| SteveC |
| (regular) |
| Sun Jun 28 2009 01:16 PM |
|
Please can you check my Hijacktjis log
|
Hi all
I would be most appreciative if you check my hijackthis log file
Thanks
SteveC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:39, on 28/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - <a href="res://C:\Program" target="_blank">res://C:\Program</a> Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - <a href="res://C:\Program" target="_blank">res://C:\Program</a> Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000</a>
O8 - Extra context menu item: Lookup on Merriam Webster - <a href="file://C:\Program" target="_blank">file://C:\Program</a> Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - <a href="file://C:\Program" target="_blank">file://C:\Program</a> Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9d3f942348750) (gupdate1c9d3f942348750) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 8159 bytes
| bricat |
| (HijackThis Helper) |
| Sun Jun 28 2009 09:57 PM |
|
Re: Please can you check my Hijacktjis log
|
Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Please keep me informed about any changes to your problems during the different steps of the fix
FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER
| SteveC |
| (regular) |
| Mon Jun 29 2009 01:41 PM |
|
|
|
Re: Please can you check my Hijacktjis log
|
Hi Bricat
Hope I`ve got this right, if not please advise
Steve
ComboFix 09-06-28.02 - Steve 29/06/2009 13:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1525.834 [GMT 1:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\msvrc20.dll
c:\windows\setup.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.
2009-06-29 12:24 . 2009-06-29 12:25 -------- d-----w- c:\users\Steve\AppData\Local\temp
2009-06-28 17:51 . 2009-06-28 17:52 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-28 17:51 . 2009-06-28 17:50 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-28 17:50 . 2009-06-28 17:50 -------- d-----w- c:\program files\Java
2009-06-28 15:37 . 2009-06-28 15:38 -------- d-----w- c:\users\Steve\My Address Book
2009-06-28 12:05 . 2009-06-28 12:05 -------- d-----w- c:\program files\Trend Micro
2009-06-23 14:51 . 2009-06-01 10:09 2052376 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-23 14:51 . 2009-06-01 10:09 423424 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-06-23 14:51 . 2009-06-01 10:09 310528 ----a-w- c:\programdata\avg8\update\backup\avglngx.dll
2009-06-23 14:51 . 2009-06-01 10:09 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll
2009-06-23 14:51 . 2009-06-01 10:09 3288856 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-23 14:51 . 2009-06-01 10:09 486680 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-06-23 14:50 . 2009-06-01 10:08 1439488 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-23 14:50 . 2009-06-01 10:08 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-06-20 20:09 . 2009-06-20 20:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-15 15:59 . 2009-06-15 15:59 -------- d-----w- c:\program files\Paint.NET
2009-06-15 15:58 . 2009-06-28 17:42 -------- d-----w- c:\users\Steve\AppData\Local\Paint.NET
2009-06-15 10:27 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-15 10:27 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-15 10:27 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-06-15 10:27 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-15 10:26 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-07 16:03 . 2009-06-07 16:03 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-07 16:02 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-07 16:02 . 2009-06-07 16:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-07 16:01 . 2009-06-07 16:01 -------- d-----w- c:\program files\Microsoft
2009-06-07 16:01 . 2009-06-07 16:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-07 16:00 . 2009-06-07 16:00 -------- d-----w- c:\windows\PCHEALTH
2009-06-07 15:56 . 2009-06-07 15:56 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-06 09:15 . 2009-06-06 09:15 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-06 08:02 . 2009-06-15 18:48 -------- d-----w- c:\program files\Photobie
2009-06-04 17:51 . 2009-06-04 18:49 -------- d-----w- c:\users\Steve\AppData\Roaming\IObit
2009-06-01 12:56 . 2009-06-01 12:56 -------- d-----w- c:\users\Steve\AppData\Roaming\AdobeUM
2009-06-01 12:38 . 2009-06-07 11:41 -------- d-----w- c:\program files\IObit
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\ca-ES
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\eu-ES
2009-06-01 10:53 . 2009-06-01 10:55 -------- d-----w- c:\windows\system32\vi-VN
2009-06-01 10:41 . 2009-06-01 10:41 -------- d-----w- c:\windows\system32\EventProviders
2009-06-01 10:39 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-06-01 10:38 . 2009-04-11 06:28 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2009-06-01 10:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-01 10:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-01 10:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-01 10:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-01 10:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-01 10:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-01 10:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-01 10:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-01 10:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-01 10:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-01 10:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 12:07 . 2009-05-10 09:19 53744 ----a-w- c:\users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 15:48 . 2009-05-10 16:12 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-23 14:50 . 2009-05-10 11:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 14:50 . 2009-05-10 11:04 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-23 14:50 . 2009-05-10 11:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 09:43 . 2009-05-10 09:24 -------- d-----w- c:\program files\Launch Manager
2009-06-19 18:08 . 2009-05-13 18:10 -------- d-----w- c:\program files\ieSpell
2009-06-07 16:04 . 2009-05-16 18:22 -------- d-----w- c:\program files\Windows Live
2009-06-05 16:07 . 2009-05-13 18:31 -------- d-----w- c:\program files\Google
2009-06-04 18:43 . 2009-05-16 18:21 -------- d-----w- c:\programdata\WLInstaller
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-01 10:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-01 10:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-01 10:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-16 18:24 . 2009-05-16 18:22 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-16 11:37 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-16 11:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-16 10:12 . 2009-05-16 10:12 680 ----a-w- c:\users\Steve\AppData\Local\d3d9caps.dat
2009-05-13 18:13 . 2009-05-13 18:13 -------- d-----w- c:\users\Steve\AppData\Roaming\ieSpell
2009-05-11 11:50 . 2009-05-11 11:50 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-10 16:01 . 2009-05-10 16:01 -------- d-----w- c:\program files\WIDCOMM
2009-05-10 15:26 . 2009-05-10 15:26 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-05-10 15:26 . 2009-05-10 15:26 272896 ----a-w- c:\windows\system32\polstore.dll
2009-05-10 15:21 . 2009-05-10 15:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-05-10 15:18 . 2009-05-10 15:18 37888 ----a-w- c:\windows\system32\printcom.dll
2009-05-10 15:17 . 2009-05-10 15:17 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-05-10 15:16 . 2009-05-10 15:16 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-10 14:30 . 2009-05-10 14:30 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-05-10 14:30 . 2009-05-10 14:30 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2009-05-10 14:29 . 2009-05-10 14:29 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2009-05-10 14:29 . 2009-05-10 14:29 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2009-05-10 14:29 . 2009-05-10 14:29 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2009-05-10 14:29 . 2009-05-10 14:29 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2009-05-10 14:29 . 2009-05-10 14:29 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2009-05-10 14:29 . 2009-05-10 14:29 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2009-05-10 14:29 . 2009-05-10 14:29 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2009-05-10 14:28 . 2009-05-10 14:28 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2009-05-10 14:28 . 2009-05-10 14:28 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2009-05-10 14:28 . 2009-05-10 14:28 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2009-05-10 14:28 . 2009-05-10 14:28 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2009-05-10 14:28 . 2009-05-10 14:28 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2009-05-10 14:27 . 2009-05-10 14:27 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2009-05-10 14:27 . 2009-05-10 14:27 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2009-05-10 14:27 . 2009-05-10 14:27 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2009-05-10 14:26 . 2009-05-10 14:26 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2009-05-10 14:26 . 2009-05-10 14:26 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2009-05-10 14:26 . 2009-05-10 14:26 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2009-05-10 14:25 . 2009-05-10 14:25 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2009-05-10 14:25 . 2009-05-10 14:25 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2009-05-10 14:25 . 2009-05-10 14:25 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2009-05-10 14:25 . 2009-05-10 14:25 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2009-05-10 14:25 . 2009-05-10 14:25 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2009-05-10 14:25 . 2009-05-10 14:25 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2009-05-10 14:25 . 2009-05-10 14:25 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2009-05-10 14:24 . 2009-05-10 14:24 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2009-05-10 14:24 . 2009-05-10 14:24 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2009-05-10 14:24 . 2009-05-10 14:24 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2009-05-10 14:24 . 2009-05-10 14:24 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2009-05-10 14:23 . 2009-05-10 14:23 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2009-05-10 14:23 . 2009-05-10 14:23 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2009-05-10 14:23 . 2009-05-10 14:23 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2009-05-10 14:23 . 2009-05-10 14:23 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2009-05-10 14:11 . 2009-05-10 14:11 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-10 14:09 . 2009-05-10 14:09 9728 ----a-w- c:\windows\system32\lsass.exe
2009-05-10 13:05 . 2009-05-10 13:05 181760 ----a-w- c:\windows\system32\fsquirt.exe
2009-05-10 13:05 . 2009-05-10 13:05 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-05-10 13:05 . 2009-05-10 13:05 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-05-10 12:13 . 2009-05-10 12:13 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-05-10 11:37 . 2009-05-10 11:37 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-05-10 11:32 . 2009-05-10 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-05-10 11:05 . 2009-05-10 11:05 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 11:04 . 2009-05-10 11:04 -------- d-----w- c:\program files\AVG
2009-05-10 11:04 . 2009-05-10 11:04 -------- d-----w- c:\programdata\avg8
2009-05-10 10:44 . 2009-05-10 10:44 -------- d-----w- c:\program files\MSXML 4.0
2009-05-10 10:11 . 2006-12-05 05:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-10 10:09 . 2006-12-05 05:22 -------- d-----w- c:\programdata\Symantec
2009-05-10 10:04 . 2006-12-05 05:02 319984 ----a-w- c:\windows\DIFxAPI.dll
2009-05-10 10:04 . 2006-12-05 05:02 -------- d-----w- c:\program files\Realtek
2009-05-10 09:52 . 2009-05-10 09:52 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-05-10 09:52 . 2009-05-10 09:52 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-10 09:52 . 2009-05-10 09:52 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-05-10 09:52 . 2009-05-10 09:52 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-05-10 09:43 . 2009-05-10 09:43 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-05-10 09:43 . 2009-05-10 09:43 34328 ----a-w- c:\windows\system32\wups.dll
2009-05-10 09:43 . 2009-05-10 09:43 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-05-10 09:42 . 2009-05-10 09:42 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-05-10 09:42 . 2009-05-10 09:42 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-05-10 09:39 . 2009-05-10 09:19 -------- d-----w- c:\program files\Acer Inc
2009-05-10 09:33 . 2006-12-05 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w- c:\programdata\InstallShield
2009-05-10 09:19 . 2006-12-05 05:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-10 09:19 . 2009-05-10 09:19 -------- d-----w- c:\program files\Yahoo!
2009-05-10 08:54 . 2009-05-10 08:54 3 ----a-w- c:\windows\AFirst.cmd
2009-05-10 08:54 . 2009-05-10 08:54 1390 ----a-w- c:\windows\CLEANUP.CMD
2009-04-11 06:33 . 2009-06-01 10:39 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-01 10:39 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-01 10:38 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-01 10:39 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"?????????"="??????????????e" [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-11-18 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):20,af,53,7c,a8,e2,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A303ACC2-9F91-49C7-BE3F-A554E47E408F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{61BFDEBB-77AC-45B8-BF7B-50ED71CF529C}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6A850F4E-211A-4A3D-83B2-A0C33C7D1A1B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6E930E70-D766-488A-A851-DB9FAD5B7C5E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/05/2009 12:04 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/05/2009 12:05 108552]
R2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};c:\program files\Acer\Acer Arcade\000.fcl [05/12/2006 06:12 6656]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/05/2009 12:04 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/05/2009 12:04 298776]
S3 gupdate1c9d3f942348750;Google Update Service (gupdate1c9d3f942348750);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2009 19:33 133104]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [11/05/2009 15:10 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-06-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-27 14:19]
2009-05-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 18:32]
2009-06-07 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-06-07 17:15]
2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{469A7028-36D8-49E2-9473-FC90DEC37D59}.job
- c:\windows\system32\msfeedssync.exe [2009-05-15 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 13:24
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD}]
"ImagePath"="\??\c:\program files\Acer\Acer Arcade\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-29 13:27
ComboFix-quarantined-files.txt 2009-06-29 12:26
Pre-Run: 14,353,776,640 bytes free
Post-Run: 14,323,814,400 bytes free
295 --- E O F --- 2009-06-27 12:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:54, on 28/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate1c9d3f942348750) (gupdate1c9d3f942348750) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 8159 bytes
| bricat |
| (HijackThis Helper) |
| Mon Jun 29 2009 04:27 PM |
|
|
|
Re: Please can you check my Hijacktjis log
|
Rerun HJT,and put a checkmark beside these :-
O4 - HKCU\..\Run: [?????????] ??????????????e
now close all windows and browsers and click FIX CHECKED
then :-
just some tidying up to do.
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Then :-
Download and scan with CCleaner
- CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build. - Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre. - Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
Leave the system section at default.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose. - Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
| SteveC |
| (regular) |
| Mon Jun 29 2009 05:15 PM |
|
|
|
Re: Please can you check my Hijacktjis log
|
Many thanks Bricat
Computer running a lot quicker now
It seems you prefer CCleaner to Advanced System Care
Thanks again
Steve
| bricat |
| (HijackThis Helper) |
| Mon Jun 29 2009 10:23 PM |
|
|
|
Re: Please can you check my Hijacktjis log
|
glad you're sorted.
ccleaner is a great little program, it does what it says on the tin
