francis Posted June 24, 2008 Report Share Posted June 24, 2008 Hi BTMy name is Francis.I have this problem where everytime i go into the internet i get these popups of adds and on the bottom right hand side "Ad served by internet software"popsup!My PC also runs slower betwwen applications and when i close MY documents all the icons disappear and then come back after a while.How do i get rid of this.It started about a month or two ago.I tried running PC Tools spyware doctor,No Adware and AVG free but none seem to pick up anything.I downloaded Hijackthis and did a scan. Here is the log report bellow.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:58:33 AM, on 2008/06/24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\swdsvc.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\StkCSrv.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\ATKOSD2\ATKOSD2.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\ATK Media\DMEDIA.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\Power4 Gear\BatteryLife.exeC:\Program Files\Wireless Console 2\wcourier.exeC:\WINDOWS\system32\ASUSTPE.exeC:\WINDOWS\ASScrPro.exeC:\WINDOWS\system32\ACEngSvr.exeC:\Program Files\Atheros\ACU.exeC:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\Program Files\ATK Hotkey\ATKOSD.exeC:\WINDOWS\system32\ctfmon.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PVSW\bin\w3dbsmgr.exeC:\Program Files\ATK Hotkey\KBFiltr.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\ATK Hotkey\WDC.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: InternetSoftware - {AF7E9EBB-E1CF-7F7C-C608-13185698F3E9} - C:\Program Files\InternetSoftware\InternetSoftware-1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exeO4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')O4 - Startup: CCC.lnk = ?O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.asus.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cabO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeO23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe--End of file - 9504 bytes Link to post Share on other sites
rmurphy Posted June 29, 2008 Report Share Posted June 29, 2008 Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.Please download ComboFix from Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combofix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**-Ryan Link to post Share on other sites
francis Posted July 1, 2008 Author Report Share Posted July 1, 2008 Hi RyanThank you for responding. here is a combofix log report followed by a hijackthis report.ComboFix 08-06-30.2 - Dialtech 2008-07-01 8:22:57.1 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.460 [GMT 2:00]Running from: C:\Documents and Settings\Dialtech\Desktop\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Dialtech\Application Data\macromedia\Flash Player\#SharedObjects\8RPCZHYV\iforex.comC:\Documents and Settings\Dialtech\Application Data\macromedia\Flash Player\#SharedObjects\8RPCZHYV\iforex.com\Emerp\Events\flash_object.swf\user_data.solC:\Documents and Settings\Dialtech\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.comC:\Documents and Settings\Dialtech\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.solC:\Program Files\InternetSoftware\InternetSoftware-1.dllC:\Program Files\InternetSoftware\pcre3.dllC:\Program Files\InternetSoftware\uninstall.exe.((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))).2008-06-23 18:54 . 2008-06-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro2008-06-20 15:43 . 2008-03-15 16:34 802,816 --a------ C:\WINDOWS\system32\IT_Engine.dll2008-06-20 15:43 . 2000-06-19 10:05 421,891 --a------ C:\WINDOWS\system32\Vsflex7L.ocx2008-06-20 15:43 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL2008-06-20 15:43 . 2007-12-12 17:01 73,728 --a------ C:\WINDOWS\system32\CommXPCtrl.ocx2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-27 06:02 290,912 ----a-w C:\WINDOWS\xcopy.bin2008-05-12 19:08 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\DivX2008-05-12 19:05 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\Yahoo!2008-05-12 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion2008-05-12 19:04 --------- d-----w C:\Program Files\Yahoo!2008-05-12 19:04 --------- d-----w C:\Program Files\DivX2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2008-02-25 15:21 190 ----a-w C:\Program Files\Common Files\psasetup.log.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 10:25 225280]"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 15:41 49520]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 13:02 786521]"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-03 03:14 61440]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 16:13 106496]"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2008-02-24 22:10 37232]"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2008-02-24 22:10 33136]"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 17:42 376921]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 19:13 580096]"WHITNEY_S2P"="C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 08:35 229376]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 10:28 219136]C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\Dialtech\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\bin\w3dbsmgr.exe [2007-04-15 13:43:14 112208][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\PVSW\\bin\\w3dbsmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Lantronix\\DeviceInstaller\\DeviceInstaller.exe"="C:\\Program Files\\Microsoft ActiveSync\\RAPIMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 23:42]R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 09:50]R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 03:40]R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 19:52]S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a74fad96-0edc-11dd-8883-001d60b07209}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe*Newly Created Service* - CATCHME[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb.Contents of the 'Scheduled Tasks' folder"2008-06-26 01:00:02 C:\WINDOWS\Tasks\RegCure.job"- C:\Documents and Settings\Dialtech\Desktop\RegCure\RegCure.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-01 08:24:22Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-01 8:24:41ComboFix-quarantined-files.txt 2008-07-01 06:24:40Pre-Run: 29,403,774,976 bytes freePost-Run: 29,931,569,152 bytes free132 --- E O F --- 2008-06-21 06:59:27Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:29:31 AM, on 2008/07/01Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\ATKOSD2\ATKOSD2.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\ATK Media\DMEDIA.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\Power4 Gear\BatteryLife.exeC:\WINDOWS\system32\ASUSTPE.exeC:\WINDOWS\ASScrPro.exeC:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\WINDOWS\system32\ACEngSvr.exeC:\WINDOWS\system32\ctfmon.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PVSW\bin\w3dbsmgr.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\ATK Hotkey\ATKOSD.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\ATK Hotkey\KBFiltr.exeC:\Program Files\ATK Hotkey\WDC.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\StkCSrv.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')O4 - Startup: CCC.lnk = ?O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.asus.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cabO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeO23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe--End of file - 8524 bytesSo far it seems to be running better. there has not been any pop ups as yet but please reply if there is something else.I saw that there is not a recovery console please respond to this.Francis Link to post Share on other sites
rmurphy Posted July 1, 2008 Report Share Posted July 1, 2008 Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.I would also like to see an Uninstall List:Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-Ryan Link to post Share on other sites
francis Posted July 2, 2008 Author Report Share Posted July 2, 2008 Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.I would also like to see an Uninstall List:Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)-RyanHi RyanI did the download from microsoft.Dropped the setup file in the combofix.exe file and agreed to end user agreement.When it was done it asked me if to continue scanning or not and i pressed ok to continue scanning.There wasn't a CF_RC.txt file after the scan....Was this right?I also did the uninstall list,here it is as follows:Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Adobe Flash Player ActiveXAdobe Reader 8.1.2ASUS InstantFunASUS Live UpdateASUS Splendid Video Enhancement TechnologyASUS Touch Pad ExtraAsus_Camera_ScreenSaverAtheros Client Installation ProgramATI - Software Uninstall UtilityATI Catalyst Control CenterATI Display DriverATI Parental Control & EncoderATK HotkeyATK MediaATKOSD2AVG 7.5Compatibility Pack for the 2007 Office systemFBrowsingAdvisorGoogle Toolbar for Internet ExplorerGoogle Toolbar for Internet ExplorerHijackThis 2.0.2Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows XP (KB909394)Hotfix for Windows XP (KB914440)Hotfix for Windows XP (KB915865)Hotfix for Windows XP (KB918005)Hotfix for Windows XP (KB935448)Installation_ToolJava 6 Update 3Java SE Runtime Environment 6Lantronix DeviceInstallerLifeFrame2Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Hotfix (KB928366)Microsoft .NET Framework 2.0 Service Pack 1Microsoft ActiveSyncMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Professional Edition 2003Motorola SM56 Speakerphone ModemMSNMSXML 4.0 SP2 (KB936181)NB ProbeNoAdware v5.0OfficeServ Manager Launch Pad UninstallPastel Xpress 2007Pervasive System AnalyzerPervasive.SQL 9.60 Workgroup for WindowsPL-2303 USB-to-SerialPower4 GearReadiris Pro 9Realtek High Definition Audio DriverRealtek USB 2.0 Card ReaderSamsung SCX-4x21 SeriesSecurity Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB900725)Security Update for Windows XP (KB901017)Security Update for Windows XP (KB902400)Security Update for Windows XP (KB905414)Security Update for Windows XP (KB905749)Security Update for Windows XP (KB911562)Security Update for Windows XP (KB913580)Security Update for Windows XP (KB914388)Security Update for Windows XP (KB914389)Security Update for Windows XP (KB917344)Security Update for Windows XP (KB918118)Security Update for Windows XP (KB918439)Security Update for Windows XP (KB919007)Security Update for Windows XP (KB920213)Security Update for Windows XP (KB920670)Security Update for Windows XP (KB920683)Security Update for Windows XP (KB920685)Security Update for Windows XP (KB922819)Security Update for Windows XP (KB923191)Security Update for Windows XP (KB923414)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB923980)Security Update for Windows XP (KB924270)Security Update for Windows XP (KB924496)Security Update for Windows XP (KB924667)Security Update for Windows XP (KB925902)Security Update for Windows XP (KB926255)Security Update for Windows XP (KB926436)Security Update for Windows XP (KB927779)Security Update for Windows XP (KB927802)Security Update for Windows XP (KB928255)Security Update for Windows XP (KB928843)Security Update for Windows XP (KB929123)Security Update for Windows XP (KB930178)Security Update for Windows XP (KB931261)Security Update for Windows XP (KB931784)Security Update for Windows XP (KB932168)Security Update for Windows XP (KB933729)Security Update for Windows XP (KB935839)Security Update for Windows XP (KB935840)Security Update for Windows XP (KB936021)Security Update for Windows XP (KB937894)Security Update for Windows XP (KB938127)Security Update for Windows XP (KB938829)Security Update for Windows XP (KB941202)Security Update for Windows XP (KB941568)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB941644)Security Update for Windows XP (KB941693)Security Update for Windows XP (KB943055)Security Update for Windows XP (KB943460)Security Update for Windows XP (KB943485)Security Update for Windows XP (KB944533)Security Update for Windows XP (KB944653)Security Update for Windows XP (KB945553)Security Update for Windows XP (KB946026)Security Update for Windows XP (KB948590)Security Update for Windows XP (KB948881)Security Update for Windows XP (KB950749)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)SmarThru 4SmarThru PC FaxSpyware Doctor 5.0Striata ReaderSynaptics Pointing Device DriverUpdate for Windows XP (KB898461)Update for Windows XP (KB900485)Update for Windows XP (KB904942)Update for Windows XP (KB908531)Update for Windows XP (KB911164)Update for Windows XP (KB911280)Update for Windows XP (KB916595)Update for Windows XP (KB920872)Update for Windows XP (KB922582)Update for Windows XP (KB927891)Update for Windows XP (KB930916)Update for Windows XP (KB932823-v3)Update for Windows XP (KB936357)Update for Windows XP (KB938828)Update for Windows XP (KB942763)Update for Windows XP (KB942840)USB2.0 1.3M WebCamWindows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Media Format RuntimeWindows Media Player 10Windows Media Player 10 Hotfix - KB894476Windows XP Hotfix - KB886185WinFlashWireless Console 2Yahoo! ToolbarHere is also the hijackthis report that was run after the install of recovery console:ComboFix 08-06-30.2 - Dialtech 2008-07-02 15:27:07.2 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447 [GMT 2:00]Running from: C:\Documents and Settings\Dialtech\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Dialtech\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point.((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))).2008-06-23 18:54 . 2008-06-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro2008-06-20 15:43 . 2008-03-15 16:34 802,816 --a------ C:\WINDOWS\system32\IT_Engine.dll2008-06-20 15:43 . 2000-06-19 10:05 421,891 --a------ C:\WINDOWS\system32\Vsflex7L.ocx2008-06-20 15:43 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL2008-06-20 15:43 . 2007-12-12 17:01 73,728 --a------ C:\WINDOWS\system32\CommXPCtrl.ocx2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-02 13:02 290,912 ----a-w C:\WINDOWS\xcopy.bin2008-05-12 19:08 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\DivX2008-05-12 19:05 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\Yahoo!2008-05-12 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion2008-05-12 19:04 --------- d-----w C:\Program Files\Yahoo!2008-05-12 19:04 --------- d-----w C:\Program Files\DivX2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2008-02-25 15:21 190 ----a-w C:\Program Files\Common Files\psasetup.log.((((((((((((((((((((((((((((( snapshot@2008-07-01_ 8.24.33.40 ))))))))))))))))))))))))))))))))))))))))).- 2008-07-01 05:56:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-02 12:56:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 10:25 225280]"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 15:41 49520]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 13:02 786521]"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-03 03:14 61440]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 16:13 106496]"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2008-02-24 22:10 37232]"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2008-02-24 22:10 33136]"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 17:42 376921]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 19:13 580096]"WHITNEY_S2P"="C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 08:35 229376]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 10:28 219136]C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\Dialtech\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\bin\w3dbsmgr.exe [2007-04-15 13:43:14 112208][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\PVSW\\bin\\w3dbsmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Lantronix\\DeviceInstaller\\DeviceInstaller.exe"="C:\\Program Files\\Microsoft ActiveSync\\RAPIMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 23:42]R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 09:50]R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 03:40]R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 19:52]S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a74fad96-0edc-11dd-8883-001d60b07209}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb.Contents of the 'Scheduled Tasks' folder"2008-06-26 01:00:02 C:\WINDOWS\Tasks\RegCure.job"- C:\Documents and Settings\Dialtech\Desktop\RegCure\RegCure.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-02 15:28:12Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-02 15:28:31ComboFix-quarantined-files.txt 2008-07-02 13:28:30ComboFix2.txt 2008-07-01 06:24:44Pre-Run: 29,900,177,408 bytes freePost-Run: 29,902,438,400 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetectC:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons134 --- E O F --- 2008-06-21 06:59:27I also had to reboot the pc because it would not let me go onto the internet...Sorry!!!Regards,Francis Link to post Share on other sites
rmurphy Posted July 2, 2008 Report Share Posted July 2, 2008 That looks good. Let's see if this detects anything.== Clear Temporary Files ==Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.== Clear System Restore==Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computerPlease reboot your computer before continuing.== Kaspersky Web Scanner ==Please do an online scan with Kaspersky WebScannerYou will need to use Internet Explorer to do thisClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.== Request Logs ==Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.-Ryan Link to post Share on other sites
francis Posted July 3, 2008 Author Report Share Posted July 3, 2008 That looks good. Let's see if this detects anything.== Clear Temporary Files ==Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.== Clear System Restore==Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computerPlease reboot your computer before continuing.== Kaspersky Web Scanner ==Please do an online scan with Kaspersky WebScannerYou will need to use Internet Explorer to do thisClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.== Request Logs ==Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.-RyanHi RyanHere is the Kaspersky log:Thursday, July 3, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Thursday, July 03, 2008 16:13:27Records in database: 910775Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\D:\E:\F:\ Scan statistics Files scanned 46372 Threat name 3 Infected objects 5 Suspicious objects 0 Duration of the scan 00:45:03 File name Threat name Threats count C:\Documents and Settings\Dialtech\My Documents\Call Manager\CMSi.msi Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 2 C:\Documents and Settings\Dialtech\My Documents\Music Downloads\wheeping josh groban.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1 C:\Program Files\InternetSoftware\InternetSoftware-2.dll Infected: not-a-virus:AdWare.Win32.Agent.bjb 1 C:\QooBox\Quarantine\C\Program Files\InternetSoftware\InternetSoftware-1.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bjb 1 The selected area was scanned. And here is the Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:42:21 PM, on 2008/07/03Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\ATKOSD2\ATKOSD2.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\ATK Media\DMEDIA.EXEC:\Program Files\ASUS\ASUS Live Update\ALU.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\WINDOWS\System32\StkCSrv.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\Power4 Gear\BatteryLife.exeC:\Program Files\Wireless Console 2\wcourier.exeC:\Program Files\ATK Hotkey\ATKOSD.exeC:\WINDOWS\system32\ASUSTPE.exeC:\WINDOWS\ASScrPro.exeC:\Program Files\Atheros\ACU.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ACEngSvr.exeC:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\Program Files\ATK Hotkey\KBFiltr.exeC:\Program Files\ATK Hotkey\WDC.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\PVSW\bin\w3dbsmgr.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')O4 - Startup: CCC.lnk = ?O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.asus.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cabO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeO23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe--End of file - 8692 bytesRegardsFrancis Link to post Share on other sites
rmurphy Posted July 3, 2008 Report Share Posted July 3, 2008 1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\Documents and Settings\Dialtech\My Documents\Music Downloads\wheeping josh groban.mp3Folder::C:\Program Files\InternetSoftware\3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis logand let me know how the computer is running.-Ryan Link to post Share on other sites
francis Posted July 4, 2008 Author Report Share Posted July 4, 2008 1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\Documents and Settings\Dialtech\My Documents\Music Downloads\wheeping josh groban.mp3Folder::C:\Program Files\InternetSoftware\3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis logand let me know how the computer is running.-RyanHi RyanHere are the logs for Combofix.txt:ComboFix 08-06-30.2 - Dialtech 2008-07-04 8:23:52.4 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.460 [GMT 2:00]Running from: C:\Documents and Settings\Dialtech\Desktop\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))).2008-06-23 18:54 . 2008-06-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro2008-06-20 15:43 . 2008-03-15 16:34 802,816 --a------ C:\WINDOWS\system32\IT_Engine.dll2008-06-20 15:43 . 2000-06-19 10:05 421,891 --a------ C:\WINDOWS\system32\Vsflex7L.ocx2008-06-20 15:43 . 1998-07-22 00:00 102,912 --a------ C:\WINDOWS\system32\VB6STKIT.DLL2008-06-20 15:43 . 2007-12-12 17:01 73,728 --a------ C:\WINDOWS\system32\CommXPCtrl.ocx2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 07:38 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-02 13:02 290,912 ----a-w C:\WINDOWS\xcopy.bin2008-05-12 19:08 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\DivX2008-05-12 19:05 --------- d-----w C:\Documents and Settings\Dialtech\Application Data\Yahoo!2008-05-12 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion2008-05-12 19:04 --------- d-----w C:\Program Files\Yahoo!2008-05-12 19:04 --------- d-----w C:\Program Files\DivX2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2008-02-25 15:21 190 ----a-w C:\Program Files\Common Files\psasetup.log.((((((((((((((((((((((((((((( snapshot@2008-07-01_ 8.24.33.40 ))))))))))))))))))))))))))))))))))))))))).- 2008-07-01 05:56:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-07-04 05:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 20:00 15360]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 10:25 225280]"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 08:27 61440]"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007-07-19 15:41 49520]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 13:02 786521]"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-07-10 10:59 851968]"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-03 03:14 61440]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 10:31 630784]"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01 90112]"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 16:53 1040384]"ASUSTPE"="C:\WINDOWS\system32\ASUSTPE.exe" [2007-01-16 16:13 106496]"ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2008-02-24 22:10 37232]"ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2008-02-24 22:10 33136]"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 17:42 376921]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 19:13 580096]"WHITNEY_S2P"="C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2006-03-27 08:35 229376]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 16269312 C:\WINDOWS\RTHDCPL.exe]"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-25 10:28 219136]C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\Dialtech\Start Menu\Programs\Startup\CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\bin\w3dbsmgr.exe [2007-04-15 13:43:14 112208][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\PVSW\\bin\\w3dbsmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Lantronix\\DeviceInstaller\\DeviceInstaller.exe"="C:\\Program Files\\Microsoft ActiveSync\\RAPIMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 23:42]R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 09:50]R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-10 00:07]R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-06 03:40]R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 19:52]S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a74fad96-0edc-11dd-8883-001d60b07209}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL driver.exe*Newly Created Service* - CATCHME[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb.Contents of the 'Scheduled Tasks' folder"2008-06-26 01:00:02 C:\WINDOWS\Tasks\RegCure.job"- C:\Documents and Settings\Dialtech\Desktop\RegCure\RegCure.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-04 08:24:34Windows 5.1.2600 Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-04 8:24:50ComboFix-quarantined-files.txt 2008-07-04 06:24:50ComboFix4.txt 2008-07-01 06:24:44ComboFix3.txt 2008-07-02 13:28:34ComboFix2.txt 2008-07-04 06:22:42Pre-Run: 34,149,138,432 bytes freePost-Run: 34,134,884,352 bytes free128 --- E O F --- 2008-06-21 06:59:27Here is the log for Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:25:57 AM, on 2008/07/04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\ATKOSD2\ATKOSD2.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\ATK Media\DMEDIA.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\Power4 Gear\BatteryLife.exeC:\WINDOWS\system32\ASUSTPE.exeC:\WINDOWS\ASScrPro.exeC:\WINDOWS\system32\ACEngSvr.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\Program Files\ATK Hotkey\ATKOSD.exeC:\WINDOWS\system32\ctfmon.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PVSW\bin\w3dbsmgr.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\ATK Hotkey\KBFiltr.exeC:\Program Files\ATK Hotkey\WDC.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\StkCSrv.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')O4 - Startup: CCC.lnk = ?O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.asus.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cabO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeO23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe--End of file - 8486 bytesComputer seems to be working well.REgardsFrancis Link to post Share on other sites
rmurphy Posted July 4, 2008 Report Share Posted July 4, 2008 Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.-Ryan Link to post Share on other sites
francis Posted July 6, 2008 Author Report Share Posted July 6, 2008 Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.-RyanHi RyanHere is the Malwarebytes log:Malwarebytes' Anti-Malware 1.19Database version: 926Windows 5.1.2600 Service Pack 210:40:55 AM 2008/07/06mbam-log-7-6-2008 (10-40-55).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 81291Time elapsed: 11 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\internetsoftware.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.Files Infected:C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.Hope all is well....Just one more thing: When i do a scan with AVG free there are a couple of things that it picks up but they are not viruses....RegardsFRancis Link to post Share on other sites
rmurphy Posted July 6, 2008 Report Share Posted July 6, 2008 If you could tell me what it's detecting, I will be able to tell you why.How's the computer working?== Clear Temporary Files ==Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.== Clear System Restore==Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computerPlease reboot your computer before continuing.== Kaspersky Web Scanner ==Please do an online scan with Kaspersky WebScannerYou will need to use Internet Explorer to do thisClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.== Request Logs ==Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.-Ryan Link to post Share on other sites
francis Posted July 7, 2008 Author Report Share Posted July 7, 2008 If you could tell me what it's detecting, I will be able to tell you why.How's the computer working?== Clear Temporary Files ==Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.== Clear System Restore==Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computerPlease reboot your computer before continuing.== Kaspersky Web Scanner ==Please do an online scan with Kaspersky WebScannerYou will need to use Internet Explorer to do thisClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.== Request Logs ==Please post the log from the Kaspersky scan, along with a new HiJack This log, and let me know how the computer is running.-RyanHi RyanThere was no report on the Kaspersky scan.I don't think it picked up anything... But here is a new hijackthis report:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:17:38 PM, on 2008/07/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Program Files\ATKOSD2\ATKOSD2.exeC:\Program Files\ATK Hotkey\Hcontrol.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\ATK Media\DMEDIA.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ASUS\Splendid\ACMON.exeC:\Program Files\ASUS\NB Probe\SPM\spmgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ATK Hotkey\ATKOSD.exeC:\WINDOWS\System32\StkCSrv.exeC:\Program Files\ASUS\Power4 Gear\BatteryLife.exeC:\Program Files\Wireless Console 2\wcourier.exeC:\WINDOWS\system32\ASUSTPE.exeC:\WINDOWS\ASScrPro.exeC:\Program Files\Atheros\ACU.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ACEngSvr.exeC:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeC:\Program Files\ATK Hotkey\KBFiltr.exeC:\WINDOWS\system32\ctfmon.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATK Hotkey\WDC.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\PVSW\bin\w3dbsmgr.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [WHITNEY_S2P] C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')O4 - Startup: CCC.lnk = ?O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.asus.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cabO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exeO23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe--End of file - 8710 bytesThanks Francis Link to post Share on other sites
rmurphy Posted July 7, 2008 Report Share Posted July 7, 2008 Congratulations, your log is clean For information on how to protect yourself in the future, read Infection PreventionDo you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-Ryan Link to post Share on other sites
francis Posted July 8, 2008 Author Report Share Posted July 8, 2008 Congratulations, your log is clean For information on how to protect yourself in the future, read Infection PreventionDo you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-RyanHi RyanThank you so much for the help.You have been great.Hopefully it won't come back any time soon.Just one mor thing, That AVG test result that i asked you before this is what it picks up:HControl.exe reading error c:\ programfiles\ATKHotkey\HControl.exeKernel32.dll Change c:\Programfiles\System32\Kernel32.dllUser32.dll Change C:\Programfiles\System32\User32.dllShell32.dll Change C:\Programfiles\System32\Shell.dllNtoskrnl.dll Change C:\Programfiles\System32\Ntoskrnl32.dllPlease could you let me know what the problem is.Thanks Francis Link to post Share on other sites
rmurphy Posted July 8, 2008 Report Share Posted July 8, 2008 I wouldn't worry about that. The files were probably in use, or some other condition that prevented AVG from scanning the files.-Ryan Link to post Share on other sites
rmurphy Posted July 22, 2008 Report Share Posted July 22, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts