Important question

Computing.Net > Forums > Security and Virus > Important question

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Important question

Name: AlwaysWillingToLearn
Date: April 19, 2007 at 05:15:05 Pacific
OS: winxp pro
CPU/Ram: p4 3.2
Product: msi

Comment:

hello all,
where can i post a Hi Jack This post, sory for wrtting it in this was, everytime i post it up it vanishes

Sponsored Link

Ads by Google

Response Number 1

Name: djnvve
Date: April 19, 2007 at 05:17:03 Pacific

Reply:

Hey,
I think you can post it up here.
I am new to this place too, but i think if u can explain the problem you are facing first mayb someone will be able to help you better & if they think you need to post HIJACKTHIS log, they will let you know.
:)

Response Number 2

Name: AlwaysWillingToLearn
Date: April 19, 2007 at 05:25:12 Pacific

Reply:

oh ok, thanks for that mate, basically my computer is being kinda slow recently, also i have been having problems with running Spybot and Lavasoft adaware, i have posted previously about this so please dnt get mad for double posting.. neither spybot or adaware complete their scans. they both crash at random times.. i have run them in safe mode too,
im running
AVG - free
ZoneAlarm pro
Winxp pro sp2
p4 3.2
1gig ddr ran dual channel
150 gig maxtor hd
i have tried many other spyware cleaners but these seemed to be the best, i have never had a problem with them before, i have gone into their settings and selected the minimual settings, i have also tried to disable all software and run, but they just keep crashing,
i ran i hijackthis scan and wanted someone to have a look at the log to see if they could notice anything suspicious?? please??
can i copy paste it here??
Thanks,

Response Number 3

Name: XpUser
Date: April 19, 2007 at 07:30:04 Pacific

Reply:

Please do not post it yet or the mod may pull the entire thread. Wait for someone to direct you to do so.
i_XpUser

Response Number 4

Name: XpUser4Real
Date: April 19, 2007 at 09:24:51 Pacific

Reply:

you could send an IM to jabuck and if he has time, he may request you to post your HJT log. He is the best in the security forum so you may wait awhile as it looks like he has quite a few threads going at once. Good Luck
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 5

Name: AlwaysWillingToLearn
Date: April 19, 2007 at 10:02:54 Pacific

Reply:

ok then brilliant, i will IM him to see if he can help, but thank you all for your help too. btw you telling me that you can post HJT logs but only if someone asks you to??? why is this??? why are we not allowed to just post them??? is it because we may end up destroying someones comp with th wrong advice or something??
cheers,

ati2dvag ati2dvag sptd.sys	sptd.sys sptd.sys sptd.sys
See More

Response Number 6

Name: XpUser
Date: April 19, 2007 at 10:03:18 Pacific

Reply:

I could have easily said "Go PM Jabuck" but I refrained from doing so for the mere reason that I believe people should come here on their free will without any burdens imposed by other.
i_XpUser

Response Number 7

Name: AlwaysWillingToLearn
Date: April 19, 2007 at 10:07:32 Pacific

Reply:

so can someone please request i post the HJT log??/ so that the mod will not remove it

Response Number 8

Name: XpUser4Real
Date: April 19, 2007 at 10:11:59 Pacific

Reply:

AlwaysWillingToLearn, it is a policy in computing.net and you should have noticed the warning when you tried posting the HJT log. Rules are rules and we all have to abide by them or else this forum would be flooded by a bunch of unfinished HJT logs.
This way, if the poster follows the directions of say a person like Jabuck, there would be a good chance that the problem will get resolved. I noticed that some people don't finish their post while being helped and that is quite discouraging to all. Hope that answers your question.
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 9

Name: AlwaysWillingToLearn
Date: April 19, 2007 at 10:16:39 Pacific

Reply:

Fair point mate, i understand thank you for ur help.

Response Number 10

Name: XpUser4Real
Date: April 19, 2007 at 10:19:24 Pacific

Reply:

at this point you could probably do what I mentioned in response 4 because now your thread has lots of replies and will probably get overlooked...it's up to you. Good luck
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 11

Name: jabuck
Date: April 20, 2007 at 14:27:29 Pacific

Reply:

Please post yur Hijack This log.

