We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
HJT Log Please
tomsolomon
Posts: 3,613 Forumite
in Techie Stuff
Having problems with a laptop. PB Easynote. On startup get a message,,,,
"Project1".. plus varying error codes. Have read its particularly nasty malware.. Tried Malwarebytes, Adaware, Avira, Ccleaner, and a few other online scans. done a desktop search and reg scan for the .exe, can't find it.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:18, on 02/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]file:///C:/APPS/IE/offline/uk.htm[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [DefUser] C:\Drivers\DefUser.exe Replace
O4 - HKLM\..\Run: [NECLaunch] C:\Windows\System32\REC.HTA
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7023 bytes
"Project1".. plus varying error codes. Have read its particularly nasty malware.. Tried Malwarebytes, Adaware, Avira, Ccleaner, and a few other online scans. done a desktop search and reg scan for the .exe, can't find it.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:18, on 02/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]file:///C:/APPS/IE/offline/uk.htm[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [DefUser] C:\Drivers\DefUser.exe Replace
O4 - HKLM\..\Run: [NECLaunch] C:\Windows\System32\REC.HTA
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7023 bytes
To travel at the speed of light, one must first become light.....
0
Comments
-
Can you please open Malwarebytes and goto LOGS and post the WHOLE log (Even though it was clean)
TICK these in hijack and FIX them ~
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NECLaunch] C:\Windows\System32\REC.HTA
Please run COMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download:idea:0 -
Here we go Combofix first....
ComboFix 09-06-01.03 - Steve 03/06/2009 7:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.494 [GMT 1:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Redemption.ECF
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-06-03 05:54 . 2009-06-03 06:07
d
w- c:\documents and settings\Steve\Application Data\Skype
2009-06-03 04:59 . 2009-06-03 05:55
d
w- c:\documents and settings\Steve\Application Data\Ulead Systems
2009-06-03 02:24 . 2009-06-03 02:24
d
w- c:\documents and settings\Steve\Application Data\Sonic
2009-06-03 02:24 . 2009-06-03 02:24
d
w- c:\documents and settings\Steve\Application Data\Leadertech
2009-06-02 22:47 . 2009-06-02 22:47
d
w- c:\documents and settings\Steve\Application Data\OD2
2009-06-02 22:43 . 2009-06-02 22:43
d
w- c:\documents and settings\Steve\Application Data\URSoft
2009-06-02 22:43 . 2009-06-02 22:44
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 22:43 . 2009-06-02 22:44
d
w- c:\program files\Your Uninstaller 2008
2009-06-02 21:55 . 2009-06-02 21:55
d
w- c:\program files\Trend Micro
2009-06-02 20:46 . 2009-06-02 20:46
d-sh--w- c:\documents and settings\Steve\PrivacIE
2009-06-02 20:35 . 2009-06-02 20:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-02 20:35 . 2008-11-13 14:18 69008 ----a-w- c:\windows\system32\zlcomm.dll
2009-06-02 20:35 . 2008-11-13 14:18 106384 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-02 20:35 . 2008-11-13 14:18 1221008 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-02 20:35 . 2009-06-02 20:35
d
w- c:\windows\system32\ZoneLabs
2009-06-02 20:35 . 2009-06-02 20:35
d
w- c:\program files\Zone Labs
2009-06-02 20:26 . 2009-06-03 06:31
d
w- c:\windows\Internet Logs
2009-06-02 20:15 . 2009-06-02 20:15
d
w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-06-02 19:42 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 19:42 . 2009-06-02 19:42
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 19:42 . 2009-06-02 19:45
d
w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 19:20 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 11:53 . 2009-06-02 11:53
d
w- c:\windows\system32\DRVSTORE
2009-06-02 11:53 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-02 11:50 . 2009-01-18 21:43 2892112 ----a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-02 11:50 . 2009-06-02 11:53
d
w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-02 10:08 . 2009-06-02 10:08
d
w- c:\windows\system32\drivers\UMDF
2009-06-02 10:08 . 2009-06-02 10:08
d
w- c:\windows\system32\LogFiles
2009-06-02 09:52 . 2009-06-02 09:52
d-sh--w- c:\documents and settings\Steve\IETldCache
2009-06-02 09:43 . 2009-06-02 09:43
d
w- c:\windows\system32\XPSViewer
2009-06-02 09:43 . 2009-06-02 09:43
d
w- c:\program files\MSBuild
2009-06-02 09:43 . 2009-06-02 09:43
d
w- c:\program files\Reference Assemblies
2009-06-02 09:42 . 2008-07-06 12:06 89088
w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-02 09:42 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2009-06-02 09:42 . 2008-07-06 12:06 575488
w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-02 09:42 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2009-06-02 09:42 . 2008-07-06 12:06 1676288
w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-02 09:42 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2009-06-02 09:42 . 2008-07-06 10:50 597504
w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-02 09:42 . 2009-06-02 09:42
d
w- C:\92bd9c8916e64e3a5fd2a1
2009-06-02 09:37 . 2009-06-02 09:37
d
w- c:\windows\ie8updates
2009-06-02 09:37 . 2009-05-12 05:11 102912
w- c:\windows\system32\dllcache\iecompat.dll
2009-06-02 09:36 . 2009-06-02 09:37
d--h--w- c:\windows\ie8
2009-06-02 01:30 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-02 01:30 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-02 01:30 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-02 01:30 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-02 01:30 . 2009-06-02 01:30
d
w- c:\program files\Avira
2009-06-02 01:30 . 2009-06-02 01:30
d
w- c:\documents and settings\All Users\Application Data\Avira
2009-06-02 00:56 . 2009-06-02 00:56
d
w- c:\windows\system32\scripting
2009-06-02 00:56 . 2009-06-02 00:56
d
w- c:\windows\system32\en
2009-06-02 00:56 . 2009-06-02 00:56
d
w- c:\windows\l2schemas
2009-06-02 00:56 . 2009-06-02 00:56
d
w- c:\windows\system32\bits
2009-06-02 00:54 . 2009-06-02 00:54
d
w- c:\windows\ServicePackFiles
2009-06-02 00:47 . 2009-06-02 00:47
d
w- c:\windows\EHome
2009-06-02 00:39 . 2004-08-03 21:29 73216
w- c:\windows\system32\drivers\atintuxx.sys
2009-06-02 00:34 . 2009-06-02 19:41
d--h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-02 00:30 . 2009-06-02 00:30
d
w- c:\program files\CCleaner
2009-06-01 23:57 . 2009-06-01 23:55 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-01 23:54 . 2009-06-01 23:58
d
w- c:\documents and settings\Administrator\.housecall6.6
2009-06-01 23:54 . 2009-06-01 23:54
d
w- c:\windows\Sun
2009-06-01 23:54 . 2009-06-01 23:54
d
w- C:\Sun
2009-06-01 23:40 . 2009-06-02 13:59
d
w- c:\documents and settings\Administrator
2009-06-01 23:30 . 2008-06-13 11:05 272128
w- c:\windows\system32\dllcache\bthport.sys
2009-06-01 23:18 . 2008-05-08 14:02 203136
w- c:\windows\system32\dllcache\rmcast.sys
2009-06-01 23:18 . 2008-10-24 11:21 455296
w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-01 23:17 . 2008-12-11 10:57 333952
w- c:\windows\system32\dllcache\srv.sys
2009-06-01 23:17 . 2008-05-01 14:33 331776
w- c:\windows\system32\dllcache\msadce.dll
2009-06-01 23:17 . 2008-04-11 19:04 691712
w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-01 23:16 . 2009-06-01 23:16
d-sh--w- c:\documents and settings\Steve\UserData
2009-06-01 23:15 . 2009-06-02 11:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-01 22:56 . 2008-10-03 10:02 247326
w- c:\windows\system32\dllcache\strmdll.dll
2009-06-01 22:56 . 2008-10-15 16:34 337408
w- c:\windows\system32\dllcache\netapi32.dll
2009-06-01 22:56 . 2008-09-04 17:15 1106944
w- c:\windows\system32\dllcache\msxml3.dll
2009-06-01 22:55 . 2008-05-03 11:55 2560
w- c:\windows\system32\xpsp4res.dll
2009-06-01 22:55 . 2008-04-21 12:08 215552
w- c:\windows\system32\dllcache\wordpad.exe
2009-06-01 22:35 . 2006-09-11 15:33
d
w- c:\windows\system32\config\systemprofile\Application Data\AOL
2009-06-01 22:35 . 2006-09-11 15:19
d
w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2009-06-01 22:35 . 2006-09-11 15:04
d
w- c:\windows\system32\config\systemprofile\Application Data\ATITo travel at the speed of light, one must first become light.....0 -
Part 2....
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 05:54 . 2007-05-01 12:53
d
w- c:\program files\PokerStars.NET
2009-06-02 20:24 . 2007-05-24 10:48
d
w- c:\program files\VideoEgg
2009-06-02 09:57 . 2004-08-10 15:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 09:54 . 2009-06-01 22:36 53744 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 01:23 . 2006-09-11 15:23
d
w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-02 01:23 . 2006-09-11 15:23
d
w- c:\program files\Common Files\Symantec Shared
2009-06-02 01:23 . 2008-09-28 18:11
d
w- c:\program files\Symantec
2009-06-01 22:37 . 2009-06-01 22:36 128 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\fusioncache.dat
2009-03-25 05:29 . 2006-01-18 17:41 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-03-08 03:34 . 2004-08-10 15:38 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-10 15:37 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-10 15:37 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-10 15:38 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-10 15:37 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-10 15:37 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-10 15:37 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-10 15:38 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-10 15:38 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-10 15:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 15:38 284160 ----a-w- c:\windows\system32\pdh.dll
2007-05-03 13:01 . 2007-05-03 13:01 4197784 ----a-w- c:\program files\ChipVault-BetZip-Poker.exe
2007-04-11 14:43 . 2007-04-11 14:32 1094021 ----a-w- c:\program files\dvdshrink32setup1.zip
2007-04-05 17:20 . 2007-04-05 17:20 241 ----a-w- c:\program files\ultimate_calc1.zip
2007-02-27 08:00 . 2007-02-27 08:00 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-16 19:07 . 2007-02-16 17:23 199874112 ----a-w- c:\program files\Nero-7.7.5.1_eng_trial.exe
2007-02-15 20:37 . 2007-02-15 20:37 3299208 ----a-w- c:\program files\PFCSetup1.0.127.exe
2007-02-12 12:11 . 2007-02-12 12:11 5186048 ----a-w- c:\program files\WindowsDefender.msi
2007-01-17 11:55 . 2007-01-17 11:54 157990992 ----a-w- c:\program files\Nero-7.5.9.0A_eng_no_atb.exe
2007-01-13 00:56 . 2007-01-13 00:55 16332072 ----a-w- c:\program files\Install_Messenger_nous.exe
2006-11-22 21:23 . 2006-11-22 21:22 3800811 ----a-w- c:\program files\wace265i.exe
2006-11-22 17:54 . 2006-11-22 17:54 645680 ----a-w- c:\program files\uTorrent-1.6-install.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-11 26112]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02/06/2009 12:53 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/06/2009 02:30 108289]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [02/06/2009 20:42 40160]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
Supplementary Scan
.
uStart Page = [URL]file:///C:/APPS/IE/offline/uk.htm[/URL]
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 07:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-03 7:35
ComboFix-quarantined-files.txt 2009-06-03 06:35
Pre-Run: 37,601,513,472 bytes free
Post-Run: 37,926,227,968 bytes free
209 --- E O F --- 2009-06-03 02:05To travel at the speed of light, one must first become light.....0 -
And malwarebytes...
Malwarebytes' Anti-Malware 1.37
Database version: 2214
Windows 5.1.2600 Service Pack 3
03/06/2009 06:39:49
mbam-log-2009-06-03 (06-39-49).txt
Scan type: Quick Scan
Objects scanned: 17527
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)To travel at the speed of light, one must first become light.....0 -
Can you please update malwarebytes and run a FULL scan this time (And post the log):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.1K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178K Life & Family
- 260.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards