Jump to content

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:30:55, on 26/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\OPS\PE GUARD\peg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PE GUARD] C:\Program Files\OPS\PE GUARD\PEG.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.pps.tv

O15 - Trusted Zone: http://*.ppstream.com

O15 - Trusted Zone: http://*.webscache.com

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O15 - ESC Trusted Zone: http://*.pps.tv

O15 - ESC Trusted Zone: http://*.ppstream.com

O15 - ESC Trusted Zone: http://*.webscache.com

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ipp - (no CLSID) - (no file)

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll

O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll

O18 - Protocol: msdaipp - (no CLSID) - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll

O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour ?? (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod ?? (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 7737 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by abc at 1:14:37 on 2011-05-28

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.3036.2187 [GMT 8:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\OPS\PE GUARD\PEG.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\conime.exe

C:\Documents and Settings\abc\??\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://hk.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PE GUARD] c:\program files\ops\pe guard\PEG.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-25 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-25 17744]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-3-16 1787128]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-28 54752]

R2 PEG;PEG;c:\program files\ops\pe guard\PEG.sys [2009-10-10 10368]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-4-1 514560]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2010-4-2 4864]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-4-2 52128]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-12-3 43608]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-4-29 27632]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-19 1684736]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-6-14 23456]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-4-28 86696]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-4-28 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-4-28 114472]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-4-28 108200]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-4-28 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-4-28 104616]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-4-28 109736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-4-29 90112]

.

=============== Created Last 30 ================

.

2011-05-18 15:37:11 -------- d-----w- C:\AE fx

2011-05-18 14:50:24 -------- d-----w- c:\documents and settings\abc\application data\Any Video Converter

2011-05-18 14:50:22 -------- d-----w- c:\program files\Any Video Converter

2011-05-18 14:36:36 -------- d-----w- C:\Sunset Footage

2011-05-17 17:52:02 -------- d-----w- C:\SoundFX

2011-05-16 16:57:57 -------- d-----w- c:\documents and settings\abc\local settings\application data\WMTools Downloaded Files

2011-05-16 14:32:08 -------- d-----w- C:\music

2011-05-16 13:58:11 -------- d-----w- c:\documents and settings\abc\application data\MPEG Streamclip

2011-05-15 05:56:16 -------- d-----w- c:\program files\NCH Software

2011-05-15 05:56:13 -------- d-----w- c:\documents and settings\abc\application data\NCH Software

2011-05-13 18:38:24 -------- d-----w- c:\program files\Microsoft Expression

.

==================== Find3M ====================

.

2011-03-21 11:56:22 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 11:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 11:55:46 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-20 18:21:29 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-03-18 17:58:02 831488 ----a-w- c:\windows\RtlExUpd.dll

2011-03-17 08:25:34 53248 ----a-w- c:\windows\system32\CSVer.dll

2011-03-16 17:19:26 45056 ----a-w- c:\windows\system32\RMDevice.dll

2011-03-07 05:33:43 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53:30 1857536 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:15:16.82 ===============

Link to post
Share on other sites

  • Staff

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

THANKS A LOT!!

ComboFix 11-05-28.01 - abc 5/2011 Mon 0:21.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.3036.2517 [GMT 8:00]

????: c:\documents and settings\abc\??\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* ????????

.

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\abc\LOCALS~1\Temp\nsnA.tmp\System.dll

c:\documents and settings\abc\Local Settings\Temp\nsnA.tmp\System.dll

c:\documents and settings\abc\WINDOWS

c:\windows\Readme.txt

.

.

((((((((((((((((((((((((( 2011-04-28 ? 2011-05-29 ????? )))))))))))))))))))))))))))))))

.

.

2011-05-18 15:37 . 2011-05-18 15:37 -------- d-----w- C:\AE fx

2011-05-18 14:50 . 2011-05-19 16:56 -------- d-----w- c:\documents and settings\abc\Application Data\Any Video Converter

2011-05-18 14:50 . 2011-05-18 15:05 -------- d-----w- c:\program files\Any Video Converter

2011-05-18 14:36 . 2011-05-18 14:48 -------- d-----w- C:\Sunset Footage

2011-05-17 17:52 . 2011-05-17 18:30 -------- d-----w- C:\SoundFX

2011-05-16 16:57 . 2011-05-16 16:57 -------- d-----w- c:\documents and settings\abc\Local Settings\Application Data\WMTools Downloaded Files

2011-05-16 14:32 . 2011-05-16 14:32 -------- d-----w- C:\music

2011-05-16 13:58 . 2011-05-16 13:58 -------- d-----w- c:\documents and settings\abc\Application Data\MPEG Streamclip

2011-05-15 08:38 . 2011-05-16 14:28 -------- d-----w- c:\documents and settings\abc\Application Data\vlc

2011-05-15 05:56 . 2011-05-15 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2011-05-15 05:56 . 2011-05-18 15:33 -------- d-----w- c:\program files\NCH Software

2011-05-15 05:56 . 2011-05-15 05:56 -------- d-----w- c:\documents and settings\abc\Application Data\NCH Software

2011-05-13 18:38 . 2011-05-19 17:06 -------- d-----w- c:\program files\Microsoft Expression

.

.

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-21 11:56 . 2011-03-21 11:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 11:56 . 2011-03-21 11:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 11:55 . 2011-03-21 11:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-20 18:21 . 2011-03-20 18:21 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-03-18 17:59 . 2011-03-18 17:59 348160 ----a-w- c:\windows\vncutil.exe

2011-03-18 17:59 . 2010-04-02 08:09 1482752 ----a-w- c:\windows\RtlUpd.exe

2011-03-18 17:59 . 2010-04-02 08:09 9715200 ----a-w- c:\windows\RTLCPL.EXE

2011-03-18 17:59 . 2010-04-02 08:09 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL

2011-03-18 17:59 . 2010-04-02 08:09 77824 ----a-w- c:\windows\SOUNDMAN.EXE

2011-03-18 17:59 . 2010-04-02 08:09 1826816 ----a-w- c:\windows\SkyTel.exe

2011-03-18 17:59 . 2010-04-02 08:09 5884416 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2011-03-18 17:59 . 2011-03-18 17:59 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2011-03-18 17:59 . 2011-03-18 17:59 122880 ----a-w- c:\windows\RtkAudioService.exe

2011-03-18 17:59 . 2010-04-02 08:09 18702336 ----a-w- c:\windows\RTHDCPL.EXE

2011-03-18 17:59 . 2011-03-18 17:59 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys

2011-03-18 17:59 . 2010-04-02 08:09 2170880 ----a-w- c:\windows\MicCal.exe

2011-03-18 17:59 . 2011-03-18 17:59 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys

2011-03-18 17:59 . 2010-04-02 08:09 57344 ----a-w- c:\windows\ALCMTR.EXE

2011-03-18 17:59 . 2010-04-02 08:09 2808832 ----a-w- c:\windows\ALCWZRD.EXE

2011-03-18 17:59 . 2010-04-02 08:09 278528 ----a-w- c:\windows\system32\ALSNDMGR.CPL

2011-03-18 17:58 . 2011-03-18 17:59 831488 ----a-w- c:\windows\RtlExUpd.dll

2011-03-17 08:25 . 2011-03-17 08:26 53248 ----a-w- c:\windows\system32\CSVer.dll

2011-03-16 17:19 . 2011-03-16 17:19 45056 ----a-w- c:\windows\system32\RMDevice.dll

2011-03-07 05:33 . 2010-04-02 07:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37 . 2004-08-04 00:47 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2004-08-04 00:41 1857536 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="c:\progra~1\PPStream\ppsap.exe" [2010-02-24 214408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PE GUARD"="c:\program files\OPS\PE GUARD\PEG.exe" [2009-10-16 1252352]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"RTHDCPL"="RTHDCPL.EXE" [2011-03-18 18702336]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-13 273544]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]

IME File REG_SZ MSTCICJA.IME

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]

IME File REG_SZ MSTCIPHA.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^abc^???????^???^??^PPS.lnk]

path=c:\documents and settings\abc\???????\???\??\PPS.lnk

backup=c:\windows\pss\PPS.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^???????^???^??^Adobe Gamma.lnk]

path=c:\documents and settings\All Users\???????\???\??\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 15:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-22 20:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2011-03-18 17:59 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-12-14 09:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2008-02-22 02:33 72192 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJIMETIPSYNC]

2007-03-22 11:17 66400 ----a-w- c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-03 22:32 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 07:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-13 23:42 163840 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 23:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIMETIPSYNC]

2007-03-22 11:17 98656 ----a-w- c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]

2010-02-24 03:25 214408 ----a-w- c:\program files\PPStream\PPSAP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2011-03-18 17:59 18702336 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 03:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-02-13 19:45 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OMSI download service"=2 (0x2)

"Scheduler"=2 (0x2)

"eLoggerSvc6"=2 (0x2)

"ACDaemon"=3 (0x3)

"ose"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"fsssvc"=3 (0x3)

"xmlprov"=3 (0x3)

"WudfSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"Wmi"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"W32Time"=3 (0x3)

"VSS"=3 (0x3)

"UPS"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"SSDPSRV"=3 (0x3)

"SCardSvr"=3 (0x3)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"napagent"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"ImapiService"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hkmsvc"=3 (0x3)

"FontCache3.0.0.0"=3 (0x3)

"EapHost"=3 (0x3)

"Dot3svc"=3 (0x3)

"dmadmin"=3 (0x3)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"Ati HotKey Poller"=2 (0x2)

"Nla"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Freemake\\Freemake Video Downloader\\FreemakeVD.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\PPStream\\PPStream.exe"=

"c:\\Program Files\\PPStream\\PPSAP.exe"=

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/6/2010 0:54 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/2/2010 2:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/5/2010 2:41 67656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/6/2010 0:54 17744]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [16/3/2009 12:28 1787128]

R2 PEG;PEG;c:\program files\OPS\PE GUARD\PEG.sys [10/10/2009 17:20 10368]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [1/4/2011 2:24 514560]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2/4/2010 16:16 4864]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/4/2010 16:13 52128]

R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3/12/2010 1:17 43608]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [29/4/2010 0:10 27632]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/3/2011 1:59 1684736]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [14/6/2010 3:01 23456]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 1:10 267568]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [28/4/2010 23:52 86696]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [28/4/2010 23:52 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [28/4/2010 23:52 114472]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [28/4/2010 23:52 108200]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [28/4/2010 23:52 26024]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [28/4/2010 23:52 104616]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [28/4/2010 23:52 109736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [29/4/2010 0:10 90112]

.

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.