Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
 |  Print Topic
Jump to first unread post. Pages: 1
justbarking
regular


Reg'd: Sun
Posts: 211
HiJackThis Logfile
      #396312 - Wed Jun 04 2008 02:36 PM
Reply to this post Reply   Reply to this post Quote  

Could someone check this hijackthis logfile please. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:32, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SmartEnhancer - {F608C2D0-846D-4F0E-E47A-88367C887707} - C:\Program Files\SmartEnhancer\SmartEnhancer-1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [99703108910636686487059295873389] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207677162359
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 10668 bytes

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28620
Loc: belfast
Re: HiJackThis Logfile [Re: justbarking]
      #396319 - Wed Jun 04 2008 04:00 PM
Reply to this post Reply   Reply to this post Quote  

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.


  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
justbarking
regular


Reg'd: Sun
Posts: 211
Re: HiJackThis Logfile [Re: bricat]
      #396336 - Wed Jun 04 2008 06:38 PM
Reply to this post Reply   Reply to this post Quote  

Hello Bricat, here is the combofix txt and a new HiJackThis log file. Many thanks for all the help

ComboFix 08-06-03.4 - Klee Lisa 2008-06-04 18:04:38.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.189 [GMT 1:00]
Running from: C:\Documents and Settings\Klee Lisa\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Klee Lisa\Start Menu\XP Antivirus 2008
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ieupdates.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\winsrc.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 17:02 . 2008-06-04 17:02 0 --a------ C:\WINDOWS\system32\winsrc.dll.tmp
2008-06-04 14:01 . 2008-06-04 14:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 13:23 . 2008-06-04 13:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 11:30 . 2008-06-04 11:30 <DIR> d--hs---- C:\FOUND.007
2008-06-03 23:36 . 2008-06-03 23:36 77,613 --a------ C:\WINDOWS\system32\scui.cpl
2008-05-30 15:55 . 2008-05-30 15:55 <DIR> d--hs---- C:\FOUND.006
2008-05-28 18:07 . 2008-05-28 18:07 <DIR> d--hs---- C:\FOUND.005
2008-05-27 22:34 . 2008-05-27 22:34 <DIR> d--hs---- C:\FOUND.004
2008-05-22 22:59 . 2008-05-22 22:59 <DIR> d--hs---- C:\FOUND.003
2008-05-19 12:33 . 2008-05-19 12:33 <DIR> d--hs---- C:\FOUND.002
2008-05-17 23:15 . 2008-05-17 23:15 <DIR> d--hs---- C:\FOUND.001
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-15 12:39 . 2008-05-15 12:39 <DIR> d--hs---- C:\FOUND.000
2008-05-12 15:58 . 2008-05-12 15:59 3,072,054 --a------ C:\WINDOWS\wallpaper.bmp
2008-05-11 13:51 . 2008-05-11 13:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:09 . 2008-05-09 23:10 <DIR> d-------- C:\Documents and Settings\Klee Lisa\Application Data\Viewpoint
2008-05-07 20:56 . 2008-05-07 20:56 268 --ah----- C:\sqmdata02.sqm
2008-05-07 20:56 . 2008-05-07 20:56 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 17:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-28 16:03 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\DivX
2008-04-27 17:40 --------- d-----w C:\Program Files\DivX
2008-04-27 17:17 --------- d-----w C:\Program Files\uTorrent
2008-04-27 17:17 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\uTorrent
2008-04-27 14:04 --------- d-----w C:\Program Files\SmartEnhancer
2008-04-16 17:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 16:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 13:30 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AdobeAUM
2008-04-12 13:22 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\LimeWire
2008-04-11 14:34 --------- d-----w C:\Program Files\SymNetDrv
2008-04-10 20:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 16:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 19:26 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 19:26 --------- d-----w C:\Program Files\Windows Live
2008-04-08 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\Claire\Application Data\LimeWire
2008-04-08 18:54 --------- d-----w C:\Program Files\Java
2008-04-08 18:51 --------- d-----w C:\Program Files\Common Files\Java
2008-04-08 17:37 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AOL
2008-04-08 14:12 --------- d-----w C:\Documents and Settings\Claire\Application Data\AOL
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\aolback
2008-04-08 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-08 14:08 --------- d-----w C:\Program Files\Viewpoint
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aol
2008-04-08 14:07 --------- d-----w C:\Program Files\AOL 9.0 VR
2008-04-08 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-08 13:55 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 20:26 4,818 ----a-w C:\Documents and Settings\Klee Lisa\Application Data\wklnhst.dat
2008-01-24 20:42 204 ----a-w C:\Documents and Settings\Claire\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_17.50.42.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 16:47:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 16:59:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F608C2D0-846D-4F0E-E47A-88367C887707}]
2007-12-30 21:48 1019904 --a------ C:\Program Files\SmartEnhancer\SmartEnhancer-1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"HostManager"="C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Klee Lisa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\aol\\1207663629\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 16:59:56 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-06-04 16:59:56 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 18:06:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 18:06:30
ComboFix-quarantined-files.txt 2008-06-04 17:06:28

Pre-Run: 3,985,162,240 bytes free
Post-Run: 3,975,544,832 bytes free

184 --- E O F --- 2008-06-04 09:49:04


HiJackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:03, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartEnhancer - {F608C2D0-846D-4F0E-E47A-88367C887707} - C:\Program Files\SmartEnhancer\SmartEnhancer-1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207677162359
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7264 bytes

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28620
Loc: belfast
Re: HiJackThis Logfile [Re: justbarking]
      #396347 - Wed Jun 04 2008 07:34 PM
Reply to this post Reply   Reply to this post Quote  

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:



Killall::

File::
C:\WINDOWS\system32\winsrc.dll.tmp

Folder::
C:\Program Files\SmartEnhancer
C:\FOUND.007
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.001
C:\FOUND.000

Registry::
[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{F608C2D0-846D-4F0E-E47A-88367C887707}]
"SmartEnhancer-1.dll"=-





Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Referring to the picture above, drag CFScript.txt into ComboFix.exe.

This will start ComboFix again.(it may ask you to reboot your computer)

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

You don't stop laughing when you get old, you get old when you stop laughing!

Post Extras: Print Post   Remind Me!   Notify Moderator  
justbarking
regular


Reg'd: Sun
Posts: 211
Re: HiJackThis Logfile [Re: bricat]
      #396372 - Wed Jun 04 2008 10:10 PM
Reply to this post Reply   Reply to this post Quote  

Here are the latest required: CFSript.txt file and HiJackThis log file. When i boot up the computera message appears:

ctfmon.exe-Unable to Locate Component
The application has failed to start because MSCTF.dll was not found. Re-installing the application may fix this problem. Also a message appears for Windows XP PRO?


ComboFix 08-06-03.4 - Klee Lisa 2008-06-04 21:47:00.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.293 [GMT 1:00]
Running from: C:\Documents and Settings\Klee Lisa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Klee Lisa\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\winsrc.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.001\FILE0002.CHK
C:\FOUND.001\FILE0003.CHK
C:\FOUND.001\FILE0004.CHK
C:\FOUND.001\FILE0005.CHK
C:\FOUND.001\FILE0006.CHK
C:\FOUND.001\FILE0007.CHK
C:\FOUND.001\FILE0008.CHK
C:\FOUND.001\FILE0009.CHK
C:\FOUND.001\FILE0010.CHK
C:\FOUND.001\FILE0011.CHK
C:\FOUND.001\FILE0012.CHK
C:\FOUND.001\FILE0013.CHK
C:\FOUND.001\FILE0014.CHK
C:\FOUND.001\FILE0015.CHK
C:\FOUND.001\FILE0016.CHK
C:\FOUND.001\FILE0017.CHK
C:\FOUND.001\FILE0018.CHK
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.002\FILE0002.CHK
C:\FOUND.002\FILE0003.CHK
C:\FOUND.002\FILE0004.CHK
C:\FOUND.002\FILE0005.CHK
C:\FOUND.002\FILE0006.CHK
C:\FOUND.002\FILE0007.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.004
C:\FOUND.004\FILE0000.CHK
C:\FOUND.005
C:\FOUND.005\FILE0000.CHK
C:\FOUND.005\FILE0001.CHK
C:\FOUND.005\FILE0002.CHK
C:\FOUND.005\FILE0003.CHK
C:\FOUND.005\FILE0004.CHK
C:\FOUND.005\FILE0005.CHK
C:\FOUND.005\FILE0006.CHK
C:\FOUND.005\FILE0007.CHK
C:\FOUND.005\FILE0008.CHK
C:\FOUND.005\FILE0009.CHK
C:\FOUND.005\FILE0010.CHK
C:\FOUND.005\FILE0011.CHK
C:\FOUND.005\FILE0012.CHK
C:\FOUND.005\FILE0013.CHK
C:\FOUND.005\FILE0014.CHK
C:\FOUND.005\FILE0015.CHK
C:\FOUND.005\FILE0016.CHK
C:\FOUND.005\FILE0017.CHK
C:\FOUND.005\FILE0018.CHK
C:\FOUND.005\FILE0019.CHK
C:\FOUND.005\FILE0020.CHK
C:\FOUND.005\FILE0021.CHK
C:\FOUND.005\FILE0022.CHK
C:\FOUND.005\FILE0023.CHK
C:\FOUND.005\FILE0024.CHK
C:\FOUND.005\FILE0025.CHK
C:\FOUND.005\FILE0026.CHK
C:\FOUND.005\FILE0027.CHK
C:\FOUND.005\FILE0028.CHK
C:\FOUND.005\FILE0029.CHK
C:\FOUND.005\FILE0030.CHK
C:\FOUND.005\FILE0031.CHK
C:\FOUND.005\FILE0032.CHK
C:\FOUND.005\FILE0033.CHK
C:\FOUND.005\FILE0034.CHK
C:\FOUND.005\FILE0035.CHK
C:\FOUND.005\FILE0036.CHK
C:\FOUND.005\FILE0037.CHK
C:\FOUND.005\FILE0038.CHK
C:\FOUND.005\FILE0039.CHK
C:\FOUND.005\FILE0040.CHK
C:\FOUND.005\FILE0041.CHK
C:\FOUND.006
C:\FOUND.006\FILE0000.CHK
C:\FOUND.006\FILE0001.CHK
C:\FOUND.006\FILE0002.CHK
C:\FOUND.006\FILE0003.CHK
C:\FOUND.006\FILE0004.CHK
C:\FOUND.007
C:\FOUND.007\FILE0000.CHK
C:\Program Files\SmartEnhancer
C:\Program Files\SmartEnhancer\pcre3.dll
C:\Program Files\SmartEnhancer\SmartEnhancer-1.dll
C:\Program Files\SmartEnhancer\SmartEnhancer-2.dll
C:\Program Files\SmartEnhancer\SmartEnhancer.dat
C:\Program Files\SmartEnhancer\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 17:02 . 2008-06-04 17:02 0 --a------ C:\WINDOWS\system32\winsrc.dll.tmp
2008-06-04 14:01 . 2008-06-04 14:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 13:24 . 2008-06-04 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 13:23 . 2008-06-04 13:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 12:27 . 2008-06-04 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 23:36 . 2008-06-03 23:36 77,613 --a------ C:\WINDOWS\system32\scui.cpl
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 15:58 . 2008-05-12 15:59 3,072,054 --a------ C:\WINDOWS\wallpaper.bmp
2008-05-11 13:51 . 2008-05-11 13:51 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 23:09 . 2008-05-09 23:10 <DIR> d-------- C:\Documents and Settings\Klee Lisa\Application Data\Viewpoint
2008-05-07 20:56 . 2008-05-07 20:56 268 --ah----- C:\sqmdata02.sqm
2008-05-07 20:56 . 2008-05-07 20:56 244 --ah----- C:\sqmnoopt02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 17:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-28 16:03 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\DivX
2008-04-27 17:40 --------- d-----w C:\Program Files\DivX
2008-04-27 17:17 --------- d-----w C:\Program Files\uTorrent
2008-04-27 17:17 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\uTorrent
2008-04-16 17:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 16:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 13:30 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AdobeAUM
2008-04-12 13:22 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\LimeWire
2008-04-10 20:19 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-09 16:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 19:26 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-08 19:26 --------- d-----w C:\Program Files\Windows Live
2008-04-08 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 18:55 --------- d-----w C:\Documents and Settings\Claire\Application Data\LimeWire
2008-04-08 18:54 --------- d-----w C:\Program Files\Java
2008-04-08 18:51 --------- d-----w C:\Program Files\Common Files\Java
2008-04-08 17:37 --------- d-----w C:\Documents and Settings\Klee Lisa\Application Data\AOL
2008-04-08 14:12 --------- d-----w C:\Documents and Settings\Claire\Application Data\AOL
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-04-08 14:10 --------- d-----w C:\Program Files\Common Files\aolback
2008-04-08 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-08 14:08 --------- d-----w C:\Program Files\Viewpoint
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aolshare
2008-04-08 14:07 --------- d-----w C:\Program Files\Common Files\aol
2008-04-08 14:07 --------- d-----w C:\Program Files\AOL 9.0 VR
2008-04-08 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-08 13:55 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 20:26 4,818 ----a-w C:\Documents and Settings\Klee Lisa\Application Data\wklnhst.dat
2008-01-24 20:42 204 ----a-w C:\Documents and Settings\Claire\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_17.50.42.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 16:47:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:49:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"HostManager"="C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Klee Lisa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\aol\\1207663629\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 20:49:50 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-06-04 20:49:50 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:50:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\MSPMSPSV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\LAUNCH MANAGER\QTZGACER.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
.
**************************************************************************
.
Completion time: 2008-06-04 21:52:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 20:52:10
ComboFix2.txt 2008-06-04 17:06:32

Pre-Run: 3,921,182,720 bytes free
Post-Run: 3,901,407,232 bytes free

272 --- E O F --- 2008-06-04 20:12:06



HiJackThis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:09, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1207663629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1207677162359
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 7301 bytes

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 28620
Loc: belfast
Re: HiJackThis Logfile [Re: justbarking]
      #396377 - Wed Jun 04 2008 11:17 PM
Reply to this post Reply   Reply to this post Quote  

combofix cleanup.

Time for some housekeeping


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    [list]



  • When shown the disclaimer, Select "2"[/list]

    The above procedure will:


    • Delete the following:[list]
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present


  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.[/list]

    then :-

    Download and scan with CCleaner
    1. CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
      IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
    2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
      Then select "Cookies"
      Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.

    3. Then select the items you wish to clean up.
      In the Windows Tab:

      • Clean all entries in the "Internet Explorer" section.
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section.
      • Clean all entries in the "Advanced" section.
      • Clean any others that you choose.


      In the Applications Tab:

      • Clean all entries in the Mozilla Firefox Section.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


    4. Click the "Run Cleaner" button.
    5. A pop up box will appear advising this process will permanently delete files from your system.
    6. Click "OK" and it will scan and clean your system.
    7. Click "exit" when done.


    then DEFRAG your C:\ drive.

    to help speed up your system.

    then let us know how the computer is running.

    if you still get the error after rebooting again :-


    MSCTF.dllis related to Ctfmon.exe and is a module which belongs to the Microsoft Text Service Module.

    we haven't removed anything connected to that.

