my net book is acting strange all of a sudden [Solved]
#1
Posted 21 February 2012 - 03:56 AM
Register to Remove
#2
Posted 21 February 2012 - 03:29 PM
I'm Mithros, I'll be glad to help you with your computer problems.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts before I post them. This is to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my very best to keep it as short as possible.
Please read the following guidelines which will help to make cleaning your machine easier:
- Malware logs are often lengthy and can take alot of time to research and interpret. Please be patient while I review your logs.
- The fixes I will give you are specific to your problem and should only be used for this issue on this machine.
- Please make sure to carefully read any instructions posted. If you're not sure, please stop and ask!
- Please stay with this thread until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that all malware is gone.
- PLEASE DO NOT install/uninstall any programs unless asked to.
- PLEASE DO NOT run any malware scans other than those requested.
- Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
- I will reply back shortly with instructions
- Note to Vista and Windows 7 users:
- These tools MUST be run from the executable. (.exe) every time you run them
- These tools MUST be run With Admin Rights (Right click, choose "Run as Administrator")
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
#3
Posted 21 February 2012 - 04:08 PM
#4
Posted 21 February 2012 - 07:56 PM
Please download DDS by sUBs from one of the following links and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
◦Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
◦You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
#5
Posted 22 February 2012 - 02:27 AM
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Col at 8:22:43 on 2012-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.470 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {c3d3840c-12ea-4461-a61d-190555fecc82} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - No File
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\col\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Search - http://tbedits.guffi...mp;n=2010112909
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46776D37-F404-428D-A7F2-92341A4361B3} : DhcpNameServer = 192.168.0.1
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-2 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 42184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2011-3-25 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
.
=============== Created Last 30 ================
.
2012-02-15 17:16:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42:01 -------- d-----w- c:\program files\iPod
2012-02-09 23:41:52 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37:27 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37:27 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-05-07 08:34:00 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
============= FINISH: 8:24:20.00 ===============
Attached Files
#6
Posted 22 February 2012 - 02:41 AM
Attached Files
#7
Posted 22 February 2012 - 11:28 PM
P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
It looks like you still have the remnants of your old antivirus AVG on the computer, please go to AVG Remover and download the 32 bit AVG removal tool to your desktop. Double click the AVG icon and follow the on screen instructions, this may restart you computer, let it run to completion.
NEXT Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
====================================================
Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Finally let me know how your computer is running please
#8
Posted 23 February 2012 - 08:28 AM
#9
Posted 23 February 2012 - 10:05 PM
First lets get rid of that AVG remnant with a CF script
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Then I would like to stop a few programs from starting up every time your computer boots, please click the start button in lower left corner of your Windows desktop, go to run and type in msconfig in the run window. This will bring up the System configuration Utility, across the top you will see a tab that says startup, please select and scroll down list of programs starting at boot. Please UNCHECK anything that says, iTunes, HOTSYNC, iPodService, AppleMobileDeviceService, then select OK and when prompted select exit without restart. This does not remove any programs it only prevent them from starting every time the computer boots.
Are you currently using Express Talk on your computer or has this been uninstalled ?
It looks like you have run Combofix 3 times can you please post the full logs from those runs, they should be located on the root of your boot drive, typically C:Combofix.txt
Finally I see you have Safari installed on your computer this may or may not have come with an ITunes installation, Safari is a great browser but can be a real resource hog on PCs. If you are not using it I would suggest deleting the program by using the ADD/Remove programs option in the control panel
Please let me know how your computer is running
#10
Posted 24 February 2012 - 11:29 AM
Register to Remove
#11
Posted 25 February 2012 - 12:01 AM
ITunes can be a problematic install on PCs, and as the library grows the performance of the ITunes program can diminish quite abit.
The CF logs you have posted appear to be cut-off I really need to get a FULL CF log from you, lets try running Combofix one more time and post the full log in your next response please. If you are having trouble copy/pasting just attach the log to your next post
#12
Posted 25 February 2012 - 07:07 AM
col
ComboFix 12-02-21.01 - Col 25/02/2012 8:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.584 [GMT 0:00]
Running from: c:\documents and settings\Col\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 07:57 . 2012-02-25 07:57 -------- d-----w- C:\32788R22FWJFW
2012-02-23 21:30 . 2012-02-23 21:30 -------- d-----w- c:\program files\Conduit
2012-02-15 17:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42 . 2012-02-09 23:42 -------- d-----w- c:\program files\iPod
2012-02-09 23:41 . 2012-02-09 23:43 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37 . 2011-08-02 17:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37 . 2011-08-02 17:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-04-25 05:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56 . 2011-09-11 09:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2008-04-25 05:06 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 05:04 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-04-06 12:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-05-07 08:34 . 2008-06-24 13:21 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-23_13.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 05:05 . 2012-02-23 13:24 72754 c:\windows\system32\perfc009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 72754 c:\windows\system32\perfc009.dat
+ 2008-04-25 05:05 . 2012-02-23 13:24 445044 c:\windows\system32\perfh009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 445044 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-3-25 163840]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-6-24 294912]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Col^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Col\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\gps\\pcgps.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/03/2011 18:04 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/07/2009 16:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/07/2009 16:10 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [25/03/2011 13:38 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{FDE565D6-CF69-43CB-A41C-2AB7CE4BE5F6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 08:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-02-25 08:21:22
ComboFix-quarantined-files.txt 2012-02-25 08:21
ComboFix2.txt 2012-02-24 17:13
ComboFix3.txt 2012-02-23 14:22
.
Pre-Run: 12,887,695,360 bytes free
Post-Run: 12,904,697,856 bytes free
.
- - End Of File - - 01107B87AB834B3E5627F74D4763D5B9
#13
Posted 25 February 2012 - 06:53 PM
Please download and install SUPERAntiSpyware Home Edition (free edition)
- Load SUPERAntiSpyware and click the Check for Updates button.
- Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
- Open SUPERAntiSpyware and click the Scan your Computer button.
- Check Perform Complete Scan and then click Next.
- SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
- Make sure that they all have a check next to them, and then click Next.
- Click Finish and you will be taken back to the main interface.
- It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
- I'll need a log afterwards of what has been found.
- To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
- Please post the results of the SUPERAntiSpyware log in your next reply.
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
#14
Posted 26 February 2012 - 04:21 PM
cheers
col
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/26/2012 at 03:30 PM
Application Version : 5.0.1144
Core Rules Database Version : 8279
Trace Rules Database Version: 6091
Scan type : Complete Scan
Total Scan Time : 00:38:37
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 34579
Registry threats detected : 0
File items scanned : 25843
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Col\Cookies\KXP6X88S.txt [ /accounts.google.com ]
#15
Posted 27 February 2012 - 08:00 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users