Hijack This Logs - Recently restored my computer

**pest79456** · #1 14th Mar 2009, 22:20

I have already completely restored my computer from CD reinstalled microsoft up-dates then zone alarm (pay version) before anything else then firefox, then no-script ad-on then yes-script, then Highjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:34 PM, on 3/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Randall\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\juice.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7145 bytes

**evilfantasy** · #2 14th Mar 2009, 22:38

This all looks OK. What file is being flagged as a trojan?

**pest79456** · #3 14th Mar 2009, 22:50

none Its running at 50% at boot and when I first bought it, it ran around 20 to 30. and even after the factory recovery the system restore still wont work. when I go restore it does what is seems to suppose to do but when I log back in it tell me the it was not successful and nothing was changed. I tried to do what you suggested the last time but is doesn't seem to work at all. I can't seem to find a restore program so if I do have reinstall windows I wont have to reinstall other programs like dragon speak (which is hell every time because of training it) and zonealarm, openoffice.org and service pack 1 and updates

**evilfantasy** · #4 14th Mar 2009, 22:59

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

**pest79456** · #5 14th Mar 2009, 23:37

OK here it is:

ComboFix 09-03-13.02 - Randall 2009-03-14 23:22:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.429 [GMT -7:00]
Running from: c:\users\Randall\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-14 23:01 . 2009-03-14 23:01 <DIR> d-------- c:\windows\LastGood
2009-03-14 22:00 . 2009-03-14 22:00 <DIR> d-------- c:\program files\Trend Micro
2009-03-12 18:11 . 2009-03-12 18:11 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-03-11 01:35 . 2009-03-12 21:36 2,695 --a------ C:\rollback.ini
2009-03-10 19:31 . 2008-04-26 01:08 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-03-10 19:31 . 2008-04-11 20:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-03-10 19:31 . 2008-05-27 20:19 595,456 --a------ c:\windows\System32\FWPUCLNT.DLL
2009-03-10 19:31 . 2008-05-27 20:19 438,272 --a------ c:\windows\System32\IKEEXT.DLL
2009-03-10 19:31 . 2008-05-27 20:17 328,704 --a------ c:\windows\System32\BFE.DLL
2009-03-10 19:31 . 2008-05-27 20:27 223,288 --a------ c:\windows\System32\drivers\netio.sys
2009-03-10 19:31 . 2008-05-27 20:28 101,432 --a------ c:\windows\System32\drivers\FWPKCLNT.SYS
2009-03-10 19:31 . 2008-04-04 18:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-03-10 19:31 . 2008-04-04 20:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-03-10 19:26 . 2008-12-15 20:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 19:26 . 2008-12-15 22:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 19:26 . 2008-12-15 22:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 19:26 . 2008-12-15 22:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 19:23 . 2009-02-08 20:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 07:03 . 2009-03-10 07:03 <DIR> d-------- c:\users\Randall\AppData\Roaming\MailFrontier
2009-03-10 06:59 . 2009-03-10 06:59 <DIR> d-------- c:\users\All Users\Kaspersky SDK
2009-03-10 06:59 . 2009-03-10 06:59 <DIR> d-------- c:\programdata\Kaspersky SDK
2009-03-10 06:59 . 2009-03-14 23:25 11,051,296 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-03-10 06:59 . 2009-03-12 22:32 7,241,504 --ahs---- c:\windows\System32\drivers\fidbox(74).dat
2009-03-10 06:59 . 2009-03-14 20:59 132,392 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-03-10 06:59 . 2009-03-12 18:29 96,272 --ahs---- c:\windows\System32\drivers\fidbox(75).idx
2009-03-10 06:46 . 2008-02-22 21:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-03-10 06:46 . 2008-02-22 19:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-03-10 06:45 . 2009-02-15 23:10 72,584 --a------ c:\windows\zllsputility.exe
2009-03-10 06:44 . 2009-03-10 06:44 <DIR> d-------- c:\program files\Zone Labs
2009-03-10 06:44 . 2009-02-15 23:10 1,221,512 --a------ c:\windows\System32\zpeng25.dll
2009-03-10 06:43 . 2009-03-14 20:59 <DIR> d-------- c:\windows\System32\ZoneLabs
2009-03-10 06:43 . 2009-03-14 21:26 351,219 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-03-10 06:43 . 2009-03-12 21:29 351,219 --ah----- c:\windows\System32\drivers\vsconfig(76).xml
2009-03-10 06:43 . 2009-02-15 23:11 293,528 --a------ c:\windows\System32\drivers\vsdatant.sys
2009-03-10 06:42 . 2009-03-10 06:42 <DIR> d-------- c:\users\All Users\CheckPoint
2009-03-10 06:42 . 2009-03-10 06:42 <DIR> d-------- c:\programdata\CheckPoint
2009-03-10 06:31 . 2009-03-10 06:31 <DIR> d-------- C:\PerfLogs
2009-03-10 06:14 . 2009-03-10 05:46 152,576 --a------ c:\windows\System32\SPWizUI.dll
2009-03-10 06:14 . 2009-03-10 05:46 47,560 --a------ c:\windows\System32\SPReview.exe
2009-03-10 05:55 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2009-03-10 05:55 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2009-03-10 05:55 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2009-03-10 05:55 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2009-03-10 05:55 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2009-03-10 05:53 . 2008-01-18 23:38 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2009-03-10 05:52 . 2008-01-18 21:31 8,322,048 --a------ c:\windows\System32\spwizimg.dll