    To prevent Ctfmon.exe from running, follow these steps.

    if you don't use speech recognition or handwriting recognition you don't need it.


    To Remove Alternative User Input Services from Text Services:-

    1. Click Start, point to Settings, and then click Control Panel.
    2. In the Control Panel, double-click Text Services.NOTE: In Windows XP, click Date, Time, Language, and Regional Options, and then click Regional and Language Options. On the Languages tab, click Details.

    3. Under Installed Services, select each input item that is listed, and then click Remove to remove the item. All items must be removed, one by one, except the following input service:
    English (United States)- default Keyboard United States 101
    Step 3: Run Regsvr32 /U on the Msimtf.dll and Msctf.dll Files
    1. Click Start and then click Run.
    2. In the Run dialog box, type the following command:
    Regsvr32.exe /u msimtf.dll
    3. Click OK.
    4. Repeat steps 1 through 3 for the Msctf.dll file.


    what was the error for XP PRO ?

    --------------------
    MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

    You don't stop laughing when you get old, you get old when you stop laughing!

    Post Extras: Print Post   Remind Me!   Notify Moderator  
    • justbarking
    regular


    Reg'd: Sun
    Posts: 211
    Re: HiJackThis Logfile [Re: bricat]
          #396399 - Thu Jun 05 2008 09:36 AM
    Reply to this post Reply   Reply to this post Quote  

    Have run Regsvr32.exe /u msimtf.dll and/also msctf.dll but all i got back was: loadlibrary ("msimtf.dll" failed. The specified module could not be found. I had the same message for msctf.dll as well.


    As for the error concerning XP PRO. Immediately after booting up a box appears entitled: Windows installer trying to install Microsoft Office XP Professional with Frontpage. How do i stop this please

    Post Extras: Print Post   Remind Me!   Notify Moderator  
    bricatModerator
    HijackThis Helper


    Reg'd: Wed
    Posts: 28620
    Loc: belfast
    Re: HiJackThis Logfile [Re: justbarking]
          #396406 - Thu Jun 05 2008 10:21 AM
    Reply to this post Reply   Reply to this post Quote  

    click START >>RUN and type MSCONFIG
    then click on startups at the top.

    have a look for msiexec.exe, if it's there, click on the box beside it to remove the check mark.
    click apply and let the computer reboot.

    --------------------
    MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

    You don't stop laughing when you get old, you get old when you stop laughing!

    Post Extras: Print Post   Remind Me!   Notify Moderator  
    justbarking
    regular


    Reg'd: Sun
    Posts: 211
    Re: HiJackThis Logfile [Re: bricat]
          #396422 - Thu Jun 05 2008 03:59 PM
    Reply to this post Reply   Reply to this post Quote  

    Hiya Bricat,

    In order to stop the Windows installer from trying to install Microsoft Office XP Professional with Frontpage everytime the PC was booted i had to download "msicuu2.exe" from http://download.microsoft.com.

    Everything working great now thanks to you. Many thanks JB

    Post Extras: Print Post   Remind Me!   Notify Moderator  
    bricatModerator
    HijackThis Helper


    Reg'd: Wed
    Posts: 28620
    Loc: belfast
    Re: HiJackThis Logfile [Re: justbarking]
          #396446 - Thu Jun 05 2008 07:13 PM
    Reply to this post Reply   Reply to this post Quote  

    glad you got it sorted, it was starting to get a bit out of my area of knowledge.

    Happy to help.

    --------------------
    MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.

    You don't stop laughing when you get old, you get old when you stop laughing!

    Post Extras: Print Post   Remind Me!   Notify Moderator  
    Pages: 1

    Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
    Rate this topic

    Jump to


    Extra information
    1 registered and 17 anonymous users are browsing this forum.

    Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


    Print Topic

    		Forum Permissions
          You cannot start new topics
          You cannot reply to topics
          HTML is disabled
          Mark-up is enabled

    		Rating:
    Topic views: 0

    Contact Us | Privacy statement Main website