Steps for my logs
- Thread starter mega2000x
- Start date
- Status
SWIFTDOG Problem
First, I wan't to thank everyone in this forum for their work for making me know of this way to remove harmful threads,I also had SWIFTDOG problem recently and I have found your posts in this forum very helpful,so, I decided to follow these steps and I hope to solve the problem.second,I did not perform a full scan the last time,so, I found new infected objects and posted new logs.
Finally, sorry for my bad English
First, I wan't to thank everyone in this forum for their work for making me know of this way to remove harmful threads,I also had SWIFTDOG problem recently and I have found your posts in this forum very helpful,so, I decided to follow these steps and I hope to solve the problem.second,I did not perform a full scan the last time,so, I found new infected objects and posted new logs.
Finally, sorry for my bad English
Hi,
No infection in the Hijackthis report !
Malwarebytes didn't suppress any infection (-> No action taken.)
• For this, go in [Quarantine] and select [Delete All]
(When a scan is finish, select >>>>> [Remove Selection])
Optimization
All of these following proposal lines to fix, are for improve the performance of your PC.
The lines 04- are processus who start automatically when the Pc start.
Some of these processus aren't necessary to start like that.
And somes other ones, can have a shortcut on desktop, to be use by double-click when the user need it.
Open HijackThis
• Select [Do a system scan only],
• Put a hook in front of each following lines,
• And press [Fix Checked].
Fix it.
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
As you want - You can create a shortcut and put it on your desktop.
O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe /NOTRAY
Fix it.
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
As you want - You can create a shortcut and put it on your desktop.
(It's not necessary to start a defrag each day, one or 2 at week is good too.)
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
Fix it.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = G:\Programs\Orbitdownloader\orbitdm.exe
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - G:\Programs\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74.........(file missing)
>>>>>>> Restart the computer.
____________________________________________________________________________________
Optimization too
• Open notepad (Start Menu --> All programs --> Accessory..),
• Put these (sc... in the Quote) lines in the notepad,
• Save what's into the notepad as ServMod.bat on your desktop,
• Run ServMod.bat
About ToolBar.
I didn't check the specification of these legal toolbar.
Uninstalled the ones you don't use, this will improve the performance of your PC !
• StylerToolBar
• Grab Pro
• Alexa
Access : Add/remove Programs from Control Manager.
• Update Adobe acrobat.
• After all this, post another hijackthis report.
No infection in the Hijackthis report !
Malwarebytes didn't suppress any infection (-> No action taken.)
• For this, go in [Quarantine] and select [Delete All]
(When a scan is finish, select >>>>> [Remove Selection])
Optimization
All of these following proposal lines to fix, are for improve the performance of your PC.
The lines 04- are processus who start automatically when the Pc start.
Some of these processus aren't necessary to start like that.
And somes other ones, can have a shortcut on desktop, to be use by double-click when the user need it.
Open HijackThis
• Select [Do a system scan only],
• Put a hook in front of each following lines,
• And press [Fix Checked].
Fix it.
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
As you want - You can create a shortcut and put it on your desktop.
O4 - HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe /NOTRAY
Fix it.
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
As you want - You can create a shortcut and put it on your desktop.
(It's not necessary to start a defrag each day, one or 2 at week is good too.)
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\Programs\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
Fix it.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = G:\Programs\Orbitdownloader\orbitdm.exe
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - G:\Programs\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - G:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74.........(file missing)
>>>>>>> Restart the computer.
____________________________________________________________________________________
Optimization too
• Open notepad (Start Menu --> All programs --> Accessory..),
• Put these (sc... in the Quote) lines in the notepad,
• Save what's into the notepad as ServMod.bat on your desktop,
• Run ServMod.bat
About ToolBar.
I didn't check the specification of these legal toolbar.
Uninstalled the ones you don't use, this will improve the performance of your PC !
• StylerToolBar
• Grab Pro
• Alexa
Access : Add/remove Programs from Control Manager.
• Update Adobe acrobat.
• After all this, post another hijackthis report.
- Status