Response Number 12

Name: AlwaysWillingToLearn
Date: April 21, 2007 at 11:33:52 Pacific

Reply:

Hi all,
Here is the log, thank you for helping.
Logfile of HijackThis v1.99.1
Scan saved at 19:33:10, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Razer\razertra.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Person\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?F...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\sb\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pr...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.co...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CCS\Services\Tcpip\..\{61CA0654-D821-4A57-95D6-91EA73D9E0A4}: NameServer = 212.139.132.24 212.139.132.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Response Number 13

Name: jabuck
Date: April 21, 2007 at 13:19:23 Pacific

Reply:

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
Exit Hijack this but remain in safe mode.
Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\Advanced System Optimizer\IEHelper.dll
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click Here to download and run missingfilesetup.exe. Then try Killbox again.
Next navigate to and delete this folder if found:
C:\Program Files\Advanced System Optimizer
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Please reboot to normal mode, post the AVG AntiSpyware report and a new Hijack This log.

Response Number 14

Name: AlwaysWillingToLearn
Date: April 23, 2007 at 02:08:42 Pacific

Reply:

Right this is excellent, i have had to wait until today to do this as i wanted to print it out before i continue and i havent got a printer at home, i will do this when i get home, just one thing i want to ask tho the Advanced System Optimizer IEHelper.dll isnt that a legit thing?? i have the software so is this a virus or something??
Thansks,.

Response Number 15

Name: jabuck
Date: April 23, 2007 at 03:56:40 Pacific

Reply:

If you have the software try uninstalling it and if your troubles go away you know that was the problem, if not you can reinstall it.
Let us know if that was the problem.

Response Number 16

Name: AlwaysWillingToLearn
Date: April 23, 2007 at 14:25:04 Pacific

Reply:

Right so now i have run all the software you suggested and i found some bugs i think, i have done everything you said. although my spyware log only shows on entry twice, i had previously removed a high risk bug two days ago..
problem is spybot still refuses to complete its scan without crshing, tho my computer is runing much quicker.
any ideas about spybot?? i have reinstalled it aswell but it didnt help..
*************HJT***********
Logfile of HijackThis v1.99.1
Scan saved at 21:32:26, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Person\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?F...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\sb\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pr...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.co...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driver...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

**********AVG SPYWARE**************

AVG Anti-Spyware - Scan Report

+ Created at: 21:30:20 23/04/2007
+ Scan result:
C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup (quarantined).

::Report end

Response Number 17

Name: jabuck
Date: April 23, 2007 at 19:04:05 Pacific

Reply:

You need to update you java to keep any new infections from occuring.
Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.
Then run the following three scans.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download Fixwareout from this link
http://swandog46.geekstogo.com/Fixwareout.exe
or
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click next, then Install, then make sure "Run fixit" is checked and click finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Post a copy at the log located at C:\fixwareout\report.txt
Should you get an error message about a missing AUTOEXEC.NT file, download XP fix from this link and run it http://www.visualtour.com/downloads/ it should replace the missing C:\WINDOWS\system32\AUTOEXEC.NT file.
Then run the fixwareout again.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 18

Name: AlwaysWillingToLearn
Date: April 24, 2007 at 12:29:33 Pacific

Reply:

ok here goes with the reports
**********Smit*************
SmitFraudFix v2.171
Scan done at 20:02:07.34, 24/04/2007
Run from C:\Documents and Settings\Person\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Person

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Person\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Person\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.139.132.24
DNS Server Search Order: 212.139.132.25
HKLM\SYSTEM\CCS\Services\Tcpip\..\{61CA0654-D821-4A57-95D6-91EA73D9E0A4}: NameServer=212.139.132.24 212.139.132.25
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61CA0654-D821-4A57-95D6-91EA73D9E0A4}: NameServer=212.139.132.24 212.139.132.25

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
*************FixWare**********

Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/ind...
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\\Program Files\\Razer\\razerhid.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="C:\\Program Files\\Acesoft\\Tracks Eraser Pro\\te.exe min"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

**********Combo fix***********
"Person" - 07-04-24 20:10:37 Service Pack 2
ComboFix 07-04-25.1V - Running from: "C:\Documents and Settings\Person\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))

2007-04-23 23:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-23 18:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-23 18:17 <DIR> d-------- C:\!KillBox
2007-04-22 11:56 <DIR> d-------- C:\DOCUME~1\Person\APPLIC~1\Nokia Multimedia Player
2007-04-19 18:04 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-18 19:48 <DIR> d--hs---- C:\DOCUME~1\Person\Phone Browser
2007-04-18 19:39 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-04-18 19:39 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-04-18 19:39 <DIR> d-------- C:\DOCUME~1\Person\APPLIC~1\Nokia
2007-04-18 19:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-04-18 19:38 9,216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-04-18 19:38 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-04-18 19:38 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-04-18 19:38 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-04-18 19:38 138,240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-04-18 19:38 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-04-18 19:38 12,800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-04-18 19:38 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-04-18 19:38 <DIR> d-------- C:\Program Files\Nokia
2007-04-18 19:38 <DIR> d-------- C:\Program Files\DIFX
2007-04-18 19:38 <DIR> d-------- C:\DOCUME~1\Person\APPLIC~1\PC Suite
2007-04-18 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-03-31 22:35 720,896 --a------ C:\WINDOWS\system32\EAInstall.dll
2007-03-31 21:45 <DIR> d-------- C:\Program Files\iTunes
2007-03-30 17:46 <DIR> d-------- C:\My Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-23 23:28 -------- d-------- C:\DOCUME~1\Person\APPLIC~1\lavasoft
2007-04-23 23:16 -------- d-------- C:\Program Files\windows live safety center
2007-04-23 23:13 -------- d-------- C:\DOCUME~1\Person\APPLIC~1\utorrent
2007-04-23 22:51 -------- d-------- C:\Program Files\regscrubxp
2007-04-23 18:42 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-22 13:19 -------- d-------- C:\Program Files\daemon tools
2007-04-20 18:48 -------- d-------- C:\Program Files\msi
2007-04-20 18:38 -------- d-------- C:\Program Files\setup files
2007-04-20 17:55 2528 --a------ C:\DOCUME~1\Person\APPLIC~1\$_hpcst$.hpc
2007-04-20 17:43 313 --a------ C:\WINDOWS\option.dat
2007-04-19 22:02 -------- d-------- C:\Program Files\msn messenger
2007-04-18 21:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-04-18 19:23 -------- d--h----- C:\Program Files\installshield installation information
2007-04-18 19:08 -------- d-------- C:\Program Files\kworld multimedia
2007-04-09 19:51 -------- d-------- C:\Program Files\getright
2007-03-31 21:45 -------- d-------- C:\Program Files\ipod
2007-03-24 15:09 -------- d-------- C:\Program Files\microsoft activesync
2007-03-23 18:54 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-03-23 18:49 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-03-23 18:49 114688 --a------ C:\WINDOWS\system32\openal32.dll
2007-03-23 18:49 -------- d-------- C:\Program Files\openal
2007-03-23 18:34 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-10 21:48 -------- d-------- C:\Program Files\quicktime
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 21:13 -------- d-------- C:\Program Files\red kawa
2007-03-01 21:42 -------- d-------- C:\Program Files\Common Files\raxco
2007-02-20 14:12 227856 --a------ C:\WINDOWS\system32\pdboot.exe
2007-02-09 08:47 300 --a------ C:\WINDOWS\totals.reg
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 21:17 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-02 21:04 307200 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-02-02 21:03 264704 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-02 20:57 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-02-02 20:56 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-02-02 20:56 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-02-02 20:56 110592 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-02-02 20:56 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-02-02 20:55 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-02-02 20:54 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-02-02 20:46 2827968 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-02 20:40 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-02-02 20:40 1272960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-02 20:27 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-02-02 20:25 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-02-02 20:20 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-02 20:19 5312512 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-02-02 19:34 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-30 17:21 128813 --a------ C:\WINDOWS\system32\atiicdxx.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} C:\Program Files\GetRight\xx2gr.dll
{53707962-6F74-2D53-2644-206D7942484F} G:\sb\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"razer"="C:\\Program Files\\Razer\\razerhid.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Tracks Eraser Pro"="C:\\Program Files\\Acesoft\\Tracks Eraser Pro\\te.exe min"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MSI\\CORECE~1\\CORECE~1.exe "
"item"="CoreCenter"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"location"="Common Startup"
"item"="Remote Control"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Person^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.exe "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ad-Aware"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Aware.exe\" +c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\Program Files\\KWorld Multimedia\\DVB-T PLUS\\DTVR\\Scheduled.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeInSystray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mimboot.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLIStart"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfdc9e89-462e-11db-848a-4d6564696130}]
Shell\AutoRun\command H:\LaunchU3.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 20:13:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************
Completion time: 07-04-24 20:13:31
C:\ComboFix-quarantined-files.txt ... 07-04-24 20:13
Thanks so much for this

Response Number 19

Name: jabuck
Date: April 24, 2007 at 18:06:09 Pacific

Reply:

I don't see anything but one suspicious file.
Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate this file:
C:\WINDOWS\totals.reg
Then double click the first file to enter it into the "upload and scan box", click send, then post the results. You may have to scroll to the right to see the "send" button.

Response Number 20

Name: AlwaysWillingToLearn
Date: April 25, 2007 at 04:28:25 Pacific

Reply:

Thank you so much for your help jaBuck good to hear my comp has no more nasties, well to be honest my computer is much more responsive now and seems to be more quicker over the net.
the problem with spybot searh and destroy 1.4 and lavasoft adaware professional 1.06 still remian. Neither of them complete their scans, i have uninstalled and reinstalled them both, i have updated the software but no, they crash intermitently in random places, maybe i wont be able to resolve this issue.. i have select minimal settings, tried it in safe mode but nothing seems to work.
I will try the final thing you have posted in your last email today when i get home.
Once again thanks alot for you time and help its much appreciated...

Response Number 21

Name: AlwaysWillingToLearn
Date: April 25, 2007 at 09:42:15 Pacific

Reply:

Well its good news no virus found from all. so i think my computer is finally healed from any infections. the only thing remains as before though is my spybot and lavasoft adaware not completing their scans. oh well i mean atleast i have had a health check. thank you very much for all your help and support.
Antivirus Version Update Result
AhnLab-V3 2007.4.26.0 04.25.2007 no virus found
AntiVir 7.4.0.15 04.25.2007 no virus found
Authentium 4.93.8 04.24.2007 no virus found
Avast 4.7.981.0 04.25.2007 no virus found
AVG 7.5.0.464 04.25.2007 no virus found
BitDefender 7.2 04.25.2007 no virus found
CAT-QuickHeal 9.00 04.25.2007 no virus found
ClamAV devel-20070416 04.25.2007 no virus found
DrWeb 4.33 04.25.2007 no virus found
eSafe 7.0.15.0 04.25.2007 no virus found
eTrust-Vet 30.7.3594 04.25.2007 no virus found
Ewido 4.0 04.25.2007 no virus found
FileAdvisor 1 04.25.2007 no virus found
Fortinet 2.85.0.0 04.25.2007 no virus found
F-Prot 4.3.2.48 04.24.2007 no virus found
F-Secure 6.70.13030.0 04.25.2007 no virus found
Ikarus T3.1.1.5 04.25.2007 no virus found
Kaspersky 4.0.2.24 04.25.2007 no virus found
McAfee 5017 04.25.2007 no virus found
Microsoft 1.2405 04.25.2007 no virus found
NOD32v2 2218 04.25.2007 no virus found
Norman 5.80.02 04.25.2007 no virus found
Panda 9.0.0.4 04.25.2007 no virus found
Prevx1 V2 04.25.2007 no virus found
Sophos 4.16.0 04.23.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.25.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found

Response Number 22

Name: XpUser4Real
Date: April 25, 2007 at 11:06:13 Pacific

Reply:

This may work for spybot, I found it on the net:
Open Spybot, then leave it alone
Open Task Manager, and go to the Processes tab
Right-click on SpybotSD.exe, and choose "Set Affinity..."
On the box that comes up, check/uncheck boxes so that ONLY "CPU 0" is checked.
Go back to the already-open Spybot, and run a scan. It should complete without hanging or losing responsiveness.
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 23

Name: AlwaysWillingToLearn
Date: April 25, 2007 at 11:45:49 Pacific

Reply:

mate you guys are genious' i have tried to google this problem for ages but ound nothing at all, everything was related to not being able to update, but this worked perfectly, excellent. nice one mate...
lol i think i will post my next problem in the hardware forum
thank you to everyone for the advice, time and the excellent support u gave me..

Response Number 24

Name: XpUser4Real
Date: April 25, 2007 at 12:50:16 Pacific

Reply:

Glad it worked for you, thanks for posting back!
Hopefully my advice will help you...Please post back with your results....thanks

Sponsored Link

Ads by Google

SVCHOST32 exe file infect...

My browser has been hijac...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Important question

Virus from ISP provider

Summary

www.computing.net/answers/security/virus-from-isp-provider/11743.html

infected !! safe & faster?

Summary

www.computing.net/answers/security/infected-safe-amp-faster/4475.html

5 Steps to Internet Security

Summary

www.computing.net/answers/security/5-steps-to-internet-security/10176.html

From the Geek Dictionary
Atari - Gaming Console from back in the era when the picture in the box artwork wou...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
DRAM will continue to rise in price in 2010.

Removing avg 8.5

Power Supply bad?

restore help

dvd rom not able to read dvd

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE