|
Answer» The following is appearing in my registry, I have know idea where it came from and I cant delete it.
HKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò
Please find my logfile if is of any assistance.
Logfile of HijackThis v1.99.1
Scan saved at 2:54:57 PM, on 24/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI TECHNOLOGIES\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ASUS\WLAN CARD Utilities\Center.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\OPTUSI~1\ANTI-S~1\fsaw.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gary & Sue\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://desktop.optusnet.com.au/dsl/favorites/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.optusnet.com.au/dsl/favorites/homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Optus Internet Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Optus Internet Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - Global Startup: Optus Internet Security Suite.lnk = C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\blockpopups.htm
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O23 - Service: ASWLSVC - Unknown OWNER - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Optus Internet Security Suite (BackWeb Plug-in - 5543390) - Singtel Optus - C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
A .DLL file appears to be disrupting the LSP chain on your computer. We need to get rid of it. - Please download LSPFix from here.
- Run the LSPFix.exe that you have just finished downloading.
- Check the I know what I'm doing box.
- In the Keep box you should see one or more instances of winsflt.dll.
- Select every instance of winsflt.dll and move each one to the Remove box by clicking the >> button.
- When you are done click Finish>>.
Other than that, your log looks pretty clean. However, you do have this...
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
It's related to RealTek. Technically, it's considered spyware, but it isn't malicious. You don't have to remove it, but if you wish, I can tell you how.
Once you have run LSPFix, update your anti-virus program. Then download SUPERAntiSpyware and update that. Reboot in Safe Mode and scan with each program, one at a time.
Then restart and update us on how things are running.
Also...are there any keys inside of that registry entry?Thanks so far for your help.
I have done all that you have outlined above and yes there are other keys in this problem I would like to get rid of.
HKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò\HViewer
HKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò\HViewer\Recent File ListHKEY_CURRENT_USER\Software\Ó¦ÓóÌÐòÏòµ¼Éú³ÉµÄ±¾µØÓ¦ÓóÌÐò\HViewer\Settings
Can you explain to me how to delete the above without having to re format again.
CheersOkay...I'm thinking two things. Either you have Hadith Viewer installed on your computer, or you have an infection (at this point, I suspect VX2). The strange characters make think the former might be a possibility, as Arabic wouldn't show up properly in the registry. Do you have Hadith Viewer installed on your computer? Check your Add/Remove Programs list (look for anything that might relate to the name HViewer). If it's there...did you install it? And if so, where did you download it from? I don't believe the program is malicious, but many sites hosting it are known for having risky downloads.
If you do NOT have Hadith Viewer installed, then follow these instructions...
Download CCleaner (install without Yahoo! toolbar) and configure it according to this guide. Run the Cleaner and Issues.
Download and install the latest version of Ad-Aware. If you have an older version, choose to uninstall it when prompted. After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run. Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Close Ad-Aware, if it is CURRENTLY open.
Download the VX2 Cleaner 2.0 Plug-in from Here- After installing, restart Ad-Aware before running the VX2 Cleaner.
- Using VX2 Cleaner 2.0
NOTE: If you have earlier attempted to run Ad-Aware to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains.
- If you have already attempted to remove VX2 with Ad-Aware, do the following:
- Before running the VX2 Cleaner, make sure other anti-virus or anti-spyware applications are closed.
- Run the VX2 Cleaner. If you computer is infected with VX2, a dialog box with text such as “New VX2 variant found” or “VX2 variant 1 found” will appear.
- Press "Clean" and a dialog box with text “The first phase completed. Please reboot and perform a Smart Scan" will appear. After saving your work, reboot your system manually.
- Repeat this until the VX2 Cleaner reports "System clean". Press "Close” to exit.
- Run Ad-Aware one more time and scan your computer to make sure VX2 has been found and removed.
Manually download Latest definition file: Here- Please Note Version SE Build 1.06 is now available! This download is for use with Ad-Aware SE versions only.
- Manual Installation: Unzip the archive, replace the existing file and restart Ad-Aware\Ad-Watch.
- You can also use the webupdate component implemented in Ad-Aware to install this update.
Go ahead and post back with an update on how things are running.Cheers Mate.
I will be offline for a few days and I will let you know how I get on.Alrighty, we'll leave the light on for you.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.
If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
|
