• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
rachel10173

Pop up and browser problems

21 posts in this topic

Hi,

 

I'm having problems with pop ups and my browser, with the browser its got a mind of it's own and doing all sorts of stuff, adaware hasn't detected anything but norton said i had a trojan horse which it said had been removed, not sure if it has gone :huh: sometimes i can't even get online and this only started to happen this morning :angry: I've ran hijackthis so am pasting the results........................any help will be greatly appriciated :)

 

Thanks

 

Rachel

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:11:28, on 06/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Rachel\Program Files\DNA\btdna.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\WerCon.exe

C:\Windows\WindowsMobile\WmdHost.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\DllHost.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rachel\AppData\Local\Temp\ddcDsrQk.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rachel\AppData\Local\Temp\urqQigDt.dll,c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\dumlsloh.dll",s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 10015 bytes

Share this post


Link to post
Share on other sites

rachel10173

 

1. Go HERE and download TempFix.

Save it to your Desktop (but do not run it yet)

 

2. Reboot into Safe Mode

This can be done by

    Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter

3. Rt Click TempFix.zip ->> Extract all ->> And extract it to your Desktop

Additional help on extracting zip files can be found HERE

    Open the TempFix Folder.
    Rt Click TempFix.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\TempFix.txt
    Copy and paste the contents of that log in your reply.
    Note: if your root drive is something other thatn C:\ then the log will default to your designated root drive

4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.

As well as the C:\TempFix.txt log

Share this post


Link to post
Share on other sites

Hi bamajim,

 

Thanks for your help I appriciate it :)

 

New Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:06:40, on 07/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\mobsync.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Rachel\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll",s

O4 - HKCU\..\Run: [303ebcd9] rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll",b

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9582 bytes

 

Temp Fix log file

 

========================================

TempFix

 

Version 1.0

 

By bamajim @ bamajim.com

 

========================================

 

C:\Users\Rachel\AppData\Local\Temp\7ZipError.log

C:\Users\Rachel\AppData\Local\Temp\AAX26C6.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX26F5.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX2C01.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX2C21.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX3C6F.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX3C90.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX3CB0.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX3CD0.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX5AE0.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX5B0F.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX7EF3.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX7FDE.tmp

C:\Users\Rachel\AppData\Local\Temp\AAX8E.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXA2C9.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXA3E3.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXB10B.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXB13A.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXB85A.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXB88A.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXBE.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXC219.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXC239.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXC302.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXC332.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXCB41.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXCC3B.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXFBA3.tmp

C:\Users\Rachel\AppData\Local\Temp\AAXFBE3.tmp

C:\Users\Rachel\AppData\Local\Temp\AppCoreInst.dat

C:\Users\Rachel\AppData\Local\Temp\AutoRun.exe

C:\Users\Rachel\AppData\Local\Temp\AutoRunGUI.dll

C:\Users\Rachel\AppData\Local\Temp\b120x240.tmp

C:\Users\Rachel\AppData\Local\Temp\b120x600.tmp

C:\Users\Rachel\AppData\Local\Temp\b120x90.tmp

C:\Users\Rachel\AppData\Local\Temp\b125x125.tmp

C:\Users\Rachel\AppData\Local\Temp\b160x600.tmp

C:\Users\Rachel\AppData\Local\Temp\b180x150.tmp

C:\Users\Rachel\AppData\Local\Temp\b234x60.tmp

C:\Users\Rachel\AppData\Local\Temp\b240x400.tmp

C:\Users\Rachel\AppData\Local\Temp\b250x250.tmp

C:\Users\Rachel\AppData\Local\Temp\b300x100.tmp

C:\Users\Rachel\AppData\Local\Temp\b300x250.tmp

C:\Users\Rachel\AppData\Local\Temp\b336x280.tmp

C:\Users\Rachel\AppData\Local\Temp\b468x60.tmp

C:\Users\Rachel\AppData\Local\Temp\b720x300.tmp

C:\Users\Rachel\AppData\Local\Temp\b728x90.tmp

C:\Users\Rachel\AppData\Local\Temp\bfguni.exe

C:\Users\Rachel\AppData\Local\Temp\BurnEngineInstall.txt

C:\Users\Rachel\AppData\Local\Temp\byXPGYQj.dll

C:\Users\Rachel\AppData\Local\Temp\CdMkr70.ini

C:\Users\Rachel\AppData\Local\Temp\CF_Register_Action.dat

C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll

C:\Users\Rachel\AppData\Local\Temp\D653F3EC.TMP

C:\Users\Rachel\AppData\Local\Temp\ddcDsrQk.dll

C:\Users\Rachel\AppData\Local\Temp\DefInstAction.dat

C:\Users\Rachel\AppData\Local\Temp\drmtemp008CDC3D.htm

C:\Users\Rachel\AppData\Local\Temp\drmtemp008CE0B0.htm

C:\Users\Rachel\AppData\Local\Temp\drmtemp008D35C2.htm

C:\Users\Rachel\AppData\Local\Temp\drmtemp008D39D7.htm

C:\Users\Rachel\AppData\Local\Temp\dumlsloh.dll

C:\Users\Rachel\AppData\Local\Temp\esusdnya.dll

C:\Users\Rachel\AppData\Local\Temp\F2002T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\F2290T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\F2364T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\F2452T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\F2462T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\F2473T1L1_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\fccDVMEX.dll

C:\Users\Rachel\AppData\Local\Temp\FW_Register_Plugin_Action.dat

C:\Users\Rachel\AppData\Local\Temp\gamemanager_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\gamestub_install_log.txt

C:\Users\Rachel\AppData\Local\Temp\HPDriverSetup.log

C:\Users\Rachel\AppData\Local\Temp\hpzpdu.log

C:\Users\Rachel\AppData\Local\Temp\IDSinst.LOG

C:\Users\Rachel\AppData\Local\Temp\isDel.bat

C:\Users\Rachel\AppData\Local\Temp\JcMkr40.ini

C:\Users\Rachel\AppData\Local\Temp\liruskoi.dll

C:\Users\Rachel\AppData\Local\Temp\logfile.txt

C:\Users\Rachel\AppData\Local\Temp\lwbbgjhx.dll

C:\Users\Rachel\AppData\Local\Temp\mcrh.tmp

C:\Users\Rachel\AppData\Local\Temp\Microsoft Office 2003 Setup(0001).txt

C:\Users\Rachel\AppData\Local\Temp\Microsoft Office 2003 Setup(0001)_Task(0001).txt

C:\Users\Rachel\AppData\Local\Temp\mrhltpmx.ini

C:\Users\Rachel\AppData\Local\Temp\MSI423a6.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI423a7.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI79a49.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI79a4a.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI79a4b.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI8200b.LOG

C:\Users\Rachel\AppData\Local\Temp\MSI8200c.LOG

C:\Users\Rachel\AppData\Local\Temp\msvcxpxx.dll

C:\Users\Rachel\AppData\Local\Temp\NapsterSDKInst.log

C:\Users\Rachel\AppData\Local\Temp\NCInstallLog.txt

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2007 Uninstall 6-5-2008 16h22m17s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 16h36m2s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 16h57m6s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 6-5-2008 17h49m58s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 Uninstall 6-5-2008 16h46m55s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Internet Security 2008 Uninstall 6-5-2008 17h13m0s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 10,1,0 6-5-2008 16h22m14s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h35m16s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h46m53s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 16h57m3s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h12m59s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h45m55s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Setup 15,0,0 6-5-2008 17h49m57s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 16h35m15s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 16h57m2s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 17h45m26s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,0 6-5-2008 17h49m48s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,1 6-5-2008 17h45m54s.log

C:\Users\Rachel\AppData\Local\Temp\Norton Stub 4,0,1 6-5-2008 17h49m57s.log

C:\Users\Rachel\AppData\Local\Temp\nsbFE9E.tmp

C:\Users\Rachel\AppData\Local\Temp\nsbFE9E.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsd5340.tmp

C:\Users\Rachel\AppData\Local\Temp\nsd5340.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsdDE36.tmp

C:\Users\Rachel\AppData\Local\Temp\nsdDE36.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsgF300.tmp

C:\Users\Rachel\AppData\Local\Temp\nsgF300.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsiEE71.tmp

C:\Users\Rachel\AppData\Local\Temp\nsiEE71.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nslCC87.tmp

C:\Users\Rachel\AppData\Local\Temp\nslCC87.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nso5B20.tmp

C:\Users\Rachel\AppData\Local\Temp\nso5B20.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nspD684.tmp

C:\Users\Rachel\AppData\Local\Temp\nspD684.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nspDDD7.tmp

C:\Users\Rachel\AppData\Local\Temp\nspDDD7.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsqEC39.tmp

C:\Users\Rachel\AppData\Local\Temp\nsqEC39.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsrC5A2.tmp

C:\Users\Rachel\AppData\Local\Temp\nsrC5A2.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsx6960.tmp

C:\Users\Rachel\AppData\Local\Temp\nsx6960.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\nsx719D.tmp

C:\Users\Rachel\AppData\Local\Temp\nsx719D.tmp.xml

C:\Users\Rachel\AppData\Local\Temp\NtiJewel.ini

C:\Users\Rachel\AppData\Local\Temp\offcln11.log

C:\Users\Rachel\AppData\Local\Temp\OneNote_MigrationLog.txt

C:\Users\Rachel\AppData\Local\Temp\otffufwb.dll

C:\Users\Rachel\AppData\Local\Temp\pdfnkqxt.ini

C:\Users\Rachel\AppData\Local\Temp\ppcrlui_4264_2

C:\Users\Rachel\AppData\Local\Temp\ppcrlui_4288_2

C:\Users\Rachel\AppData\Local\Temp\PreScan.log

C:\Users\Rachel\AppData\Local\Temp\QBackupInst.dat

C:\Users\Rachel\AppData\Local\Temp\QTInstallCode.log

C:\Users\Rachel\AppData\Local\Temp\qtplugin.log

C:\Users\Rachel\AppData\Local\Temp\Rachel.bmp

C:\Users\Rachel\AppData\Local\Temp\rem628B.tmp

C:\Users\Rachel\AppData\Local\Temp\removalfile.bat

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200804221706281590).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042221161915E8).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080423082112D2C).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200804250719201054).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042613355016A0).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008042808265515C0).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080430212309E34).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008043021242912A4).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080501073328474).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080504211855A7C).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008050509221815DC).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080513123211C8C).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080513124930AFC).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805131252031E8).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805191619371578).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201556191564).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201846261144).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520191603DAC).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520192044BD0).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201921141718).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080520192711150C).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201927439D8).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805201928501314).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008052207273315B0).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(2008052318295014C0).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(200805231854431704).log

