WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
my net book is acting strange all of a sudden [Solved]
Started by
colinvansmith
, Feb 21 2012 03:56 AM
-
This topic is locked
17 replies to this topic
#1
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 21 February 2012 - 03:56 AM
Register to Remove
#2
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 21 February 2012 - 03:29 PM
Hello colinvansmith
I'm Mithros, I'll be glad to help you with your computer problems.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts before I post them. This is to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my very best to keep it as short as possible.
Please read the following guidelines which will help to make cleaning your machine easier:
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
I'm Mithros, I'll be glad to help you with your computer problems.
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts before I post them. This is to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my very best to keep it as short as possible.
Please read the following guidelines which will help to make cleaning your machine easier:
- Malware logs are often lengthy and can take alot of time to research and interpret. Please be patient while I review your logs.
- The fixes I will give you are specific to your problem and should only be used for this issue on this machine.
- Please make sure to carefully read any instructions posted. If you're not sure, please stop and ask!
- Please stay with this thread until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that all malware is gone.
- PLEASE DO NOT install/uninstall any programs unless asked to.
- PLEASE DO NOT run any malware scans other than those requested.
- Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
- I will reply back shortly with instructions
- Note to Vista and Windows 7 users:
- These tools MUST be run from the executable. (.exe) every time you run them
- These tools MUST be run With Admin Rights (Right click, choose "Run as Administrator")
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
#3
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 21 February 2012 - 04:08 PM
No worries
#4
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 21 February 2012 - 07:56 PM
Hello colinvansmith,
Please download DDS by sUBs from one of the following links and save it to your desktop.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
◦Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
◦You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
Please download DDS by sUBs from one of the following links and save it to your desktop.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- Post the contents of the DDS.txt report in your next reply
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Double click aswMBR.exe to start the tool.
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
◦Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
◦You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
#5
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 22 February 2012 - 02:27 AM
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Col at 8:22:43 on 2012-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.470 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {c3d3840c-12ea-4461-a61d-190555fecc82} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\col\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Search - http://tbedits.guffi...mp;n=2010112909
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46776D37-F404-428D-A7F2-92341A4361B3} : DhcpNameServer = 192.168.0.1
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-2 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 42184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2011-3-25 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
.
=============== Created Last 30 ================
.
2012-02-15 17:16:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42:01 -------- d-----w- c:\program files\iPod
2012-02-09 23:41:52 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37:27 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37:27 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-05-07 08:34:00 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
============= FINISH: 8:24:20.00 ===============
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Col at 8:22:43 on 2012-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.470 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {c3d3840c-12ea-4461-a61d-190555fecc82} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\col\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Search - http://tbedits.guffi...mp;n=2010112909
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46776D37-F404-428D-A7F2-92341A4361B3} : DhcpNameServer = 192.168.0.1
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-2 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-2 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 42184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2011-3-25 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
.
=============== Created Last 30 ================
.
2012-02-15 17:16:17 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16:17 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42:01 -------- d-----w- c:\program files\iPod
2012-02-09 23:41:52 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37:27 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37:27 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-05-07 08:34:00 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
============= FINISH: 8:24:20.00 ===============
Attached Files
-
attach.zip 3.79KB
187 downloads
#6
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 22 February 2012 - 02:41 AM
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 08:29:54
-----------------------------
08:29:54.453 OS Version: Windows 5.1.2600 Service Pack 3
08:29:54.453 Number of processors: 1 586 0xD08
08:29:54.453 ComputerName: YOUR-Q4LIADEMZD UserName: Col
08:29:54.718 Initialize success
08:29:54.859 AVAST engine defs: 12022101
08:30:59.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:30:59.796 Disk 0 Vendor: ST980811AS 3.ALC Size: 76319MB BusType: 3
08:30:59.796 Disk 0 MBR read successfully
08:30:59.796 Disk 0 MBR scan
08:30:59.796 Disk 0 unknown MBR code
08:30:59.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
08:30:59.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 35322 MB offset 83891430
08:30:59.890 Disk 0 Partition 3 00 EF EFI FAT XPRCD 31 MB offset 156232125
08:30:59.890 Disk 0 scanning sectors +156296385
08:30:59.921 Disk 0 scanning C:\WINDOWS\system32\drivers
08:31:07.609 Service scanning
08:31:21.046 Modules scanning
08:31:26.671 Disk 0 trace - called modules:
08:31:27.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
08:31:27.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7eab8]
08:31:27.234 3 CLASSPNP.SYS[f7588fd7] -> nt!IofCallDriver -> \Device\00000069[0x86d849e8]
08:31:27.234 5 ACPI.sys[f741f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d70940]
08:31:27.562 AVAST engine scan C:\WINDOWS
08:31:32.328 AVAST engine scan C:\WINDOWS\system32
08:33:27.703 AVAST engine scan C:\WINDOWS\system32\drivers
08:33:41.093 AVAST engine scan C:\Documents and Settings\Col
08:36:56.781 AVAST engine scan C:\Documents and Settings\All Users
08:37:50.531 Scan finished successfully
08:38:56.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Col\Desktop\MBR.dat"
08:38:56.906 The log file has been saved successfully to "C:\Documents and Settings\Col\Desktop\aswMBR.txt"
Attached Files
-
attach.zip 3.79KB
178 downloads
#7
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 22 February 2012 - 11:28 PM
Hello colinvansmith,
P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
It looks like you still have the remnants of your old antivirus AVG on the computer, please go to AVG Remover and download the 32 bit AVG removal tool to your desktop. Double click the AVG icon and follow the on screen instructions, this may restart you computer, let it run to completion.
NEXT Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
====================================================
Double click on ComboFix.exe & follow the prompts.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Finally let me know how your computer is running please
P2P - I see you have P2P software BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs.
It looks like you still have the remnants of your old antivirus AVG on the computer, please go to AVG Remover and download the 32 bit AVG removal tool to your desktop. Double click the AVG icon and follow the on screen instructions, this may restart you computer, let it run to completion.
NEXT Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
====================================================
Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Finally let me know how your computer is running please
#8
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 23 February 2012 - 08:28 AM
i deleted my torrent prgram and ran the avg remover however when i ran combofix it said that avg was still active but did i want to run it anyway so i did. Below is the log for combo fix. I have also tried attached the log from avg remover but it won't allow me
Combofix log below
ComboFix 12-02-21.01 - Col 23/02/2012 14:01:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.612 [GMT 0:00]
Running from: c:\documents and settings\Col\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-15 17:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42 . 2012-02-09 23:42 -------- d-----w- c:\program files\iPod
2012-02-09 23:41 . 2012-02-09 23:43 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37 . 2011-08-02 17:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37 . 2011-08-02 17:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-04-25 05:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56 . 2011-09-11 09:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2008-04-25 05:06 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 05:04 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-04-06 12:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-25 05:06 293376 ----a-w- c:\windows\system32\winsrv.dll
2008-05-07 08:34 . 2008-06-24 13:21 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-23_13.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 05:05 . 2012-02-23 13:24 72754 c:\windows\system32\perfc009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 72754 c:\windows\system32\perfc009.dat
+ 2008-04-25 05:05 . 2012-02-23 13:24 445044 c:\windows\system32\perfh009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 445044 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Col\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-3-25 163840]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-6-24 294912]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\gps\\pcgps.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/03/2011 18:04 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/07/2009 16:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/07/2009 16:10 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [25/03/2011 13:38 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
#9
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 23 February 2012 - 10:05 PM
Hello colinvansmith,
First lets get rid of that AVG remnant with a CF script
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Then I would like to stop a few programs from starting up every time your computer boots, please click the start button in lower left corner of your Windows desktop, go to run and type in msconfig in the run window. This will bring up the System configuration Utility, across the top you will see a tab that says startup, please select and scroll down list of programs starting at boot. Please UNCHECK anything that says, iTunes, HOTSYNC, iPodService, AppleMobileDeviceService, then select OK and when prompted select exit without restart. This does not remove any programs it only prevent them from starting every time the computer boots.
Are you currently using Express Talk on your computer or has this been uninstalled ?
It looks like you have run Combofix 3 times can you please post the full logs from those runs, they should be located on the root of your boot drive, typically C:Combofix.txt
Finally I see you have Safari installed on your computer this may or may not have come with an ITunes installation, Safari is a great browser but can be a real resource hog on PCs. If you are not using it I would suggest deleting the program by using the ADD/Remove programs option in the control panel
Please let me know how your computer is running
First lets get rid of that AVG remnant with a CF script
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
SecCenter::
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Then I would like to stop a few programs from starting up every time your computer boots, please click the start button in lower left corner of your Windows desktop, go to run and type in msconfig in the run window. This will bring up the System configuration Utility, across the top you will see a tab that says startup, please select and scroll down list of programs starting at boot. Please UNCHECK anything that says, iTunes, HOTSYNC, iPodService, AppleMobileDeviceService, then select OK and when prompted select exit without restart. This does not remove any programs it only prevent them from starting every time the computer boots.
Are you currently using Express Talk on your computer or has this been uninstalled ?
It looks like you have run Combofix 3 times can you please post the full logs from those runs, they should be located on the root of your boot drive, typically C:Combofix.txt
Finally I see you have Safari installed on your computer this may or may not have come with an ITunes installation, Safari is a great browser but can be a real resource hog on PCs. If you are not using it I would suggest deleting the program by using the ADD/Remove programs option in the control panel
Please let me know how your computer is running
#10
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 24 February 2012 - 11:29 AM
Hi
i have follwed the steps you suggested the log is below. i ran the combofix program three times as the first time i disabled my antivirus for ten minutes, but it came back on before combofix had finished, the second time i disabled avast for an hour byt again it came back on before combofix was finished i don't have the logs because i deleted them so i wouldnt get them mixed up with the third time, i have also removed safari, and stopped the programs running on start up you suggested my computer seems to be the same. sometimes when i try and open a program for example itunes it takes ages i forgot to mention this in my original post, sorry
ComboFix 12-02-21.01 - Col 24/02/2012 16:53:12.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.638 [GMT 0:00]
Running from: c:\documents and settings\Col\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Col\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-23 21:30 . 2012-02-23 21:30 -------- d-----w- c:\program files\Conduit
2012-02-15 17:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42 . 2012-02-09 23:42 -------- d-----w- c:\program files\iPod
2012-02-09 23:41 . 2012-02-09 23:43 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37 . 2011-08-02 17:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37 . 2011-08-02 17:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-04-25 05:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56 . 2011-09-11 09:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2008-04-25 05:06 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 05:04 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-04-06 12:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-05-07 08:34 . 2008-06-24 13:21 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-23_13.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 05:05 . 2012-02-23 13:24 72754 c:\windows\system32\perfc009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 72754 c:\windows\system32\perfc009.dat
+ 2008-04-25 05:05 . 2012-02-23 13:24 445044 c:\windows\system32\perfh009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 445044 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Col\Start Menu\Programs\Startup\
Register to Remove
#11
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 25 February 2012 - 12:01 AM
Hey colinvansmith,
ITunes can be a problematic install on PCs, and as the library grows the performance of the ITunes program can diminish quite abit.
The CF logs you have posted appear to be cut-off I really need to get a FULL CF log from you, lets try running Combofix one more time and post the full log in your next response please. If you are having trouble copy/pasting just attach the log to your next post
ITunes can be a problematic install on PCs, and as the library grows the performance of the ITunes program can diminish quite abit.
The CF logs you have posted appear to be cut-off I really need to get a FULL CF log from you, lets try running Combofix one more time and post the full log in your next response please. If you are having trouble copy/pasting just attach the log to your next post
#12
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 25 February 2012 - 07:07 AM
Hi i noticed my computer seems to be running a bit faster now i ran combofix again the log is below.
col
ComboFix 12-02-21.01 - Col 25/02/2012 8:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.584 [GMT 0:00]
Running from: c:\documents and settings\Col\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 07:57 . 2012-02-25 07:57 -------- d-----w- C:\32788R22FWJFW
2012-02-23 21:30 . 2012-02-23 21:30 -------- d-----w- c:\program files\Conduit
2012-02-15 17:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42 . 2012-02-09 23:42 -------- d-----w- c:\program files\iPod
2012-02-09 23:41 . 2012-02-09 23:43 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37 . 2011-08-02 17:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37 . 2011-08-02 17:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-04-25 05:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56 . 2011-09-11 09:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2008-04-25 05:06 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 05:04 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-04-06 12:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-05-07 08:34 . 2008-06-24 13:21 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-23_13.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 05:05 . 2012-02-23 13:24 72754 c:\windows\system32\perfc009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 72754 c:\windows\system32\perfc009.dat
+ 2008-04-25 05:05 . 2012-02-23 13:24 445044 c:\windows\system32\perfh009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 445044 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-3-25 163840]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-6-24 294912]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Col^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Col\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\gps\\pcgps.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/03/2011 18:04 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/07/2009 16:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/07/2009 16:10 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [25/03/2011 13:38 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{FDE565D6-CF69-43CB-A41C-2AB7CE4BE5F6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 08:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-02-25 08:21:22
ComboFix-quarantined-files.txt 2012-02-25 08:21
ComboFix2.txt 2012-02-24 17:13
ComboFix3.txt 2012-02-23 14:22
.
Pre-Run: 12,887,695,360 bytes free
Post-Run: 12,904,697,856 bytes free
.
- - End Of File - - 01107B87AB834B3E5627F74D4763D5B9
col
ComboFix 12-02-21.01 - Col 25/02/2012 8:00.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.584 [GMT 0:00]
Running from: c:\documents and settings\Col\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 07:57 . 2012-02-25 07:57 -------- d-----w- C:\32788R22FWJFW
2012-02-23 21:30 . 2012-02-23 21:30 -------- d-----w- c:\program files\Conduit
2012-02-15 17:16 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 17:16 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 23:42 . 2012-02-09 23:42 -------- d-----w- c:\program files\iPod
2012-02-09 23:41 . 2012-02-09 23:43 -------- d-----w- c:\program files\iTunes
2012-02-09 23:37 . 2011-08-02 17:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-09 23:37 . 2011-08-02 17:38 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2008-04-25 05:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-26 20:56 . 2011-09-11 09:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2008-04-25 05:06 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-25 05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-25 05:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-25 05:04 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 15:24 . 2011-04-06 12:23 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-05-07 08:34 . 2008-06-24 13:21 15523560 -c--a-w- c:\program files\U1 Setup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-23_13.20.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 05:05 . 2012-02-23 13:24 72754 c:\windows\system32\perfc009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 72754 c:\windows\system32\perfc009.dat
+ 2008-04-25 05:05 . 2012-02-23 13:24 445044 c:\windows\system32\perfh009.dat
- 2008-04-25 05:05 . 2012-02-23 12:29 445044 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-3-25 163840]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-6-24 294912]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Col^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Col\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\gps\\pcgps.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/03/2011 18:04 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02/07/2009 16:10 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/07/2009 16:10 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [25/03/2011 13:38 101520]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/12/2010 23:16 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 23:15]
.
2012-02-25 c:\windows\Tasks\User_Feed_Synchronization-{FDE565D6-CF69-43CB-A41C-2AB7CE4BE5F6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 08:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-02-25 08:21:22
ComboFix-quarantined-files.txt 2012-02-25 08:21
ComboFix2.txt 2012-02-24 17:13
ComboFix3.txt 2012-02-23 14:22
.
Pre-Run: 12,887,695,360 bytes free
Post-Run: 12,904,697,856 bytes free
.
- - End Of File - - 01107B87AB834B3E5627F74D4763D5B9
#13
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 25 February 2012 - 06:53 PM
Hey colinvansmith,
Please download and install SUPERAntiSpyware Home Edition (free edition)
Please download and install SUPERAntiSpyware Home Edition (free edition)
- Load SUPERAntiSpyware and click the Check for Updates button.
- Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
- Open SUPERAntiSpyware and click the Scan your Computer button.
- Check Perform Complete Scan and then click Next.
- SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
- Make sure that they all have a check next to them, and then click Next.
- Click Finish and you will be taken back to the main interface.
- It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
- I'll need a log afterwards of what has been found.
- To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
- Please post the results of the SUPERAntiSpyware log in your next reply.
- Place a check mark in the box YES, I accept the Terms Of Use
- Click the Start button.
- Now click the Install button.
- Click Start. The scanner engine will initialize and update.
- Do Not place a check mark in the box beside Remove found threats.
- Click the Scan button. The scan will now run, please be patient.
- When the scan finishes click the Details tab.
- Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
#14
colinvansmith
-
- Authentic Member
-
- 67 posts
Authentic Member
Posted 26 February 2012 - 04:21 PM
The second scanner did give me any option to save a log. I have posted the results from the super antispyware below
cheers
col
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/26/2012 at 03:30 PM
Application Version : 5.0.1144
Core Rules Database Version : 8279
Trace Rules Database Version: 6091
Scan type : Complete Scan
Total Scan Time : 00:38:37
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 34579
Registry threats detected : 0
File items scanned : 25843
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Col\Cookies\KXP6X88S.txt [ /accounts.google.com ]
cheers
col
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/26/2012 at 03:30 PM
Application Version : 5.0.1144
Core Rules Database Version : 8279
Trace Rules Database Version: 6091
Scan type : Complete Scan
Total Scan Time : 00:38:37
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 34579
Registry threats detected : 0
File items scanned : 25843
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Col\Cookies\KXP6X88S.txt [ /accounts.google.com ]
#15
Mithros
-
- Authentic Member
-
- 500 posts
Advanced Member
Posted 27 February 2012 - 08:00 PM
Hey colinvansmith,
Could you please check the log that was created by ESET at this location C:\Program Files\ESET\log.txt. If there was no threats found then dont bother posting.
Next are there any other issues with computer, if not I will be posting some instructions for clean-up and security optimization in my next post
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
