Pop up and browser problems

Started by rachel10173 , Jun 06 2008 09:10 PM

Next

This topic is locked

20 replies to this topic

#1 rachel10173

Advanced Member

Members
50 posts

Posted 06 June 2008 - 09:10 PM

Hi,

I'm having problems with pop ups and my browser, with the browser its got a mind of it's own and doing all sorts of stuff, adaware hasn't detected anything but norton said i had a trojan horse which it said had been removed, not sure if it has gone :huh:

sometimes i can't even get online and this only started to happen this morning :angry:

I've ran hijackthis so am pasting the results........................any help will be greatly appriciated

Thanks

Rachel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:28, on 06/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rachel\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WerCon.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rachel\AppData\Local\Temp\ddcDsrQk.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rachel\AppData\Local\Temp\urqQigDt.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\dumlsloh.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/...tz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10015 bytes

Back to top

#2 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 06 June 2008 - 09:57 PM

rachel10173

1. Go HERE and download TempFix.
Save it to your Desktop (but do not run it yet)

2. Reboot into Safe Mode
This can be done byRestart your PC, and after it starts, but before you see the Windows Splash screen
Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
3. Rt Click TempFix.zip ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HEREOpen the TempFix Folder.
Rt Click TempFix.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\TempFix.txt
Copy and paste the contents of that log in your reply.
Note: if your root drive is something other thatn C:\ then the log will default to your designated root drive
4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
As well as the C:\TempFix.txt log

Microsoft MVP Consumer Security

Back to top

#3 rachel10173

Advanced Member

Members
50 posts

Posted 07 June 2008 - 09:02 AM

Hi bamajim,

Thanks for your help I appriciate it

New Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:40, on 07/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Rachel\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll",s
O4 - HKCU\..\Run: [303ebcd9] rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/...tz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9582 bytes

Temp Fix log file

========================================
TempFix

Version 1.0

By bamajim @ bamajim.com

========================================

C:\Users\Rachel\AppData\Local\Temp\7ZipError.log
C:\Users\Rachel\AppData\Local\Temp\AAX26C6.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX26F5.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX2C01.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX2C21.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX3C6F.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX3C90.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX3CB0.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX3CD0.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX5AE0.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX5B0F.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX7EF3.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX7FDE.tmp
C:\Users\Rachel\AppData\Local\Temp\AAX8E.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXA2C9.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXA3E3.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXB10B.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXB13A.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXB85A.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXB88A.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXBE.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXC219.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXC239.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXC302.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXC332.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXCB41.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXCC3B.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXFBA3.tmp
C:\Users\Rachel\AppData\Local\Temp\AAXFBE3.tmp
C:\Users\Rachel\AppData\Local\Temp\AppCoreInst.dat
C:\Users\Rachel\AppData\Local\Temp\AutoRun.exe
C:\Users\Rachel\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Rachel\AppData\Local\Temp\b120x240.tmp
C:\Users\Rachel\AppData\Local\Temp\b120x600.tmp
C:\Users\Rachel\AppData\Local\Temp\b120x90.tmp
C:\Users\Rachel\AppData\Local\Temp\b125x125.tmp
C:\Users\Rachel\AppData\Local\Temp\b160x600.tmp
C:\Users\Rachel\AppData\Local\Temp\b180x150.tmp
C:\Users\Rachel\AppData\Local\Temp\b234x60.tmp
C:\Users\Rachel\AppData\Local\Temp\b240x400.tmp
C:\Users\Rachel\AppData\Local\Temp\b250x250.tmp
C:\Users\Rachel\AppData\Local\Temp\b300x100.tmp
C:\Users\Rachel\AppData\Local\Temp\b300x250.tmp
C:\Users\Rachel\AppData\Local\Temp\b336x280.tmp
C:\Users\Rachel\AppData\Local\Temp\b468x60.tmp
C:\Users\Rachel\AppData\Local\Temp\b720x300.tmp
C:\Users\Rachel\AppData\Local\Temp\b728x90.tmp
C:\Users\Rachel\AppData\Local\Temp\bfguni.exe
C:\Users\Rachel\AppData\Local\Temp\BurnEngineInstall.txt
C:\Users\Rachel\AppData\Local\Temp\byXPGYQj.dll
C:\Users\Rachel\AppData\Local\Temp\CdMkr70.ini
C:\Users\Rachel\AppData\Local\Temp\CF_Register_Action.dat
C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll
C:\Users\Rachel\AppData\Local\Temp\D653F3EC.TMP
C:\Users\Rachel\AppData\Local\Temp\ddcDsrQk.dll
C:\Users\Rachel\AppData\Local\Temp\DefInstAction.dat
C:\Users\Rachel\AppData\Local\Temp\drmtemp008CDC3D.htm
C:\Users\Rachel\AppData\Local\Temp\drmtemp008CE0B0.htm
C:\Users\Rachel\AppData\Local\Temp\drmtemp008D35C2.htm
C:\Users\Rachel\AppData\Local\Temp\drmtemp008D39D7.htm
C:\Users\Rachel\AppData\Local\Temp\dumlsloh.dll
C:\Users\Rachel\AppData\Local\Temp\esusdnya.dll
C:\Users\Rachel\AppData\Local\Temp\F2002T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\F2290T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\F2364T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\F2452T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\F2462T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\F2473T1L1_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\fccDVMEX.dll
C:\Users\Rachel\AppData\Local\Temp\FW_Register_Plugin_Action.dat
C:\Users\Rachel\AppData\Local\Temp\gamemanager_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\gamestub_install_log.txt
C:\Users\Rachel\AppData\Local\Temp\HPDriverSetup.log
C:\Users\Rachel\AppData\Local\Temp\hpzpdu.log
C:\Users\Rachel\AppData\Local\Temp\IDSinst.LOG
C:\Users\Rachel\AppData\Local\Temp\isDel.bat
C:\Users\Rachel\AppData\Local\Temp\JcMkr40.ini
C:\Users\Rachel\AppData\Local\Temp\liruskoi.dll
C:\Users\Rachel\AppData\Local\Temp\logfile.txt
C:\Users\Rachel\AppData\Local\Temp\lwbbgjhx.dll
C:\Users\Rachel\AppData\Local\Temp\mcrh.tmp
C:\Users\Rachel\AppData\Local\Temp\Microsoft Office 2003 Setup(0001).txt
C:\Users\Rachel\AppData\Local\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt
C:\Users\Rachel\AppData\Local\Temp\mrhltpmx.ini
C:\Users\Rachel\AppData\Local\Temp\MSI423a6.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI423a7.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI79a49.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI79a4a.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI79a4b.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI8200b.LOG
C:\Users\Rachel\AppData\Local\Temp\MSI8200c.LOG
C:\Users\Rachel\AppData\Local\Temp\msvcxpxx.dll
C:\Users\Rachel\AppData\Local\Temp\NapsterSDKInst.log
C:\Users\Rachel\AppData\Local\Temp\NCInstallLog.txt
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2007 Uninstall 6-5-2008 16h22m17s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 16h36m2s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 16h57m6s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 17h49m58s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 Uninstall 6-5-2008 16h46m55s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 Uninstall 6-5-2008 17h13m0s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 10,1,0 6-5-2008 16h22m14s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h35m16s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h46m53s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h57m3s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h12m59s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h45m55s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h49m57s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 16h35m15s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 16h57m2s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 17h45m26s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 17h49m48s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,1 6-5-2008 17h45m54s.log
C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,1 6-5-2008 17h49m57s.log
C:\Users\Rachel\AppData\Local\Temp\nsbFE9E.tmp
C:\Users\Rachel\AppData\Local\Temp\nsbFE9E.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsd5340.tmp
C:\Users\Rachel\AppData\Local\Temp\nsd5340.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsdDE36.tmp
C:\Users\Rachel\AppData\Local\Temp\nsdDE36.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsgF300.tmp
C:\Users\Rachel\AppData\Local\Temp\nsgF300.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsiEE71.tmp
C:\Users\Rachel\AppData\Local\Temp\nsiEE71.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nslCC87.tmp
C:\Users\Rachel\AppData\Local\Temp\nslCC87.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nso5B20.tmp
C:\Users\Rachel\AppData\Local\Temp\nso5B20.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nspD684.tmp
C:\Users\Rachel\AppData\Local\Temp\nspD684.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nspDDD7.tmp
C:\Users\Rachel\AppData\Local\Temp\nspDDD7.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsqEC39.tmp
C:\Users\Rachel\AppData\Local\Temp\nsqEC39.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsrC5A2.tmp
C:\Users\Rachel\AppData\Local\Temp\nsrC5A2.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsx6960.tmp
C:\Users\Rachel\AppData\Local\Temp\nsx6960.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\nsx719D.tmp
C:\Users\Rachel\AppData\Local\Temp\nsx719D.tmp.xml
C:\Users\Rachel\AppData\Local\Temp\NtiJewel.ini
C:\Users\Rachel\AppData\Local\Temp\offcln11.log
C:\Users\Rachel\AppData\Local\Temp\OneNote_MigrationLog.txt
C:\Users\Rachel\AppData\Local\Temp\otffufwb.dll
C:\Users\Rachel\AppData\Local\Temp\pdfnkqxt.ini
C:\Users\Rachel\AppData\Local\Temp\ppcrlui_4264_2
C:\Users\Rachel\AppData\Local\Temp\ppcrlui_4288_2
C:\Users\Rachel\AppData\Local\Temp\PreScan.log
C:\Users\Rachel\AppData\Local\Temp\QBackupInst.dat
C:\Users\Rachel\AppData\Local\Temp\QTInstallCode.log
C:\Users\Rachel\AppData\Local\Temp\qtplugin.log
C:\Users\Rachel\AppData\Local\Temp\Rachel.bmp
C:\Users\Rachel\AppData\Local\Temp\rem628B.tmp
C:\Users\Rachel\AppData\Local\Temp\removalfile.bat
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200804221706281590).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042221161915E8).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080423082112D2C).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200804250719201054).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042613355016A0).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042808265515C0).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080430212309E34).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008043021242912A4).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080501073328474).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080504211855A7C).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008050509221815DC).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080513123211C8C).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080513124930AFC).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805131252031E8).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805191619371578).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201556191564).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201846261144).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520191603DAC).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520192044BD0).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201921141718).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520192711150C).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201927439D8).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201928501314).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008052207273315B0).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008052318295014C0).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805231854431704).log
C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080523185607730).log
C:\Users\Rachel\AppData\Local\Temp\setupprop.dat
C:\Users\Rachel\AppData\Local\Temp\Silverlight0.log
C:\Users\Rachel\AppData\Local\Temp\SilverlightMSI.log
C:\Users\Rachel\AppData\Local\Temp\SilverlightMSI63E0.txt
C:\Users\Rachel\AppData\Local\Temp\SilverlightUI63E0.txt
C:\Users\Rachel\AppData\Local\Temp\SNDunin.log
C:\Users\Rachel\AppData\Local\Temp\srtUnin.log
C:\Users\Rachel\AppData\Local\Temp\swt-awt-win32-3346.dll
C:\Users\Rachel\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Rachel\AppData\Local\Temp\SYMEVENT.LOG
C:\Users\Rachel\AppData\Local\Temp\symlcsv1.exe
C:\Users\Rachel\AppData\Local\Temp\tDgiQqru.ini
C:\Users\Rachel\AppData\Local\Temp\tDgiQqru.ini2
C:\Users\Rachel\AppData\Local\Temp\tempmessage.bfg
C:\Users\Rachel\AppData\Local\Temp\tmp00008e4a
C:\Users\Rachel\AppData\Local\Temp\tmp00009a7a
C:\Users\Rachel\AppData\Local\Temp\tmp00009bb2
C:\Users\Rachel\AppData\Local\Temp\tmp0000d96d
C:\Users\Rachel\AppData\Local\Temp\tmp000101b4
C:\Users\Rachel\AppData\Local\Temp\tmp000141fe
C:\Users\Rachel\AppData\Local\Temp\tmp000181cc
C:\Users\Rachel\AppData\Local\Temp\tmpCBC3D.FOT
C:\Users\Rachel\AppData\Local\Temp\tmpCDC3D.FOT
C:\Users\Rachel\AppData\Local\Temp\tmpD9C3D.FOT
C:\Users\Rachel\AppData\Local\Temp\tmpE6C3D.FOT
C:\Users\Rachel\AppData\Local\Temp\txqknfdp.dll
C:\Users\Rachel\AppData\Local\Temp\url.txt
C:\Users\Rachel\AppData\Local\Temp\urqnLETn.dll
C:\Users\Rachel\AppData\Local\Temp\urqQigDt.dll
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200804221706301590).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042221162015E8).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080423082114D2C).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200804250719241054).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042613355116A0).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042808265715C0).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080430212310E34).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008043021243012A4).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080501073329474).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080504211856A7C).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008050509222415DC).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080513123216C8C).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080513124931AFC).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805131252041E8).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805191619391578).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201556201564).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201846271144).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520191604DAC).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520192045BD0).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201921151718).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520192712150C).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201927449D8).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201928511314).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008052207273415B0).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008052318295114C0).log
C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805231854441704).log
C:\Users\Rachel\AppData\Local\Temp\vcredist32_6-5-2008_16h35m17s.log
C:\Users\Rachel\AppData\Local\Temp\vtUNeeCu.dll
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080331_180702.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080401_181505.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080402_183111.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080403_191811.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080403_195350.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080404_201326.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_095513.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_121731.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_183200.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080424_185809.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080425_133006.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080425_161528.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080427_101257.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080428_182503.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080429_165905.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080430_131415.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080505_094839.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080506_094431.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080506_205818.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080507_100600.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080508_145226.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080512_172529.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080515_100940.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080519_073134.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080520_175425.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080521_141607.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080522_185557.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080523_180702.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_080913.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_151249.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_165402.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080528_185951.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080529_031115.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080530_175343.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080531_141531.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080601_153033.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080602_155517.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080603_164649.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080604_145044.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_170521.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_174343.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_191839.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_201239.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080606_203247.mvu
C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080607_085439.mvu
C:\Users\Rachel\AppData\Local\Temp\wmplog00.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog01.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog02.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog03.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog04.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog05.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog06.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog07.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog08.sqm
C:\Users\Rachel\AppData\Local\Temp\wmplog09.sqm
C:\Users\Rachel\AppData\Local\Temp\wmsetup.log
C:\Users\Rachel\AppData\Local\Temp\xhjgbbwl.ini
C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll
C:\Users\Rachel\AppData\Local\Temp\{D3CFA2A2-FF53-4F16-8C2E-590430D3CB5A}
C:\Users\Rachel\AppData\Local\Temp\~0000001.TMP
C:\Users\Rachel\AppData\Local\Temp\~DF476D.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF67F1.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF7C43.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF82A8.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF8845.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF8B8E.tmp
C:\Users\Rachel\AppData\Local\Temp\~DF96F.tmp
C:\Users\Rachel\AppData\Local\Temp\~DFABE6.tmp
C:\Users\Rachel\AppData\Local\Temp\~DFC59B.tmp
C:\Users\Rachel\AppData\Local\Temp\~DFD995.tmp
C:\Users\Rachel\AppData\Local\Temp\~e5d141.tmp

308 files deleted

Thanks

Rachel

Back to top

#4 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 08 June 2008 - 11:31 AM

rachel10173

You are most Welcome.

1. Rerun Hijackthis (scan only) and place checks beside the following entriesO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [BM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll",s
O4 - HKCU\..\Run: [303ebcd9] rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll",b

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis

2. Using Windows ExplorerRt Click the Start Buttton (The Vista Icon) ->> Explore, and you will see the "tree' of file folders in the left side of the window.
Click on the ">" next to any folder name to expand its contents
Locate and Delete the following filec:\windows\system\Update.exe
Close Windows Explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Microsoft MVP Consumer Security

Back to top

#5 rachel10173

Advanced Member

Members
50 posts

Posted 09 June 2008 - 09:20 AM

Hi,

New Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:05, on 09/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Rachel\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/...tz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9580 bytes

Thanks

Rachel

Back to top

#6 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 09 June 2008 - 01:34 PM

rachel10173

You are most welcome.

We still have one entry that needs to go. Which seems to be putting up a little fight.

Were you able to find and delete the file ?

c:\windows\system\Update.exe

And how is your PC running now?

1. Go HERE and download File Lister.Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Microsoft MVP Consumer Security

Back to top

#7 rachel10173

Advanced Member

Members
50 posts

Posted 09 June 2008 - 07:28 PM

Hi,

My Pc is running alot better but norton still says it's detecting trojans but is blocking them....... :huh:

I'm having problems with this program File Lister, I've done exactly as you've told me but i'm not getting any log file. Like you describe when you click the program on it looks like it's not doing anything but from the sounds my pc makes after i've clicked on it, it sounds like it's doing something......

Thanks

Rachel ^_^

Back to top

#8 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 09 June 2008 - 07:46 PM

rachel10173

1. Let's see if it produced a log and just didn't open on its own. By default the log will be located and named C:\Files.txt. If the log is there then post the results.

If it is not there, then reboot into Safe mode and run it from there.

Microsoft MVP Consumer Security

Back to top

#9 rachel10173

Advanced Member

Members
50 posts

Posted 10 June 2008 - 07:11 AM

Hi,

I've checked in that location and there isn't a file called C:\Files.txt. would it have saved anywhere else?

Thanks

Rachel

Back to top

#10 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 10 June 2008 - 02:15 PM

rachel10173

No, that's the default location. Thanks for looking. Something must be interfering.

Let's change tools.

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Consumer Security

Back to top

#11 rachel10173

Advanced Member

Members
50 posts

Posted 10 June 2008 - 03:27 PM

Hi there,

combofix log file

ComboFix 08-06-09.7 - Rachel 2008-06-10 15:36:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1244 [GMT 1:00]
Running from: C:\Users\Rachel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Rachel\AppData\Roaming\inst.exe
C:\Windows\system32\ddcawxvS.dll
C:\Windows\system32\lJATjiii.dll
C:\Windows\system32\pmnNDTLC.dll
C:\Windows\system32\R.txt
C:\Windows\system32\wvUkklLF.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-06 13:41 . 2008-06-06 13:41 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-06 13:41 . 2008-06-06 13:41 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\Users\All Users\Apple
2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\ProgramData\Apple
2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-06 07:21 . 2008-06-06 07:21 <DIR> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-06-05 17:52 . 2008-06-06 13:03 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-06-05 17:50 . 2008-06-06 12:41 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-06-05 17:50 . 2008-06-06 12:41 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-06-05 17:50 . 2008-06-06 12:41 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-06-05 16:43 . 2008-06-05 18:41 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Symantec
2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Ludia
2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\Users\All Users\Ludia
2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\ProgramData\Ludia
2008-06-03 17:28 . 2008-06-03 17:30 <DIR> d-------- C:\Program Files\Hells Kitchen
2008-06-03 16:54 . 2008-06-03 16:54 303 --a------ C:\Windows\ST6UNST.001
2008-06-03 16:51 . 2008-06-03 16:51 20,487 --a------ C:\Windows\System32\z-lib.dll
2008-06-03 16:51 . 2008-06-03 16:51 303 --a------ C:\Windows\ST6UNST.000
2008-06-03 16:51 . 2008-06-03 16:51 0 --a------ C:\Windows\System32\MSWINSCK.OCX
2008-06-02 20:08 . 2008-06-10 07:53 <DIR> d-------- C:\Program Files\Pool Buddy Yahoo
2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Flood Light Games
2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\Users\All Users\Flood Light Games
2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\ProgramData\Flood Light Games
2008-06-02 12:35 . 2008-06-02 12:35 <DIR> d-------- C:\Program Files\James Patterson's Women's Murder Club - Death in Scarlet
2008-05-31 15:07 . 2008-05-31 15:07 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-05-31 14:56 . 2008-05-31 14:56 <DIR> d-------- C:\Users\All Users\Sony Ericsson
2008-05-31 14:56 . 2008-05-31 14:56 <DIR> d-------- C:\ProgramData\Sony Ericsson
2008-05-31 14:56 . 2008-05-31 14:56 1,419,232 --a------ C:\Windows\System32\wdfcoinstaller01005.dll
2008-05-31 14:56 . 2008-05-31 14:56 20,520 --a------ C:\Windows\System32\drivers\ggsemc.sys
2008-05-31 14:56 . 2008-05-31 14:56 13,352 --a------ C:\Windows\System32\drivers\ggflt.sys
2008-05-31 14:55 . 2008-05-31 15:16 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-05-28 20:33 . 2008-05-28 20:33 <DIR> d-------- C:\Users\Rachel\Program Files
2008-05-28 20:33 . 2008-06-10 15:33 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\DNA
2008-05-28 20:33 . 2008-05-28 20:33 <DIR> d-------- C:\Program Files\DNA
2008-05-28 20:33 . 2008-05-28 20:35 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\Users\All Users\vsosdk
2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\ProgramData\vsosdk
2008-05-28 19:18 . 2008-05-28 19:18 <DIR> d-------- C:\Program Files\VSO
2008-05-28 19:18 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-28 19:18 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-28 19:18 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-28 19:18 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-28 19:18 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-28 19:18 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-28 19:18 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-28 19:03 . 2008-06-06 13:42 <DIR> d-------- C:\Program Files\QuickTime Alternative
2008-05-28 19:03 . 2008-05-28 19:03 <DIR> d-------- C:\Program Files\Media Player Classic
2008-05-28 19:03 . 2002-12-20 12:40 675,328 --a------ C:\Windows\System32\ir50_32.qtx
2008-05-28 19:03 . 2004-10-27 13:01 360,504 --a------ C:\Windows\System32\QTPlugin.ocx
2008-05-28 19:03 . 2004-01-12 17:57 86,016 --a------ C:\Windows\System32\QuickTime.ax
2008-05-28 17:58 . 2008-05-28 17:58 <DIR> d-------- C:\Program Files\WinAVI DVD Copy
2008-05-28 17:52 . 2008-05-28 19:09 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-05-28 17:20 . 2008-05-28 17:20 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2008-05-28 16:53 . 2008-06-10 11:51 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Vso
2008-05-28 16:53 . 2008-05-28 16:53 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-28 16:53 . 2008-05-28 19:18 47,360 --a------ C:\Users\Rachel\AppData\Roaming\pcouffin.sys
2008-05-28 16:34 . 2008-05-28 16:35 <DIR> d-------- C:\VIDEO_TS
2008-05-28 16:24 . 2008-05-28 16:24 <DIR> d-------- C:\Users\All Users\Elaborate Bytes
2008-05-28 16:24 . 2008-05-28 16:24 <DIR> d-------- C:\ProgramData\Elaborate Bytes
2008-05-28 16:21 . 2008-05-28 16:36 48 --ahs---- C:\Windows\SBACFE7B0.tmp
2008-05-28 16:19 . 2008-05-28 16:19 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-05-28 06:26 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 06:26 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 18:06 . 2008-05-26 18:06 <DIR> d-------- C:\Users\All Users\NtiDvdCopy
2008-05-26 18:06 . 2008-05-26 18:06 <DIR> d-------- C:\ProgramData\NtiDvdCopy
2008-05-26 17:41 . 2004-02-17 02:06 61,440 --a------ C:\Windows\UnDeploy.exe
2008-05-26 17:34 . 2008-05-26 17:34 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-24 17:56 . 2008-05-24 17:56 <DIR> d-------- C:\Users\All Users\LightScribe
2008-05-24 17:56 . 2008-05-24 17:56 <DIR> d-------- C:\ProgramData\LightScribe
2008-05-24 03:35 . 2008-05-24 03:35 <DIR> d-------- C:\PerfLogs
2008-05-23 19:37 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-23 19:36 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-05-23 19:35 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-23 19:34 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-23 19:34 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-23 19:34 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-23 19:34 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-23 19:34 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-23 19:34 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-23 18:58 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll
2008-05-23 18:58 . 2008-05-23 18:58 376 --a------ C:\Windows\ODBC.INI
2008-05-23 18:56 . 2008-05-23 18:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-23 15:42 . 2008-05-23 15:42 <DIR> d-------- C:\Program Files\Xvid
2008-05-23 15:42 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-05-23 15:42 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-05-23 15:42 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-05-22 19:39 . 2008-06-10 08:17 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\uTorrent
2008-05-22 19:39 . 2008-05-22 19:39 <DIR> d-------- C:\Program Files\uTorrent
2008-05-20 12:25 . 2008-05-20 13:12 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\MysteryStudio
2008-05-20 12:24 . 2008-05-20 12:24 <DIR> d-------- C:\Program Files\The Lost Cases of Sherlock Holmes
2008-05-16 11:40 . 2008-05-21 07:08 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 12:55 . 2008-05-13 12:56 <DIR> d-------- C:\Program Files\HP
2008-05-13 12:47 . 2008-05-13 12:47 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-05-13 12:47 . 2008-05-13 12:47 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-05-13 12:30 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-05-11 17:47 . 2008-05-11 17:47 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\BloodTies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 14:01 --------- d-----w C:\ProgramData\Symantec
2008-06-10 12:02 --------- d---a-w C:\ProgramData\TEMP
2008-06-06 12:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 11:41 --------- d-----w C:\Program Files\Symantec
2008-05-28 16:58 2,572 ----a-w C:\Windows\WINDVDBOOTRECDOE.sys
2008-05-26 17:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-24 02:50 --------- d-----w C:\ProgramData\NVIDIA
2008-05-24 02:48 174 --sha-w C:\Program Files\desktop.ini
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Journal
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Defender
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Calendar
2008-05-23 20:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-23 20:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-23 18:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-23 18:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-22 17:58 --------- d-----w C:\Program Files\LimeWire
2008-05-18 12:53 --------- d-----w C:\Program Files\Hidden Expedition - Everest
2008-05-09 10:53 --------- d-----w C:\Users\Rachel\AppData\Roaming\Roxio
2008-05-09 10:51 --------- d-----w C:\ProgramData\Napster
2008-05-09 10:21 --------- d-----w C:\Program Files\Napster
2008-05-09 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 10:20 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-05-07 17:33 --------- d-----w C:\Program Files\Hidden Expedition - Titanic
2008-04-27 09:04 --------- d-----w C:\Users\Rachel\AppData\Roaming\LimeWire
2008-04-26 16:52 --------- d-----w C:\Program Files\bfgclient
2008-04-23 14:52 --------- d-----w C:\Program Files\EA GAMES
2008-04-10 03:50 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-10 03:50 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-10 03:50 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-10 03:50 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-10 03:50 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-10 03:50 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-10 03:50 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-10 03:50 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-10 03:50 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-10 03:50 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-10 03:48 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 03:48 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 03:43 826,880 ----a-w C:\Windows\System32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-06-05 19:05 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"Acer Tour Reminder"="" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"BitTorrent DNA"="C:\Users\Rachel\Program Files\DNA\btdna.exe" [2008-05-28 20:33 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 12:06 4669440 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 18:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 08:04 464168]
"eRecoveryService"="" []
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 10:22 2476408]
"Skytel"="Skytel.exe" [2007-06-15 17:45 1826816 C:\Windows\SkyTel.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Windows Updates"="c:\windows\system\Update.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [4/17/2007 2:09:28 AM 528384]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [4/17/2007 2:13:50 AM 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-02-16 02:39 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\NewSetApanel.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
--------- 2007-07-13 23:24 178280 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-06 06:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0B04953-9D63-4886-9FEE-B20972592777}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{F42A10AE-D383-4A78-9E05-64BBC84376C5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{E59634F8-1C07-40AC-84E1-E301FBC238EE}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{5F06C73B-3B46-4ED5-983C-2880071833B2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{1955E669-BE1F-4C13-B854-FB32F2900974}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A8757501-B402-4C19-AD10-EA4697A9512B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{8E47E7FD-79DD-428C-A05F-F7200334254D}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie
"{312F417F-26BC-48A5-86A7-154D5D53330D}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program
"{0A4972C2-2428-4D35-B9E5-207D64085451}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{017E57F5-441E-4E25-9CEE-26D12ACDEE61}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{711706E3-083C-4EA8-86B5-3447443E5A60}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C11073E6-507E-49EE-9004-E086C5E0CF11}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{26DE66B1-7B09-4090-A12B-03C493213FDD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080607.001\IDSvix86.sys [2008-03-20 21:37]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 16:24]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-05 02:54]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-05-31 14:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 19:32:11 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rachel.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 15:38:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 15:39:30
ComboFix-quarantined-files.txt 2008-06-10 14:39:24

Pre-Run: 66,159,935,488 bytes free
Post-Run: 66,702,643,200 bytes free

300 --- E O F --- 2008-06-10 07:27:25

Thanks

Rachel

Back to top

#12 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 10 June 2008 - 03:47 PM

rachel10173

How's your PC running now?

Microsoft MVP Consumer Security

Back to top

#13 rachel10173

Advanced Member

Members
50 posts

Posted 10 June 2008 - 05:48 PM

Hi,

So far so good nothing has popped up today ^_^

do you think you may have got rid of it and what do you think it was?

Many Thanks

Rachel

Back to top

#14 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 10 June 2008 - 07:08 PM

rachel10173

I'm sure it's gone.

It was an infection called "Vundo"

Let's make sure there is nothing left behind

Please perform an Ewido Online Malware Scan

When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
Click on Start Scan.
after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
If any infections are found, (After you save the logfile), Click on Remove Infections.

Microsoft MVP Consumer Security

Back to top

#15 rachel10173

Advanced Member

Members
50 posts

Posted 10 June 2008 - 07:12 PM

Hi,

Just started to get more things come through norton, heres a copy of the logs from Norton

Category: Security risks
Date Time,Feature,Risk Name,Result,Item Type,Virus Definition Version,Product Version,User Name,Computer Name,Details
09/06/2008 10:09:03,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.016,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~0v7485.tmp.tmp
09/06/2008 10:09:03,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.016,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~hu7221.tmp.tmp
09/06/2008 09:47:21,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~ij9518.tmp.tmp
09/06/2008 09:47:19,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~6g8a87.tmp.tmp
07/06/2008 08:54:10,Auto-Protect,Trojan.LowZones,Blocked,File,2008.06.06.023,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\content.ie5\v64145lu\kb713501[1]
06/06/2008 07:31:08,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\6r8fzjgr\data[1].htm
06/06/2008 07:17:05,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\wroia1nf\scan[1].htm
06/06/2008 07:17:01,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\n5dl0mpv\18_swp[1].htm
06/06/2008 07:13:15,Auto-Protect,AntiSpywareMaster,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Misleading Application;Overall Risk Impact: Medium;Performance: Medium;Privacy: Medium;Removal: Medium;Stealth: Medium;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\uacw3hqv\ase_setup_free[1].exe
06/06/2008 06:55:30,Auto-Protect,Trojan.LowZones,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\content.ie5\qcz3scpr\kb713501[1]
05/06/2008 21:10:46,Virus scanner,Tracking Cookie,Fully removed,File,2008.06.05.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Cookie;Overall Risk Impact: Low;Performance: Low;Privacy: Low;Removal: Low;Stealth: Low;Action taken: Fully removed;Affected Areas;Network & Browser Items;Cookie:rachel@ad.yieldmanager.com/;Cookie:rachel@edge.ru4.com/;Cookie:rachel@statse.webtrendslive.com/;Cookie:rachel@media.adrevolver.com/;Cookie:rachel@media.adrevolver.com/adrevolver/
05/06/2008 18:51:15,Auto-Protect,Trojan Horse,Blocked,File,2008.06.04.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\temp\ixp002.tmp\nis key.exe
05/06/2008 18:49:11,Virus scanner,Trojan Horse,Fully removed,File,2008.06.04.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Fully removed;Affected Areas;Processes & Start-Up Items;c:\users\rachel\appdata\local\temp\ixp004.tmp\nis key.exe;Network & Browser Items;Browser Cache