C:\Users\Rachel\AppData\Local\Temp\SetupExe(20080523185607730).log

C:\Users\Rachel\AppData\Local\Temp\setupprop.dat

C:\Users\Rachel\AppData\Local\Temp\Silverlight0.log

C:\Users\Rachel\AppData\Local\Temp\SilverlightMSI.log

C:\Users\Rachel\AppData\Local\Temp\SilverlightMSI63E0.txt

C:\Users\Rachel\AppData\Local\Temp\SilverlightUI63E0.txt

C:\Users\Rachel\AppData\Local\Temp\SNDunin.log

C:\Users\Rachel\AppData\Local\Temp\srtUnin.log

C:\Users\Rachel\AppData\Local\Temp\swt-awt-win32-3346.dll

C:\Users\Rachel\AppData\Local\Temp\swt-win32-3346.dll

C:\Users\Rachel\AppData\Local\Temp\SYMEVENT.LOG

C:\Users\Rachel\AppData\Local\Temp\symlcsv1.exe

C:\Users\Rachel\AppData\Local\Temp\tDgiQqru.ini

C:\Users\Rachel\AppData\Local\Temp\tDgiQqru.ini2

C:\Users\Rachel\AppData\Local\Temp\tempmessage.bfg

C:\Users\Rachel\AppData\Local\Temp\tmp00008e4a

C:\Users\Rachel\AppData\Local\Temp\tmp00009a7a

C:\Users\Rachel\AppData\Local\Temp\tmp00009bb2

C:\Users\Rachel\AppData\Local\Temp\tmp0000d96d

C:\Users\Rachel\AppData\Local\Temp\tmp000101b4

C:\Users\Rachel\AppData\Local\Temp\tmp000141fe

C:\Users\Rachel\AppData\Local\Temp\tmp000181cc

C:\Users\Rachel\AppData\Local\Temp\tmpCBC3D.FOT

C:\Users\Rachel\AppData\Local\Temp\tmpCDC3D.FOT

C:\Users\Rachel\AppData\Local\Temp\tmpD9C3D.FOT

C:\Users\Rachel\AppData\Local\Temp\tmpE6C3D.FOT

C:\Users\Rachel\AppData\Local\Temp\txqknfdp.dll

C:\Users\Rachel\AppData\Local\Temp\url.txt

C:\Users\Rachel\AppData\Local\Temp\urqnLETn.dll

C:\Users\Rachel\AppData\Local\Temp\urqQigDt.dll

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200804221706301590).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042221162015E8).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080423082114D2C).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200804250719241054).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042613355116A0).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008042808265715C0).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080430212310E34).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008043021243012A4).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080501073329474).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080504211856A7C).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008050509222415DC).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080513123216C8C).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080513124931AFC).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805131252041E8).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805191619391578).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201556201564).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201846271144).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520191604DAC).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520192045BD0).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201921151718).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(20080520192712150C).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201927449D8).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805201928511314).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008052207273415B0).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(2008052318295114C0).log

C:\Users\Rachel\AppData\Local\Temp\UserInfoSetup(200805231854441704).log

C:\Users\Rachel\AppData\Local\Temp\vcredist32_6-5-2008_16h35m17s.log

C:\Users\Rachel\AppData\Local\Temp\vtUNeeCu.dll

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080331_180702.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080401_181505.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080402_183111.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080403_191811.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080403_195350.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080404_201326.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_095513.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_121731.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080421_183200.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080424_185809.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080425_133006.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080425_161528.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080427_101257.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080428_182503.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080429_165905.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080430_131415.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080505_094839.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080506_094431.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080506_205818.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080507_100600.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080508_145226.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080512_172529.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080515_100940.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080519_073134.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080520_175425.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080521_141607.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080522_185557.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080523_180702.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_080913.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_151249.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080527_165402.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080528_185951.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080529_031115.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080530_175343.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080531_141531.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080601_153033.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080602_155517.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080603_164649.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080604_145044.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_170521.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_174343.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_191839.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080605_201239.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080606_203247.mvu

C:\Users\Rachel\AppData\Local\Temp\wcesmgr_20080607_085439.mvu

C:\Users\Rachel\AppData\Local\Temp\wmplog00.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog01.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog02.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog03.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog04.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog05.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog06.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog07.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog08.sqm

C:\Users\Rachel\AppData\Local\Temp\wmplog09.sqm

C:\Users\Rachel\AppData\Local\Temp\wmsetup.log

C:\Users\Rachel\AppData\Local\Temp\xhjgbbwl.ini

C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll

C:\Users\Rachel\AppData\Local\Temp\{D3CFA2A2-FF53-4F16-8C2E-590430D3CB5A}

C:\Users\Rachel\AppData\Local\Temp\~0000001.TMP

C:\Users\Rachel\AppData\Local\Temp\~DF476D.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF67F1.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF7C43.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF82A8.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF8845.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF8B8E.tmp

C:\Users\Rachel\AppData\Local\Temp\~DF96F.tmp

C:\Users\Rachel\AppData\Local\Temp\~DFABE6.tmp

C:\Users\Rachel\AppData\Local\Temp\~DFC59B.tmp

C:\Users\Rachel\AppData\Local\Temp\~DFD995.tmp

C:\Users\Rachel\AppData\Local\Temp\~e5d141.tmp

 

308 files deleted

 

 

Thanks

 

Rachel

Share this post


Link to post
Share on other sites

rachel10173

 

You are most Welcome.