2009-03-10 05:50 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2009-03-10 05:48 . 2009-03-10 06:15 49,152 --a------ c:\windows\SPInstall.etl
2009-03-10 05:46 . 2009-03-10 05:46 <DIR> d-------- C:\3ebaf4704641ea2434fdef0de52995
2009-03-10 03:00 . 2009-03-10 03:00 269,312 --a------ c:\windows\System32\es.dll
2009-03-09 21:44 . 2009-03-09 21:44 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-03-09 21:44 . 2009-03-09 21:44 272,896 --a------ c:\windows\System32\polstore.dll
2009-03-09 21:44 . 2009-03-09 21:44 61,440 --a------ c:\windows\System32\winipsec.dll
2009-03-09 21:44 . 2009-03-09 21:44 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-03-09 21:43 . 2009-03-09 21:43 1,820 --a------ c:\windows\System32\rasctrnm.h
2009-03-09 21:42 . 2009-03-09 21:42 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-03-09 21:42 . 2009-03-09 21:42 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2009-03-09 21:42 . 2009-03-09 21:42 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.d ll
2009-03-09 21:35 . 2009-03-09 21:35 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-09 21:35 . 2009-03-09 21:35 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-09 21:32 . 2009-03-09 21:32 296,960 --a------ c:\windows\System32\gdi32.dll
2009-03-09 21:31 . 2009-03-09 21:31 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-03-09 21:30 . 2009-03-09 21:30 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-03-09 21:30 . 2009-03-09 21:30 1,695,744 --a------ c:\windows\System32\gameux.dll
2009-03-09 21:30 . 2009-03-09 21:30 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-03-09 21:30 . 2009-03-09 21:30 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-03-09 21:28 . 2009-03-09 21:28 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-03-09 21:28 . 2009-03-09 21:28 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-03-09 21:26 . 2009-03-09 21:26 2,048 --a------ c:\windows\System32\tzres.dll
2009-03-09 21:04 . 2009-03-09 21:04 2,927,104 --a------ c:\windows\explorer.exe
2009-03-09 20:56 . 2009-03-09 20:56 988,216 --a------ c:\windows\System32\winload.exe
2009-03-09 20:56 . 2009-03-09 20:56 927,288 --a------ c:\windows\System32\winresume.exe
2009-03-09 20:56 . 2009-03-09 20:56 615,992 --a------ c:\windows\System32\ci.dll
2009-03-09 20:56 . 2009-03-09 20:56 378,368 --a------ c:\windows\System32\srcore.dll
2009-03-09 20:56 . 2009-03-09 20:56 318,464 --a------ c:\windows\System32\rstrui.exe
2009-03-09 20:56 . 2009-03-09 20:56 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2009-03-09 20:56 . 2009-03-09 20:56 40,960 --a------ c:\windows\System32\srclient.dll
2009-03-09 20:56 . 2009-03-09 20:56 19,000 --a------ c:\windows\System32\kd1394.dll
2009-03-09 20:56 . 2009-03-09 20:56 14,848 --a------ c:\windows\System32\srdelayed.exe
2009-03-09 20:56 . 2009-03-09 20:56 6,656 --a------ c:\windows\System32\kbd106n.dll
2009-03-09 20:53 . 2009-03-09 20:53 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-03-09 20:53 . 2009-03-09 20:53 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-03-09 20:53 . 2009-03-09 20:53 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-03-09 20:50 . 2009-03-09 20:50 443,392 --a------ c:\windows\System32\win32spl.dll
2009-03-09 20:50 . 2009-03-09 20:50 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-03-09 20:50 . 2009-03-09 20:50 37,888 --a------ c:\windows\System32\printcom.dll
2009-03-09 20:50 . 2009-03-09 20:50 14,848 --a------ c:\windows\System32\wshrm.dll
2009-03-09 20:48 . 2009-03-09 20:48 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-03-09 20:22 . 2009-03-09 20:22 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-09 20:22 . 2009-03-09 20:22 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-09 20:22 . 2009-03-09 20:22 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-09 20:22 . 2009-03-09 20:22 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-03-09 20:22 . 2009-03-09 20:22 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-09 20:22 . 2009-03-09 20:22 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-09 20:22 . 2009-03-09 20:22 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-09 20:22 . 2009-03-09 20:22 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-09 20:05 . 2009-03-09 20:12 15,155,200 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-03-09 20:05 . 2009-03-09 20:12 32,768 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-03-09 20:05 . 2009-03-09 20:12 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-03-09 19:28 . 2009-03-09 19:28 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-09 19:28 . 2009-03-09 19:28 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-09 19:28 . 2009-03-09 19:28 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-09 19:28 . 2009-03-09 19:28 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-09 19:28 . 2009-03-09 19:28 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-09 19:08 . 2009-03-09 19:08 2,868,736 --a------ c:\windows\System32\mf.dll
2009-03-09 19:08 . 2009-03-09 19:08 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-03-09 19:08 . 2009-03-09 19:08 98,816 --a------ c:\windows\System32\mfps.dll
2009-03-09 19:08 . 2009-03-09 19:08 94,720 --a------ c:\windows\System32\logagent.exe
2009-03-09 19:08 . 2009-03-09 19:08 53,248 --a------ c:\windows\System32\rrinstaller.exe
2009-03-09 19:08 . 2009-03-09 19:08 24,576 --a------ c:\windows\System32\mfpmp.exe
2009-03-09 19:08 . 2009-03-09 19:08 2,048 --a------ c:\windows\System32\mferror.dll
2009-03-09 19:07 . 2009-03-09 19:07 1,645,568 --a------ c:\windows\System32\connect.dll
2009-03-09 19:07 . 2009-03-09 19:07 1,314,816 --a------ c:\windows\System32\quartz.dll
2009-03-09 19:07 . 2009-03-09 19:07 738,304 --a------ c:\windows\System32\inetcomm.dll
2009-03-09 19:07 . 2009-03-09 19:07 84,480 --a------ c:\windows\System32\INETRES.dll
2009-03-09 19:05 . 2009-03-09 19:05 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-09 19:05 . 2009-03-09 19:05 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-03-09 19:05 . 2009-03-09 19:05 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-03-09 19:05 . 2009-03-09 19:05 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-03-09 19:05 . 2009-03-09 19:05 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-03-09 18:45 . 2009-03-14 23:19 <DIR> d-------- c:\windows\Internet Logs
2009-03-09 18:17 . 2009-03-09 18:17 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-03-09 18:17 . 2009-03-09 18:17 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-03-09 18:17 . 2009-03-09 18:17 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-03-09 18:17 . 2009-03-09 18:17 43,544 --a------ c:\windows\System32\wups2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-11 10:11 --------- d-----w c:\program files\Windows Mail
2009-03-10 13:39 174 --sha-w c:\program files\desktop.ini
2009-03-10 13:33 --------- d-----w c:\program files\Windows Sidebar
2009-03-10 13:33 --------- d-----w c:\program files\Windows Photo Gallery
2009-03-10 13:33 --------- d-----w c:\program files\Windows Defender
2009-03-10 13:33 --------- d-----w c:\program files\Windows Collaboration
2009-03-10 13:33 --------- d-----w c:\program files\Windows Calendar
2009-03-10 13:21 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-03-10 13:20 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-03-10 04:30 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-03-10 04:30 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-10 04:30 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-03-10 04:30 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-03-10 04:30 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-03-10 04:30 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-03-10 02:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-10 01:16 --------- d-----w c:\programdata\Symantec
2009-03-09 23:52 --------- d--h--w c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-05-24 138008]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-15 768520]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{4B08337C-88B3-402B-AF73-5F3E95BDB5DF}"= c:\program files\Acer\Acer Arcade\PowerCinema.exe:CyberLink PowerCinema
"{A2C91B1F-23DD-4A0A-8096-761E566D59D2}"= c:\program files\Acer\Acer Arcade\PCMService.exe:CyberLink PowerCinema Resident Program
"{2F1B97F6-1106-40D0-92CE-A1C4CDC4541A}"= c:\program files\Acer\Acer Arcade\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{928079C7-9278-476D-A392-DF3B408FD630}"= c:\program files\Acer\Acer Arcade\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{081A4CD1-C0B2-4368-8E71-24E124956C7B}"= c:\program files\Acer\HomeMedia\HomeMedia.exe:HomeMedia
"{27A3F3FC-07CF-48E6-A1CA-4EDA23B75423}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{82BE9CBB-8DEC-45EC-8760-3B544ED09129}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-31 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\users\Randall\AppData\Roaming\Mozilla\Firefox\P rofiles\07tjbp0j.default\
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 23:25:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(348)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Completion time: 2009-03-14 23:28:17
ComboFix-quarantined-files.txt 2009-03-15 06:28:12

Pre-Run: 11,197,517,824 bytes free
Post-Run: 11,066,880,000 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
252 --- E O F --- 2009-03-11 10:05:07

**pest79456** · #6 15th Mar 2009, 00:12

I had to restart my wireless card but for minute it messed up my connection.

**evilfantasy** · #7 15th Mar 2009, 11:42

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

**pest79456** · #8 15th Mar 2009, 15:46

this it?

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3937 (20090314)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=90605c42b722534b91010396371a797a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-15 09:12:05
# local_time=2009-03-15 02:12:05 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=230407
# found=0
# scan_time=6857

**evilfantasy** · #9 15th Mar 2009, 16:56

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

----------

Whatever issues remain I'm fairly certain it isn't related to malware.

You might try making a new topic in the Windows forum. I don't use Vista so others will have more ideas than me.

**pest79456** · #10 15th Mar 2009, 17:36

ok. thanks.