Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Installed Trial version of Nero9, did I get a virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 13th, 2009, 11:26 am

Hello, I downloaded the trial version of Nero9 from Nero's website and keep getting this line (see below) popping up when I click to open a program:

Run Once - and /C rmidir /S /Q C:\Users\Dad\AppData\Local\Temp\nro.tmp\

(install .... yes or no box below)

Since it appeared I am unable to download neither Kaspersky or Housecall online antivirus checkers.

I've updated and run A-Squared \ Malware Bytes Antimalware\ Spybot S&D\ Super AntiSpyware\ Avast free edition (run in check at bootup mode). That I have already on my PC.

Nothing was found. So is this something I should be worried about?

(I've previously installed nero9 on my father-in-laws PC and did no get this 'Run Once' line come up or have any problems when opening a program on his PC).

Here's my Hijack This log:

(I'm sorry for missing it out of my original post, but I was concentrating on getting all of the facts right and forgot to list it)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:24, on 11/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Dad\AppData\Local\Temp\RtkBtMnt.exe
D:\DOWNLOADS\DECKARDS SYSTEM SCANNER\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8645 bytes



Thank you for your help in advance

bof:)

:)
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK
Advertisement
Register to Remove

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby MWR 3 day Mod » August 16th, 2009, 2:31 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby Cypher » August 17th, 2009, 11:39 am

Sorry for the delay.


Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I'll be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you have questions about something...ASK, don't guess or assume.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
  • DO NOT run any other fix/removal tools unless instructed to do so!
  • DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Print each set of instructions... if possible...your Internet connection might not be available during some fix processes.
  • The logs from the tools we use can take some time to research so please be patient.

    If you follow these guidelines, things should proceed smoothly. :)
    I am currently reviewing your log, and will return as soon as possible with your instructions.



    Please post an Uninstall list.

    1. Open HijackThis.
    2. Click on the Open the Misc Tools section button.
    3. Look under System tools.
    4. Click on the Open Uninstall Manager... button.
    5. Click on the Save list... button.
    6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
    7. Notepad will open. Please post this log in your next reply.


In your next reply.

1. Uninstall list
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 17th, 2009, 3:01 pm

Hello Cypher, here is the Uninstall log as requested:


123 Free Memory Card Games
7digital Locker 1.1
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer Tour
Acer VCM
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Apple Software Update
a-squared Free 4.5
avast! Antivirus
Belarc Advisor 7.2
CCleaner (remove only)
CDex extraction audio
Choice Guard
CleanUp!
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Free YouTube to Mp3 Converter version 3.1
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Card Games
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java(TM) 6 Update 13
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
Nero 9 Trial
neroxml
Nokia Connectivity Cable Driver
Novel Writer Standard
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org 3.1
PowerProducer
Quake II
QuickTime
Realtek High Definition Audio Driver
RegScrubVistaXP v1.6
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Sea Battle
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Serif DrawPlus X3
Skype™ 4.0
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Tablet
Uniblue ProcessScanner
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VC 9.0 Runtime
Winbond CIR Drivers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPatrol 2008
WinRAR archiver
ZoneAlarm
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby Cypher » August 18th, 2009, 11:32 am

Hi bof.


SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.


RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
  4. The first one, "log.txt", will be maximized
  5. The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next

Please Download SysProt Antirootkit
you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors.

Unzip it into a folder on your desktop.
  • Right click Sysprot.exe and chose Run As Administrator to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items and check Hidden Objects Only at the bottom of the window.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

In your next reply.

1. RSIT log.txt file contents and info.txt file contents.
2. sysprotantirootkit log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 18th, 2009, 1:25 pm

Hello CYPHER, I think I've got the logs you 've requested. I have a problem with RSIT in that when I tried to run it I got an error message and then lost the info.txt file. This was solved by uninstalling RSIT and rebooting my laptop.

Here's the logs you've requested,

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-08-18 17:16:10
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 58 GB (50%) free of 114 GB
Total RAM: 3062 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:42, on 18/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Dad\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\DOWNLOADS\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8733 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-25 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-01-25 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-09 865840]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-04-27 1286144]
"Acer Tour"= []
"eRecoveryService"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"Skytel"=C:\Windows\Skytel.exe [2007-05-07 1826816]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-05-04 502544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-03 206952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
C:\Windows\PLFSet.dll [2007-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2007-04-27 1208320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-15 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
C:\Windows\System32\WTablet\TabUserW.exe [2005-12-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-04-16 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-18 17:16:10 ----D---- C:\rsit
2009-08-12 13:03:11 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-12 13:03:11 ----A---- C:\Windows\system32\kerberos.dll
2009-08-12 13:03:10 ----A---- C:\Windows\system32\wdigest.dll
2009-08-12 13:03:10 ----A---- C:\Windows\system32\schannel.dll
2009-08-12 13:03:09 ----A---- C:\Windows\system32\secur32.dll
2009-08-12 13:03:09 ----A---- C:\Windows\system32\lsass.exe
2009-08-12 13:03:09 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-12 13:03:05 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 13:03:02 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 13:02:59 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 13:02:55 ----A---- C:\Windows\system32\atl.dll
2009-08-12 13:02:42 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 13:02:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-11 20:26:18 ----A---- C:\Windows\Irremote.ini
2009-08-11 20:15:12 ----D---- C:\Program Files\Nero
2009-08-11 20:14:48 ----D---- C:\ProgramData\Nero
2009-08-11 20:14:48 ----D---- C:\Program Files\Common Files\Nero
2009-08-11 20:14:16 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-08-09 12:01:18 ----D---- C:\Users\Dad\AppData\Roaming\McAfee
2009-08-09 12:00:39 ----D---- C:\Program Files\McAfee
2009-08-05 13:46:53 ----A---- C:\Windows\system32\javaws.exe
2009-08-05 13:46:53 ----A---- C:\Windows\system32\javaw.exe
2009-08-05 13:46:53 ----A---- C:\Windows\system32\java.exe
2009-07-31 14:27:24 ----D---- C:\Users\Dad\AppData\Roaming\Intel
2009-07-31 14:27:24 ----D---- C:\ProgramData\Roaming
2009-07-31 14:26:38 ----D---- C:\Program Files\Cisco
2009-07-31 14:26:36 ----D---- C:\ProgramData\Intel
2009-07-31 14:26:36 ----D---- C:\Program Files\Common Files\Intel
2009-07-30 11:05:48 ----A---- C:\Windows\system32\mshtml.dll
2009-07-30 11:05:46 ----A---- C:\Windows\system32\ieframe.dll
2009-07-30 11:05:44 ----A---- C:\Windows\system32\urlmon.dll
2009-07-30 11:05:43 ----A---- C:\Windows\system32\wininet.dll
2009-07-30 11:05:43 ----A---- C:\Windows\system32\ieui.dll
2009-07-30 11:05:41 ----A---- C:\Windows\system32\ieencode.dll
2009-07-21 17:04:21 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 months======

2009-08-18 17:17:22 ----D---- C:\Windows\Internet Logs
2009-08-18 17:16:25 ----D---- C:\Windows\Prefetch
2009-08-18 17:16:16 ----D---- C:\Windows\Temp
2009-08-18 17:14:35 ----RD---- C:\DOWNLOADS
2009-08-18 16:54:13 ----D---- C:\Windows\System32
2009-08-18 16:54:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-18 16:50:25 ----D---- C:\Windows\system32\catroot2
2009-08-18 08:58:52 ----SHD---- C:\System Volume Information
2009-08-16 20:11:51 ----D---- C:\Users\Dad\AppData\Roaming\Skype
2009-08-16 20:10:02 ----D---- C:\Users\Dad\AppData\Roaming\skypePM
2009-08-16 20:08:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-08-16 19:01:10 ----AD---- C:\ProgramData\TEMP
2009-08-16 19:00:53 ----D---- C:\Program Files\SpywareBlaster
2009-08-13 16:44:51 ----D---- C:\Windows\Debug
2009-08-12 13:21:35 ----D---- C:\Windows\winsxs
2009-08-12 13:11:09 ----D---- C:\Windows\inf
2009-08-12 13:08:09 ----D---- C:\Windows\system32\drivers
2009-08-12 13:08:09 ----D---- C:\Program Files\Windows Media Player
2009-08-12 13:05:52 ----D---- C:\Windows\system32\catroot
2009-08-12 13:05:48 ----D---- C:\Program Files\Windows Mail
2009-08-12 12:34:17 ----SHD---- C:\Windows\Installer
2009-08-12 12:15:02 ----D---- C:\Windows
2009-08-11 22:44:32 ----D---- C:\Program Files\Mozilla Firefox
2009-08-11 20:15:12 ----RD---- C:\Program Files
2009-08-11 20:14:48 ----HD---- C:\ProgramData
2009-08-11 20:14:48 ----D---- C:\Program Files\Common Files
2009-08-10 18:29:55 ----D---- C:\Users\Dad\AppData\Roaming\U3
2009-08-09 12:00:49 ----SD---- C:\Users\Dad\AppData\Roaming\Microsoft
2009-08-09 12:00:39 ----D---- C:\ProgramData\McAfee
2009-08-05 13:46:52 ----D---- C:\Program Files\Java
2009-08-04 16:03:31 ----D---- C:\Users\Dad\AppData\Roaming\Hoyle Card Games
2009-08-04 11:43:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-31 14:26:36 ----D---- C:\Program Files\Intel
2009-07-31 09:50:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-30 01:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-25 23:36:36 ----D---- C:\Windows\rescache
2009-07-25 05:23:00 ----A---- C:\Windows\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R1 vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-16 293528]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-03-15 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 8192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-05-04 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-15 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-15 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-05-10 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-08 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-09 185392]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-15 659968]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EraserUtilDrv10631;EraserUtilDrv10631; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10631.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 2216448]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-07-17 719392]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 TabletService;TabletService; C:\Windows\system32\Tablet.exe [2005-12-05 753664]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []

-----------------EOF-----------------
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 18th, 2009, 1:27 pm

Here's the info.txt

info.txt logfile of random's system information tool 1.06 2009-08-18 17:28:44

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
123 Free Memory Card Games-->C:\PROGRA~1\123FRE~1\UNWISE.EXE C:\PROGRA~1\123FRE~1\INSTALL.LOG
7digital Locker 1.1-->C:\Program Files\7digital Locker\uninst.exe
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.EXE" -uninstall
Acer eDataSecurity Management-->MsiExec.exe /X{AEEAE013-92F1-4515-B278-139F1A692A36}
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -Ic:\Release\Foxconn\51338\AcrZUn32z.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hoyle Card Games-->MsiExec.exe /X{8C5766F2-81D9-4B5A-8AD5-A8BD6361EF0A}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Launch Manager-->C:\Windows\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Novel Writer Standard-->"C:\Program Files\Novel Writer Standard\UninstallerData\Uninstall Novel Writer Standard.exe"
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Quake II-->C:\Windows\IsUninst.exe -fC:\Quake2\Uninst.isu
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RegScrubVistaXP v1.6-->"C:\Program Files\RegScrubVistaXP\unins000.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Sea Battle-->C:\Program Files\KARPOLAN\Sea Battle\UnGins.exe "C:\Program Files\KARPOLAN\Sea Battle\install.log"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Serif DrawPlus X3-->MsiExec.exe /I{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tablet-->C:\Program Files\Tablet\Remove.exe /u
Uniblue ProcessScanner-->"C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

FW: Sunbelt Personal Firewall
FW: ZoneAlarm Firewall
AS: ZoneAlarm Anti-Spyware (outdated)
AS: AVG Anti-Spyware (disabled) (outdated)
AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Dad-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 58680
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090405094117.571397-000
Event Type: Error
User:

Computer Name: Dad-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 58667
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090405094017.840800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Dad-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 58596
Source Name: Service Control Manager
Time Written: 20090405084726.000000-000
Event Type: Error
User:

Computer Name: Dad-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 58557
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090405084716.756786-000
Event Type: Error
User:

Computer Name: Dad-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 58544
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090404194339.058000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Dad-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6c61fd8e-13f9-4f79-a83f-ea1b61c2ca9b}
Record Number: 892
Source Name: VSS
Time Written: 20090112134434.000000-000
Event Type: Error
User:

Computer Name: Dad-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6c61fd8e-13f9-4f79-a83f-ea1b61c2ca9b}
Record Number: 871
Source Name: VSS
Time Written: 20090112133537.000000-000
Event Type: Error
User:

Computer Name: Dad-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 862
Source Name: Microsoft-Windows-Search
Time Written: 20090112133451.000000-000
Event Type: Warning
User:

Computer Name: Dad-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 810
Source Name: Microsoft-Windows-Search
Time Written: 20090112202655.000000-000
Event Type: Warning
User:

Computer Name: LH-D8XRYD4Z9QTB
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 774
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20081103152140.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Dad-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DAD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\loadperf.dll
Handle ID: 0x18

Process Information:
Process ID: 0x43c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 11912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117190631.032600-000
Event Type: Audit Success
User:

Computer Name: Dad-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DAD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\w32time.dll
Handle ID: 0x18

Process Information:
Process ID: 0x43c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 11911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117190631.017000-000
Event Type: Audit Success
User:

Computer Name: Dad-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DAD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\systeminfo.exe
Handle ID: 0x18

Process Information:
Process ID: 0x43c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 11910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117190631.017000-000
Event Type: Audit Success
User:

Computer Name: Dad-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DAD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\vss_ps.dll
Handle ID: 0x18

Process Information:
Process ID: 0x43c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 11909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117190631.001400-000
Event Type: Audit Success
User:

Computer Name: Dad-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DAD-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\iasacct.dll
Handle ID: 0x18

Process Information:
Process ID: 0x43c
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.18000_none_095f6148c74a7a64\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 11908
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090117190630.985800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\WiFi\bin\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 18th, 2009, 1:30 pm

Here's the Sysprot log

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 905D3000
Module End: 905DE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 905DE000
Module End: 905E6000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlpcConnectPort
Address: 904A5880
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwConnectPort
Address: 904A54E0
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateFile
Address: 904A2828
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateKey
Address: 904B8D9C
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreatePort
Address: 904A5C36
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateProcess
Address: 904B6AF8
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateProcessEx
Address: 904B6D12
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateSection
Address: 904BA780
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateWaitablePort
Address: 904A5CDE
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteFile
Address: 904A2D0A
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteKey
Address: 904B9698
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDeleteValueKey
Address: 904B9414
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwDuplicateObject
Address: 904B64F8
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKey
Address: 904B9BC6
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKey2
Address: 904B9C3E
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwLoadKeyEx
Address: 904B9D2E
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwOpenFile
Address: 904A2BA2
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwOpenProcess
Address: 904B7F18
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRenameKey
Address: 904BA370
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwReplaceKey
Address: 904B9DA6
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRequestWaitReplyPort
Address: 904A516A
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwRestoreKey
Address: 904BA1B0
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSecureConnectPort
Address: 904A5680
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSetInformationFile
Address: 904A2EF8
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSetValueKey
Address: 904B911A
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwSystemDebugControl
Address: 904B7486
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwTerminateProcess
Address: 904B7362
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

Function Name: ZwCreateUserProcess
Address: 904B6F30
Driver Base: 9048C000
Driver End: 904E9000
Driver Name: \SystemRoot\system32\DRIVERS\vsdatant.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DAD-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAD-PC:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: DAD-PC:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: DAD-PC:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: DAD-PC:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: DAD-PC:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: DAD-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: DAD-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DAD-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: DAD-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DAD-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DAD-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: DAD-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DAD-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: DAD-PC:52536
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAD-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DAD-PC:60218
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:52537
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: DAD-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{2c69f524-8bcc-11de-a5af-f122d2bed466}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3b05ad20-85d1-11de-9055-8482134a4b6d}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{49200f00-8734-11de-ac5c-f662b4238471}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{4adfd705-8720-11de-a6dc-94fb4d74003e}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{51a36bb7-8361-11de-8588-9f62f54be836}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{6e87908d-8b17-11de-80b3-f6cd821a5a67}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{b016f386-8818-11de-a5e9-ea1d8069fd65}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{cc2dfd24-8679-11de-92e7-c50425f2e766}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{cc2dfd38-8679-11de-92e7-c50425f2e766}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{cc2dfd40-8679-11de-92e7-c50425f2e766}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{db6e1f8b-898b-11de-a604-bf4829d25d6a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e70742c0-84bc-11de-8405-af29e783ea6b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl
Status: Access denied




bof:)
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby Cypher » August 19th, 2009, 12:13 pm

Hi bof.

You have a lot of security applications installed.
This will cause system conflict and overall online security is lessened.
It is also a huge resource hog on your system.
I advise you to uninstall the following.

a-squared
Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware


Next

You have TeaTimer running
This is good as TeaTimer protects you from many malicious changes to your registry. However, TeaTimer is a computer program, which has no way of distinguishing between good or malicious intentions; this means it might hinder the modifications I need to make to your system.

This means that TeaTimer will need to be disabled until you have been cleaned of malware.

  • Right-click on the Tea Timer icon in your system tray. It looks like this: Image
  • If you have the new version 1.5: click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System tray should now be now colourless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

This is not enough, there is a second step attached:

  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go to the bottom of the vertical panel on the left and click Tools
  • Now, also in left panel, click Resident - the pictogram shows a red/white shield.
  • In the Resident protection status frame, uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File > Exit to close Spybot
  • Reboot your machine for the changes to take effect.



Disable Winpatrol

    Some programs can Interfere with the fix

    • Right click on the Scotty Dog near the clock and select Options.... A window will open.
    • Select the Options tab.
    • Uncheck (untick) this box: Automatically run Winpatrol when computer starts.
    • Close the Winpatrol window.
    • Right click on the Scotty Dog again and select Exit Program.

    Next

    Run HijackThis
      If you are on the Main Menu page... Click "Do a system scan only"
      If you are on the "scan & fix stuff" page... Press the Scan...button.
    When the scan finishes...Place a check mark next to the following entries (if they are still present):
      *Only check those items listed below *

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

      O15 - Trusted Zone: http://*.mcafee.com <<<< Fix this URL's in the trusted zone are a security risk

      After checking these items... CLOSE ALL open windows except HijackThis
      Click the Fix Checked ...button...to remove the entries you checked.
      Choose YES...when prompted to fix the selected items.
      Once it has fixed them, close HijackThis and reboot your computer normally.

      Next

      Re-run - RSIT (Random's System Information Tool)
      You should still have this program on your desktop.
      1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
      2. Please read the disclaimer... click on Continue.
        RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
      3. Please post ONLY the "log.txt", file contents in your next reply.
        (This log can be lengthy, so a separate post may be needed.)

      Next

      As you have CCleaner installed please run it now.
      CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

      Next


      ESET online scannner

      Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

      Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

      • Please go Here then click on: Image
        Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
        All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
      • Select the option YES, I accept the Terms of Use then click on: Image
      • When prompted allow the Add-On/Active X to install.
      • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
      • Now click on Advanced Settings and select the following:
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
      • Now click on: Image
      • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
      • When completed the Online Scan will begin automatically.
      • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
      • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
      • Now click on: Image
      • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
      • Copy and paste that log as a reply to this topic.

In your next reply.

1. RSIT log.txt.
2. EsetOnlineScanner log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 19th, 2009, 6:26 pm

Hi there's the two logs you've requested. I followed all of your instructions EXCEPT that I for got to run Ccleaner before I ran the Eset scan. here's the scans:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-08-19 20:49:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 57 GB (50%) free of 114 GB
Total RAM: 3062 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:54, on 19/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Dad\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dad\Desktop\RSIT MRU TOOL\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7849 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-04-25 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-25 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-01-25 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-09 865840]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-05-10 4468736]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-04-27 1286144]
"Acer Tour"= []
"eRecoveryService"= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2007-05-04 502544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-03 206952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
C:\Windows\PLFSet.dll [2007-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe [2007-04-27 1208320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-15 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TabUserW.exe.lnk]
C:\Windows\System32\WTablet\TabUserW.exe [2005-12-05 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-04-16 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-19 20:26:50 ----SHD---- C:\Config.Msi
2009-08-18 17:16:10 ----D---- C:\rsit
2009-08-12 13:03:11 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-12 13:03:11 ----A---- C:\Windows\system32\kerberos.dll
2009-08-12 13:03:10 ----A---- C:\Windows\system32\wdigest.dll
2009-08-12 13:03:10 ----A---- C:\Windows\system32\schannel.dll
2009-08-12 13:03:09 ----A---- C:\Windows\system32\secur32.dll
2009-08-12 13:03:09 ----A---- C:\Windows\system32\lsass.exe
2009-08-12 13:03:09 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-12 13:03:05 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 13:03:02 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 13:02:59 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-12 13:02:55 ----A---- C:\Windows\system32\atl.dll
2009-08-12 13:02:42 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 13:02:40 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 13:02:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-11 20:26:18 ----A---- C:\Windows\Irremote.ini
2009-08-11 20:15:12 ----D---- C:\Program Files\Nero
2009-08-11 20:14:48 ----D---- C:\ProgramData\Nero
2009-08-11 20:14:48 ----D---- C:\Program Files\Common Files\Nero
2009-08-11 20:14:16 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-08-09 12:01:18 ----D---- C:\Users\Dad\AppData\Roaming\McAfee
2009-08-09 12:00:39 ----D---- C:\Program Files\McAfee
2009-08-05 13:46:53 ----A---- C:\Windows\system32\javaws.exe
2009-08-05 13:46:53 ----A---- C:\Windows\system32\javaw.exe
2009-08-05 13:46:53 ----A---- C:\Windows\system32\java.exe
2009-07-31 14:27:24 ----D---- C:\Users\Dad\AppData\Roaming\Intel
2009-07-31 14:27:24 ----D---- C:\ProgramData\Roaming
2009-07-31 14:26:38 ----D---- C:\Program Files\Cisco
2009-07-31 14:26:36 ----D---- C:\ProgramData\Intel
2009-07-31 14:26:36 ----D---- C:\Program Files\Common Files\Intel
2009-07-30 11:05:48 ----A---- C:\Windows\system32\mshtml.dll
2009-07-30 11:05:46 ----A---- C:\Windows\system32\ieframe.dll
2009-07-30 11:05:44 ----A---- C:\Windows\system32\urlmon.dll
2009-07-30 11:05:43 ----A---- C:\Windows\system32\wininet.dll
2009-07-30 11:05:43 ----A---- C:\Windows\system32\ieui.dll
2009-07-30 11:05:41 ----A---- C:\Windows\system32\ieencode.dll
2009-07-21 17:04:21 ----A---- C:\Windows\system32\aswBoot.exe

======List of files/folders modified in the last 1 months======

2009-08-19 20:49:52 ----D---- C:\Windows\Temp
2009-08-19 20:49:45 ----D---- C:\Windows\Internet Logs
2009-08-19 20:49:11 ----D---- C:\Windows\System32
2009-08-19 20:49:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-19 20:26:55 ----SHD---- C:\Windows\Installer
2009-08-19 20:26:55 ----D---- C:\Program Files\Mozilla Firefox
2009-08-19 20:26:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-19 20:26:54 ----D---- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2009-08-19 20:26:54 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-19 20:26:09 ----SHD---- C:\System Volume Information
2009-08-19 20:25:00 ----D---- C:\Program Files\SpywareBlaster
2009-08-19 20:23:34 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-08-19 20:23:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 20:23:33 ----D---- C:\Windows\Prefetch
2009-08-19 20:19:25 ----D---- C:\Program Files\a-squared Free
2009-08-19 17:48:21 ----D---- C:\Users\Dad\AppData\Roaming\Hoyle Card Games
2009-08-19 11:10:47 ----D---- C:\Windows
2009-08-19 11:10:45 ----D---- C:\Windows\inf
2009-08-19 10:40:39 ----AD---- C:\ProgramData\TEMP
2009-08-18 18:08:28 ----RD---- C:\DOWNLOADS
2009-08-18 16:50:25 ----D---- C:\Windows\system32\catroot2
2009-08-16 20:11:51 ----D---- C:\Users\Dad\AppData\Roaming\Skype
2009-08-16 20:10:02 ----D---- C:\Users\Dad\AppData\Roaming\skypePM
2009-08-13 16:44:51 ----D---- C:\Windows\Debug
2009-08-12 13:21:35 ----D---- C:\Windows\winsxs
2009-08-12 13:08:09 ----D---- C:\Windows\system32\drivers
2009-08-12 13:08:09 ----D---- C:\Program Files\Windows Media Player
2009-08-12 13:05:52 ----D---- C:\Windows\system32\catroot
2009-08-12 13:05:48 ----D---- C:\Program Files\Windows Mail
2009-08-11 20:15:12 ----RD---- C:\Program Files
2009-08-11 20:14:48 ----HD---- C:\ProgramData
2009-08-11 20:14:48 ----D---- C:\Program Files\Common Files
2009-08-10 18:29:55 ----D---- C:\Users\Dad\AppData\Roaming\U3
2009-08-09 12:00:49 ----SD---- C:\Users\Dad\AppData\Roaming\Microsoft
2009-08-09 12:00:39 ----D---- C:\ProgramData\McAfee
2009-08-05 13:46:52 ----D---- C:\Program Files\Java
2009-08-04 11:43:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-31 14:26:36 ----D---- C:\Program Files\Intel
2009-07-30 01:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-25 23:36:36 ----D---- C:\Windows\rescache
2009-07-25 05:23:00 ----A---- C:\Windows\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-02-16 293528]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-03-15 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 8192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2007-05-04 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-15 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-15 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-05-10 1775712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-05-10 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-08 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-09 185392]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-15 659968]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EraserUtilDrv10631;EraserUtilDrv10631; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10631.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-24 2216448]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-16 860160]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-16 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 TabletService;TabletService; C:\Windows\system32\Tablet.exe [2005-12-05 753664]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []

-----------------EOF-----------------
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 19th, 2009, 6:29 pm

Here's the ESAT scan:

C:\Users\Dad\Downloads\Nero-9.4.13.2b_trial.exe Win32/Toolbar.AskSBar application
C:\Users\Dad\Downloads\GWEN\ZONE ALARM FIRE WALL\zaZA_Setup_en.exe a variant of Win32/AdInstaller application
C:\Users\Dad\Downloads\TIM BY JIM\ZONE ALARM FIRE WALL\zaZA_Setup_en.exe a variant of Win32/AdInstaller application
D:\DOWNLOADS\GWENOL'S AND JOHN'S PC\ZONE ALARM FIRE WALL\zaZA_Setup_en.exe a variant of Win32/AdInstaller application
D:\DOWNLOADS\ZONE ALARM\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application

Once again, thank you so much for your help. It's very much appeciated

bof :)
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby Cypher » August 20th, 2009, 11:06 am

Hi bof.
Once again, thank you so much for your help. It's very much appeciated

Your welcome :)


Add/Remove programs
  • Click on Start
  • All programs
  • Accessories
  • Run
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following

Java(TM) 6 Update 13
Java(TM) 6 Update 7


Next


Disable Winpatrol

    Some programs can Interfere with the fix

    • Right click on the Scotty Dog near the clock and select Options.... A window will open.
    • Select the Options tab.
    • Uncheck (untick) this box: Automatically run Winpatrol when computer starts.
    • Close the Winpatrol window.
    • Right click on the Scotty Dog again and select Exit Program.


    Next


    Run HijackThis by right clicking on it and chose Run as Administrator
      If you are on the Main Menu page... Click "Do a system scan only"
      If you are on the "scan & fix stuff" page... Press the Scan...button.
    When the scan finishes...Place a check mark next to the following entries (if they are still present):
      *Only check those items listed below *

      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

      After checking these items... CLOSE ALL open windows except HijackThis
      Click the Fix Checked ...button...to remove the entries you checked.
      Choose YES...when prompted to fix the selected items.
      Once it has fixed them, close HijackThis and reboot your computer normally.

      Next.

      Upload a File to Jotti

      Please go to jotti.org

      Copy/paste these files and path One at a time into the white box at the top:
      C:\Users\Dad\Downloads\Nero-9.4.13.2b_trial.exe Win32/Toolbar.AskSBar application
      C:\Users\Dad\Downloads\GWEN\ZONE ALARM FIRE WALL\zaZA_Setup_en.exe
      D:\DOWNLOADS\GWENOL'S AND JOHN'S PC\ZONE ALARM FIRE WALL\zaZA_Setup_en.exe
      D:\DOWNLOADS\ZONE ALARM\zlsSetup_70_483_000_en.exe

      Press Submit - this will submit the file for testing.
      Please wait for all the scanners to finish then copy and paste the results in your next response.

      If you have trouble using jotti try Virustotal

      Next

      Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.

      • Right click on Rooter.exe icon on your desktop, and chose Run as Administrator to execute.
        If you recieve the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
      • To run the Scan... press the Scan...button.
      • Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
        The location of the report file is shown in the bottom display window.
      • Press the Close button, to close the Rooter window.
    Please copy and paste the contents of Rooter#.txt in you next reply.


    Next


    Re-run - RSIT (Random's System Information Tool)
    You should still have this program on your desktop.
    1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    2. Please read the disclaimer... click on Continue.
      RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
    3. Please post ONLY the "log.txt", file contents in your next reply.
      (This log can be lengthy, so a separate post may be needed.)


In your next reply.

1. Jotti or virustotal scan results.
2. Rooter.txt log
3. RSIT log. txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 21st, 2009, 11:33 am

Hello CYPHER,

In add/remove I deleted what you requested.

WinPatrol was still disabled from when we disabled it earlier on.

After running HighjackThis, I removed what was requested by you and rebooted my laptop.

Jotti would not allow me to copy and paste the files you requested. I tried both Firefox and Internet Explorer but it would not work for either ( Jotti's Service load was showing as green).... very odd that I thought. I did try using the 'Browse' button but that would only let me get as far as the .exe part but took hours to load and then said failed to load.

I then used VirusToltal scan. This produces 4 logs 1 that showed as empty and 3 that showed up as 'Bigger than maximum size allowed'. I followed the link and copied the results. I've posted each one separately if that ok.

I've also posted Rooster and RSIT logs as requested.

----------------------------------------------------------------------------------------------------------------------

VirusTotal scan log 1

0 bytes size received / Se ha recibido un archivo vacio

-----------------------------------------------------------------------------------------------------------------------
VirusTotal scan log 2

File zaZA_Setup_en.exe received on 2009.08.21 13:29:11 (UTC)
Current status: finished
Result: 3/35 (8.57%)
Compact
Print results 
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.21 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.21 -
Antiy-AVL 2.0.3.7 2009.08.21 -
Authentium 5.1.2.4 2009.08.20 W32/Mywebsearch.A.gen!Eldorado
Avast 4.8.1335.0 2009.08.20 -
BitDefender 7.2 2009.08.21 -
CAT-QuickHeal 10.00 2009.08.21 -
ClamAV 0.94.1 2009.08.21 -
Comodo 2045 2009.08.21 -
eSafe 7.0.17.0 2009.08.20 -
eTrust-Vet 31.6.6693 2009.08.21 -
F-Prot 4.4.4.56 2009.08.20 W32/Mywebsearch.A.gen!Eldorado
Fortinet 3.120.0.0 2009.08.21 -
GData 19 2009.08.21 -
Ikarus T3.1.1.68.0 2009.08.21 -
Jiangmin 11.0.800 2009.08.21 -
K7AntiVirus 7.10.823 2009.08.20 -
Kaspersky 7.0.0.125 2009.08.21 -
McAfee 5715 2009.08.20 -
McAfee+Artemis 5715 2009.08.20 -
Microsoft 1.4903 2009.08.21 -
NOD32 4355 2009.08.21 a variant of Win32/AdInstaller
Norman 6.01.09 2009.08.20 -
nProtect 2009.1.8.0 2009.08.21 -
Panda 10.0.0.14 2009.08.21 -
PCTools 4.4.2.0 2009.08.21 -
Rising 21.43.44.00 2009.08.21 -
Sophos 4.44.0 2009.08.21 -
Sunbelt 3.2.1858.2 2009.08.21 -
Symantec 1.4.4.12 2009.08.21 -
TheHacker 6.3.4.3.384 2009.08.21 -
TrendMicro 8.950.0.1094 2009.08.21 -
ViRobot 2009.8.21.1895 2009.08.21 -
VirusBuster 4.6.5.0 2009.08.20 -


Additional information
File size: 41724304 bytes
MD5 : 0b7047477bdf0864246ed9d625041396
SHA1 : 92f0db4eb835bfa3cbaf33ac0746f5c8608db934
SHA256: 9bc4733f447bfa9f75e017dbc6832b70281b06398f137971e6b758d550bb78c1
TrID : File type identification
Wise Installer executable (98.4%)
Win32 Executable Generic (1.0%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 786432:Ek9wgzBkNahqvWXkjA8BSptWiDhYf6Blo925q3m6qbxT5ba:Emdzthw9jABptzDhlo9X/qfba
PEiD : Wise Installer Stub
packers (Kaspersky): WiseSFXDropper, WiseSFXDropper, WiseSFXDropper
packers (F-Prot): ZIP, nameless, CAB, ARJ
packers (Authentium): ZIP
RDS : NSRL Reference Data Set
-
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 21st, 2009, 12:07 pm

Hi CYPHER, the 3rd and 4th log from VirusTotal Scan seemed not to have downloaded so I'll try sending them one at time. here's log number 3:

File zaZA_Setup_en.exe received on 2009.08.21 13:29:11 (UTC)
Current status: finished
Result: 3/35 (8.57%)
Compact
Print results 
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.21 -
AhnLab-V3 5.0.0.2 2009.08.20 -
AntiVir 7.9.1.3 2009.08.21 -
Antiy-AVL 2.0.3.7 2009.08.21 -
Authentium 5.1.2.4 2009.08.20 W32/Mywebsearch.A.gen!Eldorado
Avast 4.8.1335.0 2009.08.20 -
BitDefender 7.2 2009.08.21 -
CAT-QuickHeal 10.00 2009.08.21 -
ClamAV 0.94.1 2009.08.21 -
Comodo 2045 2009.08.21 -
eSafe 7.0.17.0 2009.08.20 -
eTrust-Vet 31.6.6693 2009.08.21 -
F-Prot 4.4.4.56 2009.08.20 W32/Mywebsearch.A.gen!Eldorado
Fortinet 3.120.0.0 2009.08.21 -
GData 19 2009.08.21 -
Ikarus T3.1.1.68.0 2009.08.21 -
Jiangmin 11.0.800 2009.08.21 -
K7AntiVirus 7.10.823 2009.08.20 -
Kaspersky 7.0.0.125 2009.08.21 -
McAfee 5715 2009.08.20 -
McAfee+Artemis 5715 2009.08.20 -
Microsoft 1.4903 2009.08.21 -
NOD32 4355 2009.08.21 a variant of Win32/AdInstaller
Norman 6.01.09 2009.08.20 -
nProtect 2009.1.8.0 2009.08.21 -
Panda 10.0.0.14 2009.08.21 -
PCTools 4.4.2.0 2009.08.21 -
Rising 21.43.44.00 2009.08.21 -
Sophos 4.44.0 2009.08.21 -
Sunbelt 3.2.1858.2 2009.08.21 -
Symantec 1.4.4.12 2009.08.21 -
TheHacker 6.3.4.3.384 2009.08.21 -
TrendMicro 8.950.0.1094 2009.08.21 -
ViRobot 2009.8.21.1895 2009.08.21 -
VirusBuster 4.6.5.0 2009.08.20 -