 

1. Rerun Hijackthis (scan only) and place checks beside the following entries

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
    O4 - HKCU\..\Run: [bM330d8f45] Rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\cqjiwlmb.dll",s
    O4 - HKCU\..\Run: [303ebcd9] rundll32.exe "C:\Users\Rachel\AppData\Local\Temp\xmptlhrm.dll",b

Close all other open windows except Hijackthis and Select "Fix checked"

 

Close Hijackthis

 

2. Using Windows Explorer

    Rt Click the Start Buttton (The Vista Icon) ->> Explore, and you will see the "tree' of file folders in the left side of the window.
    Click on the ">" next to any folder name to expand its contents

Locate and Delete the following file

    c:\windows\system\Update.exe

Close Windows Explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Share this post


Link to post
Share on other sites

Hi,

 

New Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:33:05, on 09/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Rachel\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\WindowsMobile\WmdHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Windows Media Player\wmplayer.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9580 bytes

 

 

Thanks

 

Rachel :D

Share this post


Link to post
Share on other sites

rachel10173

 

You are most welcome.

 

We still have one entry that needs to go. Which seems to be putting up a little fight.

 

Were you able to find and delete the file ?

 

c:\windows\system\Update.exe

 

And how is your PC running now?

 

1. Go HERE and download File Lister.

    Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt

Share this post


Link to post
Share on other sites

Hi,

 

My Pc is running alot better but norton still says it's detecting trojans but is blocking them....... :huh: I'm having problems with this program File Lister, I've done exactly as you've told me but i'm not getting any log file. Like you describe when you click the program on it looks like it's not doing anything but from the sounds my pc makes after i've clicked on it, it sounds like it's doing something...... :)

 

Thanks

 

Rachel ^_^

Share this post


Link to post
Share on other sites

rachel10173

 

1. Let's see if it produced a log and just didn't open on its own. By default the log will be located and named C:\Files.txt. If the log is there then post the results.

 

If it is not there, then reboot into Safe mode and run it from there.

Share this post


Link to post
Share on other sites

Hi,

 

I've checked in that location and there isn't a file called C:\Files.txt. would it have saved anywhere else?

 

Thanks

 

Rachel ;)

Share this post


Link to post
Share on other sites

rachel10173

 

No, that's the default location. Thanks for looking. Something must be interfering.

 

Let's change tools.

 

Please download Combofix and save to your desktop:

    Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.

Share this post


Link to post
Share on other sites

Hi there,

 

combofix log file

 

ComboFix 08-06-09.7 - Rachel 2008-06-10 15:36:02.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1244 [GMT 1:00]

Running from: C:\Users\Rachel\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Rachel\AppData\Roaming\inst.exe

C:\Windows\system32\ddcawxvS.dll

C:\Windows\system32\lJATjiii.dll

C:\Windows\system32\pmnNDTLC.dll

C:\Windows\system32\R.txt

C:\Windows\system32\wvUkklLF.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))

.

 

2008-06-06 13:41 . 2008-06-06 13:41 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-06-06 13:41 . 2008-06-06 13:41 <DIR> d-------- C:\ProgramData\Apple Computer

2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\Users\All Users\Apple

2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\ProgramData\Apple

2008-06-06 13:39 . 2008-06-06 13:39 <DIR> d-------- C:\Program Files\Apple Software Update

2008-06-06 07:21 . 2008-06-06 07:21 <DIR> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

2008-06-05 17:52 . 2008-06-06 13:03 <DIR> d-------- C:\Program Files\Norton Internet Security

2008-06-05 17:50 . 2008-06-06 12:41 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2008-06-05 17:50 . 2008-06-06 12:41 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2008-06-05 17:50 . 2008-06-06 12:41 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2008-06-05 16:43 . 2008-06-05 18:41 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Symantec

2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Ludia

2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\Users\All Users\Ludia

2008-06-03 17:54 . 2008-06-03 17:54 <DIR> d-------- C:\ProgramData\Ludia

2008-06-03 17:28 . 2008-06-03 17:30 <DIR> d-------- C:\Program Files\Hells Kitchen

2008-06-03 16:54 . 2008-06-03 16:54 303 --a------ C:\Windows\ST6UNST.001

2008-06-03 16:51 . 2008-06-03 16:51 20,487 --a------ C:\Windows\System32\z-lib.dll

2008-06-03 16:51 . 2008-06-03 16:51 303 --a------ C:\Windows\ST6UNST.000

2008-06-03 16:51 . 2008-06-03 16:51 0 --a------ C:\Windows\System32\MSWINSCK.OCX

2008-06-02 20:08 . 2008-06-10 07:53 <DIR> d-------- C:\Program Files\Pool Buddy Yahoo

2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Flood Light Games

2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\Users\All Users\Flood Light Games

2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\ProgramData\Flood Light Games

2008-06-02 12:35 . 2008-06-02 12:35 <DIR> d-------- C:\Program Files\James Patterson's Women's Murder Club - Death in Scarlet

2008-05-31 15:07 . 2008-05-31 15:07 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-05-31 14:56 . 2008-05-31 14:56 <DIR> d-------- C:\Users\All Users\Sony Ericsson

2008-05-31 14:56 . 2008-05-31 14:56 <DIR> d-------- C:\ProgramData\Sony Ericsson

2008-05-31 14:56 . 2008-05-31 14:56 1,419,232 --a------ C:\Windows\System32\wdfcoinstaller01005.dll

2008-05-31 14:56 . 2008-05-31 14:56 20,520 --a------ C:\Windows\System32\drivers\ggsemc.sys

2008-05-31 14:56 . 2008-05-31 14:56 13,352 --a------ C:\Windows\System32\drivers\ggflt.sys

2008-05-31 14:55 . 2008-05-31 15:16 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-05-28 20:33 . 2008-05-28 20:33 <DIR> d-------- C:\Users\Rachel\Program Files

2008-05-28 20:33 . 2008-06-10 15:33 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\DNA

2008-05-28 20:33 . 2008-05-28 20:33 <DIR> d-------- C:\Program Files\DNA

2008-05-28 20:33 . 2008-05-28 20:35 <DIR> d-------- C:\Program Files\BitTorrent

2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\Users\All Users\vsosdk

2008-05-28 19:49 . 2008-05-28 19:49 <DIR> d-------- C:\ProgramData\vsosdk

2008-05-28 19:18 . 2008-05-28 19:18 <DIR> d-------- C:\Program Files\VSO

2008-05-28 19:18 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll

2008-05-28 19:18 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll

2008-05-28 19:18 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll

2008-05-28 19:18 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll

2008-05-28 19:18 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll

2008-05-28 19:18 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll

2008-05-28 19:18 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll

2008-05-28 19:03 . 2008-06-06 13:42 <DIR> d-------- C:\Program Files\QuickTime Alternative

2008-05-28 19:03 . 2008-05-28 19:03 <DIR> d-------- C:\Program Files\Media Player Classic

2008-05-28 19:03 . 2002-12-20 12:40 675,328 --a------ C:\Windows\System32\ir50_32.qtx

2008-05-28 19:03 . 2004-10-27 13:01 360,504 --a------ C:\Windows\System32\QTPlugin.ocx

2008-05-28 19:03 . 2004-01-12 17:57 86,016 --a------ C:\Windows\System32\QuickTime.ax

2008-05-28 17:58 . 2008-05-28 17:58 <DIR> d-------- C:\Program Files\WinAVI DVD Copy

2008-05-28 17:52 . 2008-05-28 19:09 <DIR> d-------- C:\Program Files\WinAVI Video Converter

2008-05-28 17:20 . 2008-05-28 17:20 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter

2008-05-28 16:53 . 2008-06-10 11:51 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\Vso

2008-05-28 16:53 . 2008-05-28 16:53 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys

2008-05-28 16:53 . 2008-05-28 19:18 47,360 --a------ C:\Users\Rachel\AppData\Roaming\pcouffin.sys

2008-05-28 16:34 . 2008-05-28 16:35 <DIR> d-------- C:\VIDEO_TS

2008-05-28 16:24 . 2008-05-28 16:24 <DIR> d-------- C:\Users\All Users\Elaborate Bytes

2008-05-28 16:24 . 2008-05-28 16:24 <DIR> d-------- C:\ProgramData\Elaborate Bytes

2008-05-28 16:21 . 2008-05-28 16:36 48 --ahs---- C:\Windows\SBACFE7B0.tmp

2008-05-28 16:19 . 2008-05-28 16:19 <DIR> d-------- C:\Program Files\Elaborate Bytes

2008-05-28 06:26 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-05-28 06:26 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

2008-05-26 18:06 . 2008-05-26 18:06 <DIR> d-------- C:\Users\All Users\NtiDvdCopy

2008-05-26 18:06 . 2008-05-26 18:06 <DIR> d-------- C:\ProgramData\NtiDvdCopy

2008-05-26 17:41 . 2004-02-17 02:06 61,440 --a------ C:\Windows\UnDeploy.exe

2008-05-26 17:34 . 2008-05-26 17:34 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-24 17:56 . 2008-05-24 17:56 <DIR> d-------- C:\Users\All Users\LightScribe

2008-05-24 17:56 . 2008-05-24 17:56 <DIR> d-------- C:\ProgramData\LightScribe

2008-05-24 03:35 . 2008-05-24 03:35 <DIR> d-------- C:\PerfLogs

2008-05-23 19:37 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-23 19:36 . 2008-01-19 08:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr

2008-05-23 19:35 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-23 19:34 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-23 19:34 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-23 19:34 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-23 19:34 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-23 19:34 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-23 19:34 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-23 18:58 . 2007-04-09 13:23 28,040 --a------ C:\Windows\System32\mdimon.dll

2008-05-23 18:58 . 2008-05-23 18:58 376 --a------ C:\Windows\ODBC.INI

2008-05-23 18:56 . 2008-05-23 18:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync

2008-05-23 15:42 . 2008-05-23 15:42 <DIR> d-------- C:\Program Files\Xvid

2008-05-23 15:42 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll

2008-05-23 15:42 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll

2008-05-23 15:42 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax

2008-05-22 19:39 . 2008-06-10 08:17 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\uTorrent

2008-05-22 19:39 . 2008-05-22 19:39 <DIR> d-------- C:\Program Files\uTorrent

2008-05-20 12:25 . 2008-05-20 13:12 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\MysteryStudio

2008-05-20 12:24 . 2008-05-20 12:24 <DIR> d-------- C:\Program Files\The Lost Cases of Sherlock Holmes

2008-05-16 11:40 . 2008-05-21 07:08 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-05-13 12:55 . 2008-05-13 12:56 <DIR> d-------- C:\Program Files\HP

2008-05-13 12:47 . 2008-05-13 12:47 <DIR> d-------- C:\Users\All Users\Hewlett-Packard

2008-05-13 12:47 . 2008-05-13 12:47 <DIR> d-------- C:\ProgramData\Hewlett-Packard

2008-05-13 12:30 . 2007-02-02 11:27 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll

2008-05-11 17:47 . 2008-05-11 17:47 <DIR> d-------- C:\Users\Rachel\AppData\Roaming\BloodTies

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 14:01 --------- d-----w C:\ProgramData\Symantec

2008-06-10 12:02 --------- d---a-w C:\ProgramData\TEMP

2008-06-06 12:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-06 11:41 --------- d-----w C:\Program Files\Symantec

2008-05-28 16:58 2,572 ----a-w C:\Windows\WINDVDBOOTRECDOE.sys

2008-05-26 17:16 --------- d-----w C:\Program Files\Yahoo!

2008-05-24 02:50 --------- d-----w C:\ProgramData\NVIDIA

2008-05-24 02:48 174 --sha-w C:\Program Files\desktop.ini

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Mail

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Journal

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Defender

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-24 02:39 --------- d-----w C:\Program Files\Windows Calendar

2008-05-23 20:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-23 20:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-23 18:01 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-23 18:01 --------- d-----w C:\Program Files\Microsoft Works

2008-05-22 17:58 --------- d-----w C:\Program Files\LimeWire

2008-05-18 12:53 --------- d-----w C:\Program Files\Hidden Expedition - Everest

2008-05-09 10:53 --------- d-----w C:\Users\Rachel\AppData\Roaming\Roxio

2008-05-09 10:51 --------- d-----w C:\ProgramData\Napster

2008-05-09 10:21 --------- d-----w C:\Program Files\Napster

2008-05-09 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-09 10:20 --------- d-----w C:\Program Files\Common Files\Napster Shared

2008-05-07 17:33 --------- d-----w C:\Program Files\Hidden Expedition - Titanic

2008-04-27 09:04 --------- d-----w C:\Users\Rachel\AppData\Roaming\LimeWire

2008-04-26 16:52 --------- d-----w C:\Program Files\bfgclient

2008-04-23 14:52 --------- d-----w C:\Program Files\EA GAMES

2008-04-10 03:50 988,216 ----a-w C:\Windows\System32\winload.exe

2008-04-10 03:50 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-04-10 03:50 615,992 ----a-w C:\Windows\System32\ci.dll

2008-04-10 03:50 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-04-10 03:50 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-04-10 03:50 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-04-10 03:50 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-04-10 03:50 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-04-10 03:50 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-04-10 03:50 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-04-10 03:48 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-04-10 03:48 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-04-10 03:43 826,880 ----a-w C:\Windows\System32\wininet.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 04:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-06-05 19:05 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 04:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 04:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]

"Acer Tour Reminder"="" []

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]

"BitTorrent DNA"="C:\Users\Rachel\Program Files\DNA\btdna.exe" [2008-05-28 20:33 289088]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 12:06 4669440 C:\Windows\RtHDVCpl.exe]

"Acer Tour"="" []

"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 18:27 319488]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 08:04 464168]

"eRecoveryService"="" []

"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]

"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 10:22 2476408]

"Skytel"="Skytel.exe" [2007-06-15 17:45 1826816 C:\Windows\SkyTel.exe]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]

"Windows Updates"="c:\windows\system\Update.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [4/17/2007 2:09:28 AM 528384]

PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [4/17/2007 2:13:50 AM 200812]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]

--a------ 2007-02-16 02:39 151552 C:\Acer\AcerTour\Reminder.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]

C:\ACERSW\config\NewSetApanel.cmd

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]

--------- 2007-07-13 23:24 178280 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]

--a------ 2006-11-06 06:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C0B04953-9D63-4886-9FEE-B20972592777}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live

"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess

"{F42A10AE-D383-4A78-9E05-64BBC84376C5}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess

"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess

"{E59634F8-1C07-40AC-84E1-E301FBC238EE}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine

"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia

"{5F06C73B-3B46-4ED5-983C-2880071833B2}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect

"{1955E669-BE1F-4C13-B854-FB32F2900974}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service

"{A8757501-B402-4C19-AD10-EA4697A9512B}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician

"{8E47E7FD-79DD-428C-A05F-F7200334254D}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PlayMovie.exe:Acer PlayMovie

"{312F417F-26BC-48A5-86A7-154D5D53330D}"= C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe:Acer PlayMovie Resident Program

"{0A4972C2-2428-4D35-B9E5-207D64085451}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{017E57F5-441E-4E25-9CEE-26D12ACDEE61}"= UDP:C:\Program Files\DNA\btdna.exe:DNA

"{711706E3-083C-4EA8-86B5-3447443E5A60}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

"{C11073E6-507E-49EE-9004-E086C5E0CF11}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{26DE66B1-7B09-4090-A12B-03C493213FDD}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu

"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption

"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 04:22]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080607.001\IDSvix86.sys [2008-03-20 21:37]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 16:24]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-04-05 02:54]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]

R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33]

R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 15:04]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-05-31 14:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-06-09 19:32:11 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Rachel.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 15:38:35

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-10 15:39:30

ComboFix-quarantined-files.txt 2008-06-10 14:39:24

 

Pre-Run: 66,159,935,488 bytes free

Post-Run: 66,702,643,200 bytes free

 

300 --- E O F --- 2008-06-10 07:27:25

 

 

Thanks

 

Rachel

Share this post


Link to post
Share on other sites

Hi,

 

So far so good nothing has popped up today ^_^ do you think you may have got rid of it and what do you think it was?

 

Many Thanks

 

Rachel :D

Share this post


Link to post
Share on other sites

rachel10173

 

I'm sure it's gone.

 

It was an infection called "Vundo"

 

Let's make sure there is nothing left behind

 

Please perform an Ewido Online Malware Scan

  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Share this post


Link to post
Share on other sites

Hi,

 

Just started to get more things come through norton, heres a copy of the logs from Norton

 

Category: Security risks

Date Time,Feature,Risk Name,Result,Item Type,Virus Definition Version,Product Version,User Name,Computer Name,Details

09/06/2008 10:09:03,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.016,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~0v7485.tmp.tmp

09/06/2008 10:09:03,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.016,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~hu7221.tmp.tmp

09/06/2008 09:47:21,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~ij9518.tmp.tmp

09/06/2008 09:47:19,Auto-Protect,Bloodhound.Exploit.13,Blocked,File,2008.06.08.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Heuristic Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\media player\transcoded files cache\~6g8a87.tmp.tmp

07/06/2008 08:54:10,Auto-Protect,Trojan.LowZones,Blocked,File,2008.06.06.023,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\content.ie5\v64145lu\kb713501[1]

06/06/2008 07:31:08,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\6r8fzjgr\data[1].htm

06/06/2008 07:17:05,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\wroia1nf\scan[1].htm

06/06/2008 07:17:01,Auto-Protect,Downloader,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\n5dl0mpv\18_swp[1].htm

06/06/2008 07:13:15,Auto-Protect,AntiSpywareMaster,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Misleading Application;Overall Risk Impact: Medium;Performance: Medium;Privacy: Medium;Removal: Medium;Stealth: Medium;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\uacw3hqv\ase_setup_free[1].exe

06/06/2008 06:55:30,Auto-Protect,Trojan.LowZones,Blocked,File,2008.06.05.022,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\microsoft\windows\temporary internet files\content.ie5\qcz3scpr\kb713501[1]

05/06/2008 21:10:46,Virus scanner,Tracking Cookie,Fully removed,File,2008.06.05.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Cookie;Overall Risk Impact: Low;Performance: Low;Privacy: Low;Removal: Low;Stealth: Low;Action taken: Fully removed;Affected Areas;Network & Browser Items;Cookie:[email protected]/;Cookie:[email protected]/;Cookie:[email protected]/;Cookie:[email protected]/;Cookie:[email protected]/adrevolver/

05/06/2008 18:51:15,Auto-Protect,Trojan Horse,Blocked,File,2008.06.04.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Blocked;Affected Areasc:\users\rachel\appdata\local\temp\ixp002.tmp\nis key.exe

05/06/2008 18:49:11,Virus scanner,Trojan Horse,Fully removed,File,2008.06.04.003,15.0.0.60,SYSTEM,RACHEL-PC,Risk category: Virus;Overall Risk Impact: High;Performance: High;Privacy: High;Removal: High;Stealth: High;Action taken: Fully removed;Affected Areas;Processes & Start-Up Items;c:\users\rachel\appdata\local\temp\ixp004.tmp\nis key.exe;Network & Browser Items;Browser Cache

 

Category: Intrusion prevention

Date Time,Message,Details

10/06/2008 18:51:55,Intrusion: HTTP Malicious Toolkit Download Activity.,"Intrusion: HTTP Malicious Toolkit Download Activity. Intruder: RACHEL-PC(51210). Risk Level: High. Protocol: TCP. Attacked IP: www.redir94.com. Attacked Port: http(80)."

10/06/2008 11:52:22,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.

10/06/2008 11:52:22,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

10/06/2008 11:52:22,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

10/06/2008 07:09:12,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

10/06/2008 07:03:32,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

10/06/2008 07:03:31,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.

10/06/2008 07:03:31,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

09/06/2008 19:19:03,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.

09/06/2008 19:19:03,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

09/06/2008 19:19:03,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

09/06/2008 09:52:03,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

09/06/2008 09:52:02,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080607.001. Intrusion Prevention Engine Version: 4.0.1.80206.

09/06/2008 09:52:02,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

09/06/2008 09:28:21,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

09/06/2008 09:28:20,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

09/06/2008 09:28:20,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

09/06/2008 09:19:35,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

09/06/2008 09:13:50,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

09/06/2008 09:13:50,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

09/06/2008 09:13:50,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

08/06/2008 09:36:22,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

08/06/2008 09:30:57,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

08/06/2008 09:30:56,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

08/06/2008 09:30:56,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

07/06/2008 15:03:44,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

07/06/2008 15:03:44,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

07/06/2008 15:03:44,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

07/06/2008 09:04:51,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

07/06/2008 09:04:51,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

07/06/2008 09:04:51,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

07/06/2008 03:46:40,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

07/06/2008 00:45:59,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

07/06/2008 00:45:58,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080606.003. Intrusion Prevention Engine Version: 4.0.1.80206.

07/06/2008 00:45:58,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

06/06/2008 20:30:54,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

06/06/2008 20:30:53,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.

06/06/2008 20:30:53,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

06/06/2008 17:46:12,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

06/06/2008 17:46:11,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.

06/06/2008 17:46:11,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

06/06/2008 13:18:16,Intrusion: MSIE Apple QuickTime RTSP URI Remote BO.,"Intrusion: MSIE Apple QuickTime RTSP URI Remote BO. Risk Level: High. URL: http://www.thisisleicestershire.co.uk/disp...20807522."

06/06/2008 13:03:42,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

06/06/2008 13:03:42,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.

06/06/2008 13:03:42,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

06/06/2008 12:45:24,Intrusion: HTTP Malware Alarm Install.,"Intrusion: HTTP Malware Alarm Install. Intruder: RACHEL-PC(49242). Risk Level: High. Protocol: TCP. Attacked IP: 77.91.229.104. Attacked Port: http(80)."

06/06/2008 12:36:39,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

06/06/2008 12:36:39,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.

06/06/2008 12:36:39,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

06/06/2008 06:49:42,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

05/06/2008 23:36:09,Intrusion Prevention is monitoring 1108 signatures.,Intrusion Prevention is monitoring 1108 signatures.

05/06/2008 23:36:09,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080604.001. Intrusion Prevention Engine Version: 4.0.1.80206.

05/06/2008 23:36:09,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

05/06/2008 19:16:01,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.

05/06/2008 19:16:01,Intrusion Prevention is monitoring 1105 signatures.,Intrusion Prevention is monitoring 1105 signatures.

05/06/2008 19:16:01,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

05/06/2008 19:06:38,Intrusion Prevention is monitoring 1105 signatures.,Intrusion Prevention is monitoring 1105 signatures.

05/06/2008 19:06:38,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.,Intrusion Prevention Signature File Version: 20080530.001. Intrusion Prevention Engine Version: 4.0.1.80206.

05/06/2008 19:06:38,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

05/06/2008 18:46:51,Browser protection has been enabled.,Browser protection has been enabled.

05/06/2008 18:46:50,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

05/06/2008 18:46:49,Intrusion Prevention is monitoring 987 signatures.,Intrusion Prevention is monitoring 987 signatures.

05/06/2008 18:46:49,Intrusion Prevention Signature File Version: 20070823.002. Intrusion Prevention Engine Version: 3.512.1.4995.,Intrusion Prevention Signature File Version: 20070823.002. Intrusion Prevention Engine Version: 3.512.1.4995.

05/06/2008 18:46:49,Intrusion Prevention has been enabled.,Intrusion Prevention has been enabled.

 

 

I hope this can help shed some light on the probblem

 

Rachel ^_^

Share this post


Link to post
Share on other sites

rachel10173

 

Those logs show Norton doing what it is supposed to do. The recent activity shows typical intrusion attempts when someone surfs the net. Nothing in ths logs indicates any resident infection.

 

Please proceed with the AVG online scan.

Share this post


Link to post
Share on other sites

Hi,

 

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][5].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt

Risk: Medium

 

Name: TrackingCookie.Adbrite

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

Risk: Medium

 

Name: TrackingCookie.Adbrite

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

Risk: Medium

 

Name: TrackingCookie.Adrevolver

Path: C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

Risk: Medium

 

Thanks

 

Rachel ^_^

Share this post


Link to post
Share on other sites

Hi :D

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:00:07, on 12/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\mobsync.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Rachel\Program Files\DNA\btdna.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Rachel\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9395 bytes

 

 

Thanks

 

Rachel ^_^

Share this post


Link to post
Share on other sites

rachel10173

 

You may now remove/delete/uninstall the tools we used to clean your PC

 

Now that your log is clean

 

There are some final notes:

Let's create a clean System Restore Point

 

To create a Clean System Restore Point in Vista

    Click Start (the Vista icon) ->> All Programs ->> Accessories ->> System Tools ->> System Restore
    The System restore Window will open. Select Open System Protection
    Another window will open, Hilite The C:\ Drive in the window
    Then Select Create. Yet another window will open type in todays date 05262008 (or what ever you would like to remind you of this Restore Point) in the Create a restore point window.
    Then Select Create. Windows will then create a restore point.
    Once done you will receive notification that a System Restore point has been Created.
    Close all the open widows and you are done.

Update your Anti Virus Software

 

Use and maintain a Firewall

 

Visit Microsoft's Windows Update Site Frequently for critical updates

 

Backup your Important Documents and Files on a regular basis

    To a disc or a USB key, not your Hardrive

You may want to read this article"So how did I get infected in the first place" by Tony Klein

 

surf safe

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0