Help Me Touch - Free Antivirus Forum

Help Me Touch

BullGuard Antivirus Forum > General Security > Spyware > Help Me Touch

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-13-2008 1:17 (GMT +1)

Touch and Others,

I have read on several posts here that I should download HiJack This, scan, and post the results. I have done just that and will post them below. I wanted to also let you know about my computer. I have Trend Micro which has a program running called PcScnSrv.exe. According to their site, this program should not be running and is in conflict with SpyBot Search and Destroy. I don't have this program on my comptur but did have it months ago. Following their advice, I downloaded the program again and clicked "undo" like they suggested, then went into C:programs/trendmicro and deleted the file they said. It is still there, still running, and still using a lot of CPU. Always 30,000k or more. I would like to get that sorted out but one step at a time.

I have a Dell Inspiron E1505 Duo Core 1.83ghz with 2gig DDR2 667 ram, 80gig HD 7200rpm. I am using an official Windows XP SP2 copy. My computer isn't the fastest out there but it is no slouch either. The way it is running I sometimes want to throw it out the window. IE 7 locks up freaquently with multiple windows open. (Trend Micro might be causing that too. Apparently their new version has some flaws and doesn't run smoothly with IE 7)

Hopefully you are able to help me out. It may all go back to Trend Micro. I look forward to hearing your opinion/opinions.

Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-13-2008 1:18 (GMT +1)

Logfile of HijackThis v1.99.1
Scan saved at 7:58:11 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mail.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SecureTunnel] C:\Program Files\SecureTunnel\SecureTunnel.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171029807734
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42E4C759-36B3-4AE6-8B78-97ADCCCDA0D4}: NameServer = 202.102.15.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{D441CFBB-CE7C-4906-BCB2-0E4EC01E85F5}: NameServer = 61.177.7.1 221.228.255.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-13-2008 1:27 (GMT +1)

Sorry for the multiple posts. IE locked up again. Didn't know they went through.

Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 1-13-2008 3:26 (GMT +1)

Hello

For a start - I know nothing about Trend Micro, I therefore can´t help You there ;-)

See if this help on the IE 7 locks up

Download and install: http://www.filehippo.com/download_ccleaner/
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup

1. Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".

2. A pop up box will appear advising this process will permanently delete files from your system.

3. Then select the items you wish to clean up.

In the Windows Tab:

Clean all entries in the "Internet Explorer".

Clean all the entries in the "Windows Explorer" section.

Clean all entries in the "System" section.

Clean all entries in the "Advanced" section.

Clean any others that you choose.

In the Applications Tab:

Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.

Clean all in the Opera section if you use it.

Clean Sun Java in the Internet Section.

Clean any others that you choose.

4. Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-13-2008 3:52 (GMT +1)

Thanks Touch! I downloaded CCleaner and did as directed. I will let you know if this helps. Looking at the results from my HiJack This scan, what can you tell me?

Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 1-13-2008 5:53 (GMT +1)

The log looks clean. Right, please let Me know how things are running

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-13-2008 6:08 (GMT +1)

Touch, with 3 IE windows open and 1 Firefox window open and skype running as well, I am currently using 50% of my CPU and 40% of my ram. Remember is it a duo core 1.83ghz with 2gig of ram. Still seems high to me as half my computer is being used and I am doing nothing basically. But it IS running a little bit faster.

Trend Micro is a great virus software program. Since having it I have had nothing make it into my computer. But it sure does use up a lot of CPU. It will be nice when they have the patch for thier problems on their new version.

Hey, thanks again for your help. Your a good man.
Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13599

Posted 1-13-2008 6:38 (GMT +1)

"50% of my CPU and 40% of my ram" sounds a bit overwhelming. I´ll therefore suggest We check for possible infections -

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

and save to the desktop.

Close all other browser windows.

Important-> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /killall

When finished, it will produce a logfile located at C:\ComboFix.txt.

Post the contents of that log in your next reply.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-15-2008 3:35 (GMT +1)

Touch,

First I wanted to say that your instructions are clear and understable even for a novice like me. Thanks

Here are the results from the scan. I had been away on a business trip which is why I just got around to it.

ComboFix 08-01-15.4 - Brian 2008-01-15 22:18:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1544 [GMT 8:00]
Running from: C:\Documents and Settings\Brian\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-15 22:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 19:27 . 2008-01-15 21:47 <DIR> d-------- C:\Program Files\Automatic Windows Internet Washer
2008-01-14 19:27 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-01-14 19:27 . 2004-03-08 18:00 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx
2008-01-14 19:27 . 2001-03-13 14:49 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-01-14 19:27 . 2000-05-22 00:00 83,144 --------- C:\WINDOWS\system32\PicClp32.ocx
2008-01-13 22:44 . 2008-01-13 22:44 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 15:12 . 2008-01-13 15:12 <DIR> d-------- C:\Program Files\Uniblue
2008-01-13 15:00 . 2008-01-13 23:28 <DIR> d-------- C:\HJT
2008-01-12 22:28 . 2008-01-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 22:42 . 2007-12-26 22:42 <DIR> d-------- C:\Program Files\LizardTech
2007-12-25 23:01 . 2007-12-25 23:01 <DIR> d-------- C:\Program Files\ClocX
2007-12-23 18:13 . 2007-12-23 18:13 <DIR> d-------- C:\Program Files\UltraMon
2007-12-23 18:13 . 2007-12-23 18:13 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2007-12-23 18:13 . 2007-12-23 18:13 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\Realtime Soft
2007-12-23 18:13 . 2007-12-23 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-12-23 13:36 . 2007-12-23 14:28 <DIR> d-------- C:\Documents and Settings\Brian\Application Data\DisplayTune
2007-12-23 13:32 . 2004-08-04 01:56 1,392,671 --------- C:\WINDOWS\msvbvm60.dll
2007-12-23 13:32 . 2002-01-05 04:40 487,424 --a------ C:\WINDOWS\msvcp70.dll
2007-12-23 13:32 . 2002-01-05 04:37 344,064 --a------ C:\WINDOWS\msvcr70.dll
2007-12-22 19:21 . 2007-12-26 21:02 <DIR> d-------- C:\Program Files\Soulseek
2007-12-21 21:42 . 2007-12-21 21:42 <DIR> d-------- C:\Program Files\PicUploader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 14:17 --------- d-----w C:\Documents and Settings\Brian\Application Data\Azureus
2008-01-15 14:03 --------- d-----w C:\Program Files\IrfanView
2008-01-15 14:01 --------- d-----w C:\Program Files\SecureTunnel
2008-01-15 07:30 --------- d-----w C:\Documents and Settings\Brian\Application Data\Skype
2008-01-13 08:10 --------- d-----w C:\Program Files\BC-800
2008-01-13 07:12 --------- d-----w C:\Documents and Settings\Brian\Application Data\Uniblue
2008-01-12 13:25 --------- d-----w C:\Documents and Settings\Brian\Application Data\wsInspector
2008-01-10 15:56 --------- d-----w C:\Documents and Settings\Brian\Application Data\dvdcss
2008-01-10 08:56 --------- d-----w C:\Documents and Settings\Brian\Application Data\Canon
2007-12-23 06:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 16:53 9,237,432 ----a-w C:\Program Files\BearShareV6.exe
2007-12-02 16:04 --------- d-----w C:\Program Files\LimeWire
2007-11-24 12:51 --------- d-----w C:\Program Files\EA Games
2007-11-19 05:08 --------- d-----w C:\Documents and Settings\Brian\Application Data\AdobeUM
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 05:33 24,974 ----a-w C:\WINDOWS\twain_16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2007-05-23 21:06 1327104]
"ParetoLogic Anti-Spyware"="C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-08-01 13:56 2643312]
"ClocX"="C:\Program Files\ClocX\ClocX.exe" [2004-04-13 22:12 103936]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 14:26 3429904]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 18:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 18:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 18:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 18:00 455168]
"SecureTunnel"="C:\Program Files\SecureTunnel\SecureTunnel.exe" [2007-06-14 04:07 856064]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"Automatic Windows & Internet Washer - 1.0"="C:\Program Files\Automatic Windows Internet Washer\Washer.exe" [2006-07-10 10:34 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 18:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll [2007-08-02 04:50 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-776561741-1275210071-682003330-1004\Scripts\Logoff\[u]0[/u]\[u]0[/u]]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S3 AR5523;TP-LINK TL-WN620G 11G Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-01-16 11:45]
S3 ZSMC303;ANC USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2005-08-31 13:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 19:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-01-09 10:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-08 10:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-01-14 20:00:00 C:\WINDOWS\Tasks\ParetoLogic Anti-Spyware.job"
- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.ex
- C:\Program Files\ParetoLogic\Anti-Spyware\
"2008-01-14 16:33:03 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\Pareto_Update.exe
"2008-01-13 08:06:35 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-13 07:12:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:22:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\AlienGUIse\AlienwareDock\DockShellHookOEM.dll
.
Completion time: 2008-01-15 22:24:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 14:24:07
.
2008-01-09 17:09:21 --- E O F ---

I noticed this scan found a lot of programs that I had downloaded on my computer only to find out they were pay programs or something I didnt want and I ended up deleting them. If you need further information about this scan and what is currently on the computer and what isn't, let me know. I read it best I could be it looks like French to me.

Thanks

Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

The Man
New Member

Date Joined Jan 2008
Total Posts : 7

Posted 1-16-2008 5:21 (GMT +1)

Touch,

I think I might have found the problem. I downloaded a program called SpeedUpMyPC 3. In the window of this program, I was able to see the CPU usage of every program that was running and at what percent. I noticed TrendMicro was running non stop. And I noticed that TracksEraser Pro was taking about 50% of my CPU. I removed TracksEraser and the CPU dropped to 10% or less. It is my belief that TracksEraser was causing my security software to run non stop.

I will contact TrendMicro and report my observation to them. I have moved on to using Automatic Windows Washer though the program you suggested, CCleaner, seems to be very good.

If you have time, I would still like for you to look over the last scan results closely and tell me if you see anything unusual. Thanks again.

Brian

Knowing in part may make a fine tale, but wisdom comes from seeing the whole. Choose your friends wisely!

Forum Information

Currently it is Thursday, November 20, 2008 10:58 PM (GMT +1)
There are a total of 63.948 posts in 15.824 threads.
In the last 3 days there were 34 new threads and 164 reply posts. View Active Threads