4.3 KB, 1 views)

Ried

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.


Download Combofix from any of the links below, and save it to your desktop.


Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/topic114351.html

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

905

I have my desktop back and my taskbar, thank you! Here is the log you requested.

ComboFix 09-09-23.02 - Owner 27/09/2009 12:38.2.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.2373 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
c:\windows\Cursors\lsass.exe
c:\windows\Installer\4c80f.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-27 to 2009-09-27 )))))))))))))))))))))))))))))))
.

2009-09-27 16:42 . 2009-09-27 16:44 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-09-27 16:42 . 2009-09-27 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-26 15:18 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-26 15:18 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-26 15:18 . 2009-09-26 15:18 -------- d-----w- c:\program files\iPod
2009-09-26 15:18 . 2009-09-26 15:18 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-26 15:18 . 2009-09-26 15:18 -------- d-----w- c:\program files\iTunes
2009-09-26 15:17 . 2009-09-26 15:17 -------- d-----w- c:\program files\Bonjour
2009-09-26 15:17 . 2009-09-26 15:17 -------- d-----w- c:\program files\QuickTime
2009-09-13 12:17 . 2009-09-17 00:14 -------- d-----w- C:\HammerAutosave
2009-09-10 19:51 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-10 19:51 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-10 19:51 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-10 19:51 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:51 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-10 19:51 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-10 19:51 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-10 19:51 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-09 19:40 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 19:40 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 19:40 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 19:40 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 19:40 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 19:40 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 19:40 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 19:40 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 19:40 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 19:40 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 19:39 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 19:39 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 19:39 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 19:39 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 19:39 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-04 13:11 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 13:11 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 15:28 . 2009-09-02 15:28 -------- d-----w- c:\users\Owner\AppData\Roaming\TortoiseSVN
2009-09-02 15:23 . 2009-09-02 15:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Subversion
2009-09-02 15:22 . 2009-09-27 16:43 -------- d-----w- c:\users\Owner\AppData\Local\TSVNCache
2009-09-02 15:17 . 2009-09-02 15:17 -------- d-----w- c:\program files\TortoiseSVN
2009-09-02 15:17 . 2009-09-02 15:17 -------- d-----w- c:\program files\Common Files\TortoiseOverlays

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 16:45 . 2009-01-25 22:33 -------- d-----w- c:\program files\Steam
2009-09-27 16:36 . 2009-05-21 00:43 -------- d-----w- c:\program files\iZ3D Driver
2009-09-26 18:26 . 2008-12-27 15:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2009-09-26 15:26 . 2009-05-12 11:46 1 ----a-w- c:\users\Owner\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-26 15:18 . 2008-12-27 15:22 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 23:19 . 2008-12-26 12:36 -------- d-----w- c:\program files\Google
2009-09-24 20:39 . 2009-04-22 12:04 -------- d-----w- c:\program files\Tag
2009-09-24 20:33 . 2008-12-26 23:03 -------- d-----w- c:\programdata\Media Center Programs
2009-09-24 20:33 . 2009-07-29 21:56 -------- d-----w- c:\program files\Diablo II
2009-09-24 20:33 . 2009-08-25 15:18 -------- d-----w- c:\program files\coolpro2
2009-09-24 19:58 . 2008-03-16 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 10:38 . 2009-01-11 13:15 -------- d-----w- c:\users\Owner\AppData\Roaming\uTorrent
2009-09-23 01:22 . 2008-12-27 21:12 -------- d-----w- c:\users\Owner\AppData\Roaming\LimeWire
2009-09-10 19:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 21:00 . 2009-01-25 22:33 -------- d-----w- c:\program files\Common Files\Steam
2009-08-25 15:20 . 2009-08-25 15:20 -------- d-----w- c:\users\Owner\AppData\Roaming\Syntrillium
2009-08-25 12:24 . 2009-08-25 12:24 -------- d-----w- c:\program files\System Requirements Lab BETA
2009-08-07 23:51 . 2009-08-07 23:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 23:51 . 2009-08-07 23:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-01 22:14 . 2008-12-26 23:04 139152 ----a-w- c:\users\Owner\AppData\Roaming\PnkBstrK.sys
2009-08-01 22:14 . 2008-12-26 23:04 139152 ----a-w- c:\users\Owner\AppData\Roaming\PnkBstrK.sys
2009-07-30 17:15 . 2009-03-10 22:08 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-07-30 17:15 . 2009-03-10 22:08 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-07-18 16:06 . 2009-07-29 12:31 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 12:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 12:31 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-21 20:16 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-21 20:15 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-21 20:15 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-21 20:15 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-21 20:15 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-18 12:40 . 2009-04-18 12:37 980 ----a-w- c:\program files\BnetLog.txt
2009-04-18 12:40 . 2009-04-18 12:37 179572 ----a-w- c:\program files\bncache.dat
2009-01-23 19:02 . 2009-04-18 12:37 93 ----a-w- c:\program files\__log.txt
2009-01-23 19:02 . 2009-04-18 12:37 1492 ----a-w- c:\program files\ReadMe.txt
2009-01-23 18:03 . 2009-04-18 12:37 697 ----a-w- c:\program files\bnupdate.log
2009-01-23 18:03 . 2009-04-18 12:37 636958 ----a-w- c:\program files\patch_rt.mpq
2009-01-23 18:03 . 2009-04-18 12:37 35902 ----a-w- c:\program files\patch.txt
2009-01-23 18:03 . 2009-04-18 12:37 417792 ----a-w- c:\program files\BNUpdate.exe
2009-01-23 18:02 . 2009-04-18 12:37 66 ----a-w- c:\program files\BwarInst.log
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditPTB.loc
2009-01-23 18:02 . 2009-04-18 12:37 92375 ----a-w- c:\program files\License.html
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditITA.loc
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditFRA.loc
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditESP.loc
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditENU.loc
2009-01-23 18:02 . 2009-04-18 12:37 65536 ----a-w- c:\program files\SEditDEU.loc
2009-01-23 18:02 . 2009-04-18 12:37 52224 ----a-w- c:\program files\Local.dll
2009-01-10 04:57 . 2009-04-18 12:37 409600 ----a-w- c:\program files\storm.dll
2009-01-10 04:57 . 2009-04-18 12:37 1220608 ----a-w- c:\program files\StarCraft.exe
2009-01-10 04:57 . 2009-04-18 12:37 127767 ----a-w- c:\program files\standard.snp
2009-01-10 04:57 . 2009-04-18 12:37 557310 ----a-w- c:\program files\battle.snp
2008-12-20 03:33 . 2009-04-18 12:37 125440 ----a-w- c:\program files\iccwc3.icc
2008-12-20 03:01 . 2009-04-18 12:37 327680 ----a-w- c:\program files\Launcher.exe
2008-12-20 03:01 . 2009-04-18 12:37 128512 ----a-w- c:\program files\iccscbn.icc
2008-12-19 04:46 . 2009-04-18 12:37 24064 ----a-w- c:\program files\w3lh.dll
2008-12-07 07:08 . 2009-04-18 12:37 2266 ----a-w- c:\program files\unins000.dat
2008-12-07 07:07 . 2009-04-18 12:37 691545 ----a-w- c:\program files\unins000.exe
2008-09-17 02:31 . 2009-04-18 12:37 642560 ----a-w- c:\program files\Chaosplugin.bwl
2008-09-14 08:26 . 2009-04-18 12:37 1104782 ----a-w- c:\program files\patch_rt.mp_
2007-09-18 02:16 . 2009-04-18 12:37 49152 ----a-w- c:\program files\ICCUP_reg.exe
2007-09-13 04:20 . 2009-04-18 12:37 66184491 ----a-w- c:\program files\STARDAT.MPQ
2007-09-13 04:20 . 2009-04-18 12:37 92672 ----a-w- c:\program files\EditLocal.dll
2007-09-13 04:20 . 2009-04-18 12:37 23519727 ----a-w- c:\program files\BROODAT.MPQ
2007-09-13 04:19 . 2009-04-18 12:37 3483 ----a-w- c:\program files\StarEdit.cnt
2007-09-13 04:19 . 2009-04-18 12:37 176681 ----a-w- c:\program files\StarEdit.hlp
2007-09-13 04:19 . 2009-04-18 12:37 95232 ----a-w- c:\program files\Smackw32.dll
2007-09-13 04:19 . 2009-04-18 12:37 662474 ----a-w- c:\program files\InstCC.exe
2007-09-13 04:19 . 2009-04-18 12:37 315392 ----a-w- c:\program files\Riched20.dll
2007-09-13 04:19 . 2009-04-18 12:37 150528 ----a-w- c:\program files\SEditPTG.loc
2007-08-21 07:21 . 2009-04-18 12:37 53248 ----a-w- c:\program files\nocd1151.bwl
2007-06-28 00:26 . 2009-04-18 12:37 27504 ----a-w- c:\program files\JoinAlert.wav
2007-06-14 18:53 . 2009-04-18 12:37 114688 ----a-w- c:\program files\RepAnalyser.dll
2007-05-18 01:51 . 2009-04-18 12:37 1016320 ----a-w- c:\program files\StarEdit.exe
2006-02-18 11:42 . 2009-04-18 12:37 2831483 ----a-w- c:\program files\StarCraft.mpq
2006-02-18 11:42 . 2009-04-18 12:37 2831483 ----a-w- c:\program files\install.ex_
1998-12-17 03:39 . 2009-04-18 12:37 32768 ----a-w- c:\program files\SETUP.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-06-13 1217784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{89EC6C5A-4AB0-4332-8222-0B151E8A8E96}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C318B0A4-B2D0-4D2E-9441-555DC11A8A75}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31EB5216-7D72-4C17-8DF2-FA5B69B7869E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{26FE9C91-6E60-48BC-B3AA-D79B7C59914D}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{C18D350E-70E9-4318-B4E7-9010EF6B2E4D}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{EE069A8D-8807-4265-9E9F-BCE3E4B5E5C0}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{874CAD02-88FF-466E-AA3F-AF9F3A623C94}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7ED59EB1-CFBC-4847-87BA-C72F41906F89}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{29AFD23D-DC75-4498-B6F5-0D97C0EE470E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9466AB8E-08EC-4292-81A6-21E9CC12EC80}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B8077F37-E21E-43B2-96F9-07EA01EB997C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{076BBDBE-8B99-42D5-A8D2-91E11354765D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{92602FBD-DE1E-4A4A-9973-D3F95E949ED9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{237EF56C-1052-4FF6-83D6-7516B89142DD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{1E812C80-AA0F-41AA-9F82-CEC80B8D7071}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{EA7110B6-2FEF-40B3-8F51-A12D099808B4}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E773A9EA-E7F6-46DD-A960-5A773C202C86}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{02D097F2-A764-4B79-BA79-557B6F46624E}"= c:\program files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:XNA Game Studio 3.0 Transport
"{78A15E22-293F-49DD-9ADF-FCE94C1EB306}"= c:\program files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:XNA Framework Games for Windows - LIVE
"TCP Query User{AC31C446-64DC-4B32-B74F-D3710816A61F}c:\\program files\\steam\\steamapps\\tigereye5000\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\tigereye5000\counter-strike source\hl2.exe:hl2
"UDP Query User{70CF6760-C261-41CD-94C6-23AF0AD24D76}c:\\program files\\steam\\steamapps\\tigereye5000\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\tigereye5000\counter-strike source\hl2.exe:hl2
"TCP Query User{B0883C33-9747-4122-A7E0-D3F56A027581}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A925967C-1FC1-4BC7-B7E7-048AD4DBB391}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DD9F7773-74E8-4598-83FA-19AA356ED0E8}c:\\program files\\emote\\launcher\\launcher.exe"= UDP:c:\program files\emote\launcher\launcher.exe:launcher
"UDP Query User{56611E2E-B3F8-4BD1-AA32-1A24A3D1250E}c:\\program files\\emote\\launcher\\launcher.exe"= TCP:c:\program files\emote\launcher\launcher.exe:launcher
"{8C247EC7-D167-4896-8902-E63E1678E467}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{F099B9BD-B773-454D-BFF3-AFF3B4FC45EA}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{8AF1A417-0A4B-418D-A752-6E0000EA1F7F}"= UDP:3724:Blizzard Downloader: 3724
"{551B3BAA-CFD1-4653-AC55-CA729D98BC2B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{86FE7D9A-5A6C-4470-A3A3-082833BB1432}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0220D50E-6007-4EF4-958C-3A3BBA855BB9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BA4B94A4-7572-4A6F-A0EA-1F0B3B9DAA39}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\WINDOWS\\csrss.exe"= c:\windows\winlogon.exe

