Hi,

A security vulnerability has been found in Adobe Reader. It would need to be updated.

Please download and install this update - http://www.adobe.com/support/downloads/detail.jsp?ftpID=3967

Please post back a new HijackThis log after you've updated.

Any other issues so far?

Hi! Sorry for don't answering for a few days. Didn't notice your reply because it was placed in page 2 of this topic...

The only issues I've had so far is a somewhat slower Internet speed and when I start up windows it freezes for a few minutes with only the background picture and the mouse pointer showing on the display. This didn't happened before. Do you think that maybe it's a normal program transmitting all that data for a legitimate purpose? If I leave my internet connection on for maybe a day it has sent maybe 50 000 - 60 000 packets and received only a couple of hundred. What would need to send all that information.

Anyway. Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:16, on 2008-07-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6298 bytes

Thanks for taking the time!

Hello,

Sorry for the delay. I've got problems accessing Castlecops.

I'm not quite sure why this happens. Perhaps Windows needs some maintenance. I can give you some details on what programs on what programs that don't need to run on startup to improve it.

If it still doesn't improve, you can post here for help - /f120-General_Computer_Problems.html

You can use Winpatrol to handle your startup items.

http://www.bleepingcomputer.com/startups/StartCCC-19070.html - This is ATI Control Centre. It's not needed if you don't change your graphics settings regularly.

http://www.bleepingcomputer.com/startups/QuickTime_Task-4341.html - This is related to Quicktime Player. It adds itself to startup for no reason.

You can disable it by doing the following:

1. Right click on Quicktime icon near the clock and select Quicktime Preferences.
   
2. Select the Update tab.
   
3. Uncheck (untick) this box - Check for Updates Automatically.
   
4. Next, select the Advanced tab.
   
5. Uncheck (untick) this box - Install QuickTime icon in System Tray.
   
6. Lastly, open HijackThis and select Do a system scan only.
   
7. Put a check (tick) next to this box - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime.
   
8. Click Fix checked and close HijackThis.

http://www.bleepingcomputer.com/startups/soundman-5045.html - This is related to Realtek Sound Manager. It's not needed on startup.

http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html - This is related to Microsoft Office text and speech engine. If you have no use for it, you can remove it. Please see Microsoft's explanation for more details.

http://www.bleepingcomputer.com/startups/MsnMsgr-3423.html - This is MSN Messenger (now known as Windows Live Messenger). For convenience sake, it runs on startup. If you don't mind starting it manually, you can disable it.

Here's how:

1. Open Windows Live Messenger.
   
2. Click on Tools > Options.
   
3. Select Sign in on the left.
   
4. Uncheck (untick) this box - Automatically run Windows Live Messenger when I log in to Windows.
   
5. Click OK to apply the settings.

Hello,

Sorry for the delay. I've got problems accessing Castlecops.

I'm not quite sure why this happens. Perhaps Windows needs some maintenance. I can give you some details on what programs on what programs that don't need to run on startup to improve it.

If it still doesn't improve, you can post here for help - /f120-General_Computer_Problems.html

You can use Winpatrol to handle your startup items.

http://www.bleepingcomputer.com/startups/StartCCC-19070.html - This is ATI Control Centre. It's not needed if you don't change your graphics settings regularly.

http://www.bleepingcomputer.com/startups/QuickTime_Task-4341.html - This is related to Quicktime Player. It adds itself to startup for no reason.

You can disable it by doing the following:

1. Right click on Quicktime icon near the clock and select Quicktime Preferences.
   
2. Select the Update tab.
   
3. Uncheck (untick) this box - Check for Updates Automatically.
   
4. Next, select the Advanced tab.
   
5. Uncheck (untick) this box - Install QuickTime icon in System Tray.
   
6. Lastly, open HijackThis and select Do a system scan only.
   
7. Put a check (tick) next to this box - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime.
   
8. Click Fix checked and close HijackThis.

http://www.bleepingcomputer.com/startups/soundman-5045.html - This is related to Realtek Sound Manager. It's not needed on startup.

http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html - This is related to Microsoft Office text and speech engine. If you have no use for it, you can remove it. Please see Microsoft's explanation for more details.

http://www.bleepingcomputer.com/startups/MsnMsgr-3423.html - This is MSN Messenger (now known as Windows Live Messenger). For convenience sake, it runs on startup. If you don't mind starting it manually, you can disable it.

Here's how:

1. Open Windows Live Messenger.
   
2. Click on Tools > Options.
   
3. Select Sign in on the left.
   
4. Uncheck (untick) this box - Automatically run Windows Live Messenger when I log in to Windows.
   
5. Click OK to apply the settings.

Okey, I'll try to follow your advice. Because of your thorough analysis I'm getting pretty confident that it's not some kind of spyware that has infiltrated my computer.

Thank you for everything, ndmmxiaomayi! I really appreciate all the help that you have provided for me through this great service. I'll donate some money for your new servers as soon as my paycheck drops in.

Thanks again!

Thank you very much for helping Castlecops.

Let me know if there are any other issues.