Options
patched user32 mcfee keeps finding it.
ran this program once, rebooted again, ran scan again in full scan and didn't find anything. However, when I rebooted after the first scan the patched user32 message did pop up with mcafee's virus notifyer!!!
Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 2
1/8/2009 6:51:00 PM
mbam-log-2009-01-08 (18-51-00).txt
Scan type: Quick Scan
Objects scanned: 80112
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13
Memory Processes Infected:
C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.AscentivePerformance) -> Unloaded process successfully.
C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\activespeed (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascbalon.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascIP95.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascIPNT.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\APCLang.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\GUID (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\SOUND.WAV (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\ActiveSpeed.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\Performance Center.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Spyware Striker Update.url (Rogue.Multiple) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 2
1/8/2009 6:51:00 PM
mbam-log-2009-01-08 (18-51-00).txt
Scan type: Quick Scan
Objects scanned: 80112
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13
Memory Processes Infected:
C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.AscentivePerformance) -> Unloaded process successfully.
C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\activespeed (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Performance Center (Rogue.PCSpeedScan) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascbalon.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascIP95.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ascIPNT.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\APCLang.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\GUID (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Ascentive\Performance Center\SOUND.WAV (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\ActiveSpeed.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Ascentive\Performance Center.lnk (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Spyware Striker Update.url (Rogue.Multiple) -> Quarantined and deleted successfully.
0
Comments
Sorry for the delay.
Download HJTInstall.exe to your Desktop.
- Doubleclick HJTInstall.exe to install it.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Save the log to a convenient location as you'll need to post it soon.
- Don't use the Analyse This button, its findings are dangerous if misinterpreted.
- Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Please post the HijackThis log back here.Thread closed.