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090715.003\IDSvix86.sys [25/07/2009 6:00 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [28/08/2007 8:39 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/04/2009 1:00 PM 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26/12/2008 11:26 AM 42528]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [28/08/2007 8:43 PM 23888]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 8:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10/07/2008 3:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 8:28 PM 369688]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4F574E45-4F57-4F57-4F57-4F574E45522D}]
"c:\windows\Cursors\lsass.exe" /s
.
Contents of the 'Scheduled Tasks' folder

2008-03-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-26 18:32]

2008-03-16 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-26 18:32]

2009-07-07 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-29 00:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=1208&m=aspire_m5641
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
HKLM-Run-eRecoveryService - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3908)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\SiteAdvisor\6172\SAService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-27 12:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-27 16:47

Pre-Run: 142,749,937,664 bytes free
Post-Run: 143,438,315,520 bytes free

350 --- E O F --- 2009-09-11 20:21

Attached Files

ComboFix.txt (26.1 KB, 1 views)

Ried

That's good to hear. :)

Open notepad and copy/paste the entire text in the quote box below: (don't forget to copy and paste REGEDIT4)

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

It's important to run an online scan to search for remnants. Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

905

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Ried

How is the system behaving? Do any problems remain?

905

My norton anti virus is acting a little wonky, saying its discontinued by rogers, and I cant update it, internet explorer was messed up but that was fixed with the deletion of some programs, the ESET said it found a malicous lsass.exe.vir file so I deleted it, everything seems to be working fine other than that though.

Ried

How old is your version of Norton?

905

It was install decmber of 2008, and was last updated in June, due to the virus blocking updates, and it being "discontinued by rogers." Considering it comes with my internet package I am planning to phone rogers to see if this is legitimate and if they would allow me to reinstall norton.

Ried

That's a good idea. If they are discontinuing Norton, find out if they are replacing it with another Anti Virus program. If they are not, you can use this very good free AV from Avast [url=http://www.avast.com/eng/download-avast-home.html]Avast Free AV[url]

Download the installer, but do not install it until you have removed Norton. It's never a good idea to have more than 1 Anti Virus program installed at a given time. They will conflict with one another and cause system instability.

After you have uninstalled Norton via the Add or Remove programs panel, reboot, then install Avast.

Let me know how that worked out for you.