Category: Intrusion prevention
Date Time,Message,Details
10/06/2008 18:51:55,Intrusion: HTTP Malicious Toolkit Download Activity.,"Intrusion: HTTP Malicious Toolkit Download Activity. Intruder: RACHEL-PC(51210). Risk Level: High. Protocol: TCP. Attacked IP: www.redir94.com. Attacked Port: http(80)."
10/06/2008 11:52:22,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.
10/06/2008 11:52:22,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
10/06/2008 11:52:22,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
10/06/2008 07:09:12,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
10/06/2008 07:03:32,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
10/06/2008 07:03:31,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.
10/06/2008 07:03:31,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
09/06/2008 19:19:03,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.
09/06/2008 19:19:03,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
09/06/2008 19:19:03,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
09/06/2008 09:52:03,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
09/06/2008 09:52:02,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.
09/06/2008 09:52:02,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
09/06/2008 09:28:21,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
09/06/2008 09:28:20,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
09/06/2008 09:28:20,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
09/06/2008 09:19:35,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
09/06/2008 09:13:50,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
09/06/2008 09:13:50,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
09/06/2008 09:13:50,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
08/06/2008 09:36:22,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
08/06/2008 09:30:57,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
08/06/2008 09:30:56,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
08/06/2008 09:30:56,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
07/06/2008 15:03:44,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
07/06/2008 15:03:44,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
07/06/2008 15:03:44,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
07/06/2008 09:04:51,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
07/06/2008 09:04:51,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
07/06/2008 09:04:51,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
07/06/2008 03:46:40,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
07/06/2008 00:45:59,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
07/06/2008 00:45:58,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.
07/06/2008 00:45:58,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
06/06/2008 20:30:54,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
06/06/2008 20:30:53,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.
06/06/2008 20:30:53,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
06/06/2008 17:46:12,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
06/06/2008 17:46:11,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.
06/06/2008 17:46:11,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
06/06/2008 13:18:16,Intrusion: MSIE Apple QuickTime RTSP URI Remote BO.,"Intrusion: MSIE Apple QuickTime RTSP URI Remote BO. Risk Level: High. URL: [url="http://www.thisisleicestershire.co.uk/displayNode.jsp?nodeId=132384&command=displayContent&sourceNode=132969&home=yes&contentPK=20807522.""]http://www.thisislei...sp...20807522."[/url]
06/06/2008 13:03:42,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
06/06/2008 13:03:42,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.
06/06/2008 13:03:42,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
06/06/2008 12:45:24,Intrusion: HTTP Malware Alarm Install.,"Intrusion: HTTP Malware Alarm Install. Intruder: RACHEL-PC(49242). Risk Level: High. Protocol: TCP. Attacked IP: 77.91.229.104. Attacked Port: http(80)."
06/06/2008 12:36:39,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
06/06/2008 12:36:39,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.
06/06/2008 12:36:39,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
06/06/2008 06:49:42,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
05/06/2008 23:36:09,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.
05/06/2008 23:36:09,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.
05/06/2008 23:36:09,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
05/06/2008 19:16:01,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.
05/06/2008 19:16:01,Intrusion Prevention is monitoring 1105 signatures.,Intrusion Prevention is monitoring 1105 signatures.
05/06/2008 19:16:01,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
05/06/2008 19:06:38,Intrusion Prevention is monitoring 1105 signatures.,Intrusion Prevention is monitoring 1105 signatures.
05/06/2008 19:06:38,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.
05/06/2008 19:06:38,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
05/06/2008 18:46:51,Browser protection has been enabled.,Browser protection has been enabled.
05/06/2008 18:46:50,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.
05/06/2008 18:46:49,Intrusion Prevention is monitoring 987 signatures.,Intrusion Prevention is monitoring 987 signatures.
05/06/2008 18:46:49,Intrusion Prevention Signature File Version: 20070823.002. Intrusion Prevention Engine Version: 3.512.1.4995.,Intrusion Prevention Signature File Version: 20070823.002. Intrusion Prevention Engine Version: 3.512.1.4995.
05/06/2008 18:46:49,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

I hope this can help shed some light on the probblem

Rachel ^_^

Back to top

#16 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 10 June 2008 - 07:54 PM

rachel10173

Those logs show Norton doing what it is supposed to do. The recent activity shows typical intrusion attempts when someone surfs the net. Nothing in ths logs indicates any resident infection.

Please proceed with the AVG online scan.

Microsoft MVP Consumer Security

Back to top

#17 rachel10173

Advanced Member

Members
50 posts

Posted 11 June 2008 - 07:46 PM

Hi,

ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[10].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[11].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[3].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[4].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[5].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[6].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[7].txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@ad.yieldmanager[8].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@adbrite[1].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\rachel@adrevolver[2].txt
Risk: Medium

Thanks

Rachel ^_^

Back to top

#18 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 11 June 2008 - 09:12 PM

rachel10173

Excellent. Could I see one more fresh Hijackthis log?

Microsoft MVP Consumer Security

Back to top

#19 rachel10173

Advanced Member

Members
50 posts

Posted 12 June 2008 - 06:43 AM

Hi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:00:07, on 12/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Rachel\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.c...://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/...tz.cab70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9395 bytes

Thanks

Rachel ^_^

Back to top

#20 bamajim

Advanced Member

Volunteer Security Advisor
339 posts

Posted 12 June 2008 - 02:29 PM

rachel10173

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Let's create a clean System Restore Point

To create a Clean System Restore Point in VistaClick Start (the Vista icon) ->> All Programs ->> Accessories ->> System Tools ->> System Restore
The System restore Window will open. Select Open System Protection
Another window will open, Hilite The C:\ Drive in the window
Then Select Create. Yet another window will open type in todays date 05262008 (or what ever you would like to remind you of this Restore Point) in the Create a restore point window.
Then Select Create. Windows will then create a restore point.
Once done you will receive notification that a System Restore point has been Created.
Close all the open widows and you are done.
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe

Microsoft MVP Consumer Security

Back to top

Next

Back to Resolved/Inactive HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users