Additional information
File size: 41724304 bytes
MD5 : 0b7047477bdf0864246ed9d625041396
SHA1 : 92f0db4eb835bfa3cbaf33ac0746f5c8608db934
SHA256: 9bc4733f447bfa9f75e017dbc6832b70281b06398f137971e6b758d550bb78c1
TrID : File type identification
Wise Installer executable (98.4%)
Win32 Executable Generic (1.0%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 786432:Ek9wgzBkNahqvWXkjA8BSptWiDhYf6Blo925q3m6qbxT5ba:Emdzthw9jABptzDhlo9X/qfba
PEiD : Wise Installer Stub
packers (Kaspersky): WiseSFXDropper, WiseSFXDropper, WiseSFXDropper
packers (F-Prot): ZIP, nameless, CAB, ARJ
packers (Authentium): ZIP
RDS : NSRL Reference Data Set
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK

Re: Installed Trial version of Nero9, did I get a virus?

Unread postby bof:) » August 21st, 2009, 12:10 pm

here's log 4 of VirusTotal Scan

File A0133864.exe received on 2009.08.04 01:19:53 (UTC)
Current status: finished
Result: 4/39 (10.26%)
Compact
Print results 
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.04 -
AhnLab-V3 5.0.0.2 2009.08.03 -
AntiVir 7.9.0.240 2009.08.03 -
Antiy-AVL 2.0.3.7 2009.08.03 -
Authentium 5.1.2.4 2009.08.03 W32/Mywebsearch.A.gen!Eldorado
Avast 4.8.1335.0 2009.08.04 -
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.03 -
ClamAV 0.94.1 2009.08.04 -
Comodo 1856 2009.08.04 -
DrWeb 5.0.0.12182 2009.08.04 Adware.MyWebSearch.22
eSafe 7.0.17.0 2009.08.03 -
eTrust-Vet 31.6.6656 2009.08.04 -
F-Prot 4.4.4.56 2009.08.03 W32/Mywebsearch.A.gen!Eldorado
Fortinet 3.120.0.0 2009.08.03 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 -
Jiangmin 11.0.800 2009.08.03 -
K7AntiVirus 7.10.809 2009.08.03 -
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5697 2009.08.03 -
McAfee+Artemis 5697 2009.08.03 -
McAfee-GW-Edition 6.8.5 2009.08.03 -
Microsoft 1.4903 2009.08.03 -
NOD32 4302 2009.08.03 a variant of Win32/AdInstaller
Norman 6.01.09 2009.08.03 -
nProtect 2009.1.8.0 2009.08.04 -
Panda 10.0.0.14 2009.08.03 -
PCTools 4.4.2.0 2009.08.03 -
Prevx 3.0 2009.08.04 -
Rising 21.41.02.00 2009.08.03 -
Sophos 4.44.0 2009.08.04 -
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.03 -
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.3.1865 2009.08.03 -
VirusBuster 4.6.5.0 2009.08.03 -


Additional information
File size: 46829456 bytes
MD5 : 7f8308a15dbf55524429d32db23b34e0
SHA1 : 435b841e263b52aded0c0aadfd5ce2226778a9dd
SHA256: fcfbefb39d4f1160119ffc22d9518c89f7e39bc2fdd6d63868f4be5162e2be52
TrID : File type identification
Wise Installer executable (98.4%)
Win32 Executable Generic (1.0%)
Generic Win/DOS Executable (0.2%)
DOS Executable Generic (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 786432:wRto/GT1RG0l/AkUA8BSptWiDhYf6BlN9EVsYjAwGnRCJB/6qbxT5bB:wRXPG0lxUABptzDhlN9KsFwGnRCuqfbB
PEiD : Wise Installer Stub
packers (Kaspersky): WiseSFXDropper, WiseSFXDropper, WiseSFXDropper
packers (F-Prot): ZIP, nameless, CAB, ARJ
packers (Authentium): ZIP
RDS : NSRL Reference Data Set
User avatar
bof:)
Regular Member
 
Posts: 165
Joined: July 16th, 2005, 2:43 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware