Solve : what in the world is this???

1.	Solve : what in the world is this???
Answer» i had a file like this before but theres another on my computer before but when i removed a trojan called oxo.exe it seemed to go away well a file like this is back and it keeps popping up to allow or block for my firewall (comodo) i dont think i ever installed anything like this before either the file name is HDVIDEOCODEC_VER1.50065006500-3652CD4E.pf (i searched for the file) located in c:/windows/prefetch what is this thing?? is it bad?? before the file name was just like this but it was much shorter (less #s and stuff)Download ATF Cleaner by Atribune and save it to your Desktop. Alternate Download link Windows Vista users: ATF-Cleaner must be Run as an Administrator Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin The rest are optional - if you want it to remove everything check Select All Now click Empty Selected When you get the Done Cleaning message, click OK Firefox users click Firefox on the menu bar Click on Select All, then click Empty Note: If you want to keep your saved Passwords click No on the prompt. Opera users click Opera on the menu bar Click on Select All, then click Empty Note: If you want to keep your saved Passwords click No on the prompt Important: Restart the computer before continuing. Note that your system will run slower for a reboot or two after having used this tool so don't panic ---------- Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report** in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.AHHH i think its growing!! it asked me to block/allow HDVideoCodec_ver1.500650065006500650065 0065006500650065006.0 ill get back to on those thingsThen you need to do the malware removal guide. working on itI have the same thing! I got it when I was at computeruler's house last weekend. I think something is getting through his internet. Just a thought...kasperskey found nothingThat's hard to believe for some reason. No log? Are you working on the malware removal steps?the hjt maleware antimaleware bytes and that stuff??? ok ill do itJust the MALWAREBYTES and HJT will be OK.ok well i ran super anyways that found nothing heres hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:21 PM, on 10/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running PROCESSES: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\GIGABYTE\ET6\GUI.exe C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\[email protected]\[email protected]\[email protected] C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kevin\Application Data\[email protected]\FahCore_82.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Kevin\Desktop\CoreTemp\Core Temp.exe C:\Program Files\GameTap\bin\Release\gametap.exe X:\Program Files\Eidos\Just Cause\JustCause.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd i see that i have that stupid veiwpoint again and mbam aready found something but thats still goingI need HJT after MBAM. Doesn't do any GOOD to run it before. ooo ok almost done with mbam remove the things it finds rightYes and post the log. I need to see what all I might be looking for in the others logs we "might" need.heres the mbam Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 3 10/3/2008 10:26:29 PM mbam-log-2008-10-03 (22-26-29).txt Scan type: Full Scan (C:\\|) Objects scanned: 123947 Time elapsed: 30 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{212BC3FE-765D-40F4-AF58-C5B19958BAAD}\RP44\A0012479.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. and heres the new hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:37:32 PM, on 10/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\GIGABYTE\ET6\GUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\[email protected]\[email protected]\[email protected] C:\Documents and Settings\Kevin\Application Data\[email protected]\FahCore_82.exe C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US EE://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Startup: [email protected] = ? O4 - Startup: GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7706 bytes

Answer»

i had a file like this before but theres another on my computer before but when i removed a trojan called oxo.exe it seemed to go away well a file like this is back and it keeps popping up to allow or block for my firewall (comodo) i dont think i ever installed anything like this before either the file name is HDVIDEOCODEC_VER1.50065006500-3652CD4E.pf (i searched for the file) located in c:/windows/prefetch
what is this thing?? is it bad?? before the file name was just like this but it was much shorter (less #s and stuff)Download ATF Cleaner by Atribune and save it to your Desktop.
Alternate Download link

Windows Vista users: ATF-Cleaner must be Run as an Administrator

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check Select All
Now click Empty Selected
When you get the Done Cleaning message, click OK

Firefox users click Firefox on the menu bar

Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt.

Opera users click Opera on the menu bar

Click on Select All, then click Empty
Note: If you want to keep your saved Passwords click No on the prompt

Important: Restart the computer before continuing.

Note that your system will run slower for a reboot or two after having used this tool so don't panic

----------

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the ZOOM tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.AHHH i think its growing!! it asked me to block/allow HDVideoCodec_ver1.500650065006500650065 0065006500650065006.0 ill get back to on those thingsThen you need to do the malware removal guide. working on itI have the same thing! I got it when I was at computeruler's house last weekend. I think something is getting through his internet. Just a thought...kasperskey found nothingThat's hard to believe for some reason. No log?

Are you working on the malware removal steps?the hjt maleware antimaleware bytes and that stuff??? ok ill do itJust the MALWAREBYTES and HJT will be OK.ok well i ran super anyways that found nothing
heres hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:21 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running PROCESSES:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\[email protected]\[email protected]\[email protected]
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kevin\Application Data\[email protected]\FahCore_82.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Kevin\Desktop\CoreTemp\Core Temp.exe
C:\Program Files\GameTap\bin\Release\gametap.exe
X:\Program Files\Eidos\Just Cause\JustCause.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd

i see that i have that stupid veiwpoint again and mbam aready found something but thats still goingI need HJT after MBAM. Doesn't do any GOOD to run it before. ooo ok almost done with mbam remove the things it finds rightYes and post the log. I need to see what all I might be looking for in the others logs we "might" need.heres the mbam

Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 3

10/3/2008 10:26:29 PM
mbam-log-2008-10-03 (22-26-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123947
Time elapsed: 30 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{212BC3FE-765D-40F4-AF58-C5B19958BAAD}\RP44\A0012479.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

and heres the new hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:32 PM, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\[email protected]\[email protected]\[email protected]
C:\Documents and Settings\Kevin\Application Data\[email protected]\FahCore_82.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US EE://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: [email protected] = ?
O4 - Startup: GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} (InstallerCtrl Class) - http://c03.tellmemorecampus.com/bin/tol7inst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7706 bytes

Solve : what in the world is this???

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment