NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 12:21:43 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

HijackThis logfile.. Please help~


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: HijackThis logfile.. Please help~  (Read 1860 times)
griffon05
Newbie
*
Posts: 6


View Profile
« on: July 21, 2009, 11:30:15 AM »
My computer is getting slow and the CPU usage sometimes get quite high...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:59 PM, on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\downloads\HiJackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9773 bytes
Logged
Guest
Guest
« Reply #1 on: July 21, 2009, 11:31:26 AM »
Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1.   Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:

O13 - Gopher Prefix:

3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra ''Tools'' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ''Tools'' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

4. Now restart your system in Safe Mode. This step is very important!
5.   Use the Pocket KillBox utility to delete the following files:



The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Users\Owner\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\taskeng.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.


If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!
Logged
griffon05
Newbie
*
Posts: 6


View Profile
« Reply #2 on: July 21, 2009, 04:51:48 PM »
Thank you for your help, but I'm confused with step 5.
"Use the Pocket KillBox utility to delete the following files:"

Does this mean to delete those files that are marked as unknown? But then it says don't do anything with those files...
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #3 on: July 22, 2009, 02:47:15 AM »
Hello,

fix these entries with HijackThis:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

C:\Windows\system32\taskeng.exe
This is the task scheduler service under Windows Vista. However, some people find that this process uses 90% or more resources. That may explain your high CPU usage. To disable taskeng.exe process do the following:

Goto The Start -> Run (or shortcut -  Windows Logo + R)
Type in: services.msc
Look For: Task Scheduler
Open it up and change from automatic to Disabled (close the window)

Then
Goto The Start -> Run (Shortcut - Windows Logo + R)
Type: msconfig
Select Services tab
Look for and uncheck Task Scheduler
Reboot, and no more taskeng.exe to lag up computer

After that, download ComboFix from:

http://www.forospyware.com/sUBs/ComboFix.exe
Before save rename the file to Combo-Fix.exe

Run the program and follow the prompts and instructions. This program will fix found problems and generate a log file. Copy this log file and paste it here.

Finally, download Spyware Doctor and scan your PC one more time. Just to make sure that there are no malware or spyware on the system.

Spyware Doctor download:
http://www.2-spyware.com/review-spyware-doctor.html
Logged
griffon05
Newbie
*
Posts: 6


View Profile
« Reply #4 on: July 22, 2009, 10:18:24 AM »
Hi, thank you for the help, but I got some problem when following your instruction...

Goto The Start -> Run (or shortcut - Windows Logo + R)
Type in: services.msc
Look For: Task Scheduler
Open it up and change from automatic to Disabled (close the window)

In this step, when I open the services.msc and find Task Scheduler. I can find it and its Startup Type is Automatic. But all the selections and the buttons are uncheckable, so I can't change the Startup Type to disable...
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #5 on: July 23, 2009, 12:09:07 AM »
I assume that you don't have administrator rights. Vistax64 forum has a detailed tutorial how to Enable or Disable the Real Built-in Administrator Account in Vista:

http://www.vistax64.com/tutorials/67567-administrator-account.html

Please open the above link and use that guide. When you log on as administrator, you should be able to change Task Scheduler Start Up options. Don't forget to disable Administrator Account after you finish this step. Run your PC is normal mode again, it is much safer than administrator mode.

Good luck[/i]
Logged
griffon05
Newbie
*
Posts: 6


View Profile
« Reply #6 on: July 23, 2009, 09:48:26 AM »
thank you for the help, but all the options are still disable and unclickable even though I'm in the administrator mode.... :?:
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #7 on: July 23, 2009, 09:35:08 PM »
You are welcome  Smiley  OK, then just skip this step and download ComboFix from:

http://www.forospyware.com/sUBs/ComboFix.exe

Before saving rename the file to Combo-Fix.exe. Follow the prompts and scan your PC.

Then download Spyware Doctor:

http://www.2-spyware.com/review-spyware-doctor.html

Scan you computer with this program. If Spyware Doctor won't find any infections that means your PC is clean,  there are no malicious programs including various Trojans and worms. As I said before, your HijackThis log looks fine, so likely it's not a virus. However, you should also check for rootkit. Most of the time it's hard to detect it. There is a very good tool from Microsft called Rookit Revealer. Download it from here:

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Run this tool and save scan results. Then post scan results here, we will analyze them.
Logged
griffon05
Newbie
*
Posts: 6


View Profile
« Reply #8 on: July 25, 2009, 10:55:43 PM »
Hi, thank you very much for helping me...
I've successfully ran Spyware Doctor and got rid of all the problems that were detected by it. But when I run Rootkit Revealer, it first runs ok, but when I leave it scanning for like 2min, it logged me out of my laptop.

When I log in again, an "Interactive services dialog detection" error box pops up saying that "A program can't display a message on your desktop". In that box, it gives me 2 options to click on, "Show me the message" and "Remind me n a few minutes".

When I click on "Show me the message", it brings me back to Rootkit Revealer. But in there, instead of showing me the program, it acts like everything has been frozon, I can't see any part of the Rootkit Revealer program. And the only thing that I can click on is that "Interactive services dialog dtection box that allows me to click on and bring me back to my desktop...
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #9 on: July 27, 2009, 02:28:21 AM »
Sorry about Microsoft Rootkit Revealer, I forgot that It doesn't work on Vista properly. Just remove Microsoft Rootkit Revealer and downlaod GMER from:

http://www.gmer.net

This tool should run properly on your computer. It detects and removes found rootkits. Very useful tool. Information about how to use this tool is on the same website: http://www.gmer.net
Logged
griffon05
Newbie
*
Posts: 6


View Profile
« Reply #10 on: July 29, 2009, 09:01:23 AM »
Thank you, the following is the scan result from GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-29 10:56:27
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                         ZwCreateProcess [0x82D4B282]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                         ZwCreateProcessEx [0x82D4B474]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                         ZwTerminateProcess [0x82D4AF32]
SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                                         ZwCreateUserProcess [0x82D4B67C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 209                                                                                                        822BA94C 3 Bytes  [82, B2, D4]
.text           ntkrnlpa.exe!KeSetEvent + 20D                                                                                                        822BA950 3 Bytes  [74, B4, D4]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                        822BAD64 3 Bytes  [32, AF, D4]
.text           ntkrnlpa.exe!KeSetEvent + 6E5                                                                                                        822BAE28 3 Bytes  [7C, B6, D4]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[2860] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9                                                           7634B364 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text           C:\Windows\Explorer.EXE[2860] SHELL32.dll!ShellExecuteExW + 18B7                                                                     7637D9EC 4 Bytes  [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                [73FD7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                 [7402A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                             [73FDBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                       [73FCF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                 [73FD75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                              [73FCE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                  [74008395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                     [73FDDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                             [73FCFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                              [73FCFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                               [73FC71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                       [7405CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                          [73FFC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                             [73FCD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                       [73FC6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                      [73FC687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                         [73FD2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                          [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                              [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                        [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2860] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                          [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]            [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]              [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]              [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]  [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cf05310                                                          
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cf05310                                                              
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion@??T\x80                                                                               512
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion@???eQ\0\0                                                                             512
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion@\20?n                                                                                 512
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion@\26Y\1x                                                                               512
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion@IQ\ah??\0                                                                             512
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@??T\x80                                                                              1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@???eQ\0\0                                                                            1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@\20?n                                                                                1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1x                                                                              1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@                                                                                     0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ah??\0                                                                            1

---- Files - GMER 1.0.15 ----

File            C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDG5CTF3\videoByTag[11].xml                      0 bytes
File            C:\Windows\Temp\c0c5cf12-10f1-4d8c-ab4c-598fc8be6a6c.tmp                                                                             0 bytes
File            C:\Windows\Temp\bc6b0cd2-70f1-4fbe-87db-0589e354f4ee.tmp                                                                             0 bytes

---- EOF - GMER 1.0.15 ----
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #11 on: July 30, 2009, 03:49:13 AM »
GMER displays rootkits in red color, like in this picture:
http://www2.gmer.net/gmer.jpg

I assume, you didn't see any line in red during the scan, did you?

And the log looks good too. You PC should run faster now.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.