|
Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home
General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2
Drivers
Driver Scan
Driver Forum
Software
Automatic Updates
BIOS Updates
My Computing.Net
Solution Center
Free IT eBook
Howtos
Site Search
Message Find
RSS Feeds
Install Guides
Data Recovery
About
Home
|
| |
Subject: My new laptop is suddenly so slow
|
Original Message
|
Name: baggie953
Date: May 4, 2008 at 09:19:18 Pacific
Subject: My new laptop is suddenly so slow
OS: Vista Basic
CPU/Ram: Intel T2060 1.6GHz
Model/Manufacturer: Packard Bell EasyNote
|
Comment: Hi learned friendsAs the title says my new computer has become very very slow and regularly hangs due to massive CPU useage! I am pretty sure that I have a virus still on the computer, I thought Norton had sorted it but since I changed to Anti-Vir it's gone slow again. On startup I get loads of error messages that I need to close before continuing! I use Zone Alarm as firewall I am not too bad with the computer and can follow instructions. If anyone can give me a clue where to start I'd really appreciate it. many thanks
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: brokencrow
Date: May 4, 2008 at 14:43:03 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)If you hit the Ctrl-Alt-Del key combo, that'll bring up a window with one of the options being Task Manager. Start up TM and go to the second tab, Processes, and you'll see some columns, two of which are CPU and Mem Usage. Click on CPU a couple of times and it'll list CPU usage by process. Same for memory.That should give you a good start on what's soaking up your CPU. I'm still not using Vista as much as I am XP, but disabling the Sidebar sure helped performance. You could get rid of ZoneAlarm and go with the Window's firewall. Windows firewall is fine for most users. www.computerselfdefense.com
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: baggie953
Date: May 4, 2008 at 22:32:44 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)@ brokencrowMany thanks, I will follow up your suggestion. I was thinking of cleaning up my registry to get rid of all the pop ups but I don't know where to start! I've heard all kind of horror stories about the registry so will probably steer clear. cheers again many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: Adii
Date: May 4, 2008 at 22:55:21 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)Download the "HijackThis" Installer from this link: http://www.trendsecure.com/portal/e...
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Post Hijackthis Log in your next reply. *Do Safe Computing*
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: baggie953
Date: May 4, 2008 at 23:05:20 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:48, on 05/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: NormalRunning processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\wamp\wampmanager.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Windows\system32\taskeng.exe
C:\Users\John Given\Desktop\Little Used\darkthrone\Recruiter 40's\dtrecruit.exe
C:\Users\JOHNGI~1\AppData\Local\Temp\eee.669\bin\ruby.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Setup my PC] C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe /run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll",run
O4 - HKCU\..\Run: [7C5D4F7E6A060A225F5D] Rundll32.exe "C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe --
End of file - 13597 bytes many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: Adii
Date: May 5, 2008 at 00:45:13 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)Please Disable all real time monitoring programs like Antiviruses and Antispyware and Firewalls to avoid conflicts, you can enable them later. Click here to see how to Disable: http://spywaredetail.com/forum/show...Please run HijackThis again! and click "Scan." Place checks next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll",run
O4 - HKCU\..\Run: [7C5D4F7E6A060A225F5D] Rundll32.exe "C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll",s
Close all browsers and other windows except for HijackThis!, and click "Fix checked". -----
Download Combofix by sUBs and save to your desktop.
(If you have previously downloaded ComboFix,please delete that version now.)
download link HERE:
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
Note
It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply. Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. *Do Safe Computing*
Report Offensive Follow Up For Removal
|
|
Response Number 6
|
Name: baggie953
Date: May 5, 2008 at 01:07:34 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)ComboFix 08-05-01.3 - John Given 2008-05-05 8:57:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.251 [GMT 1:00]
Running from: C:\Users\John Given\Desktop\ComboFix.exe
* Created a new restore point
.((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
. No new files created in this timespan .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 08:02 --------- d-----w C:\ProgramData\Kontiki
2008-05-05 06:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 18:16 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-03 15:51 --------- d-----w C:\ProgramData\Yahoo!
2008-05-03 15:46 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 03:18 --------- d-----w C:\Program Files\Kontiki
2008-05-03 03:18 --------- d-----w C:\Program Files\Channel4
2008-05-03 03:15 --------- d-----w C:\ProgramData\Channel4
2008-04-22 16:59 --------- d-----w C:\Program Files\Safari
2008-04-18 21:04 --------- d-----w C:\Users\John Given\AppData\Roaming\Yahoo!
2008-04-16 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 10:16 --------- d-----w C:\ProgramData\LogiShrd
2008-04-12 10:15 --------- d-----w C:\Users\John Given\AppData\Roaming\Logitech
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-12 10:11 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-12 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 10:10 --------- d-----w C:\ProgramData\Logitech
2008-04-12 10:10 --------- d-----w C:\Program Files\Logitech
2008-04-09 21:02 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 10:43 --------- d-----w C:\Program Files\iTunes
2008-04-09 10:43 --------- d-----w C:\Program Files\iPod
2008-04-09 10:42 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 10:40 --------- d-----w C:\Program Files\QuickTime
2008-04-07 17:26 --------- d-----w C:\Program Files\Opera
2008-04-06 00:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 00:13 --------- d-----w C:\ProgramData\Symantec
2008-04-03 22:05 --------- d-----w C:\ProgramData\CheckPoint
2008-04-03 20:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 19:30 --------- d-----w C:\ProgramData\Avira
2008-04-03 19:30 --------- d-----w C:\Program Files\Avira
2008-04-03 14:22 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-03 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 14:00 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 17:44 --------- d-----w C:\Users\John Given\AppData\Roaming\Avant Profiles
2008-03-28 17:43 --------- d-----w C:\Program Files\Avant Browser
2008-03-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-17 22:19 --------- d-----w C:\Program Files\Microsoft Games
2008-03-14 05:19 --------- d-----w C:\Program Files\Java
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 03:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 03:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:12 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:12 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:12 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 03:12 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:12 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:12 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-08-30 17:53 174 --sha-w C:\Program Files\desktop.ini
2006-11-08 05:23 65,536 --sha-w C:\Windows\OEM\mp\boot\bootstat.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-01 11:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-29 20:11 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-01 18:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007060120070602\index.dat
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:16 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"Setup my PC"="C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe" [2006-10-24 15:44 1016376]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 19:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 09:37 3772416 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 07:45 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"HostManager"="C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 15:58 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-18 05:57 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-12 11:10:51 789008]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-13 20:59:41 970752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0678C884-EF29-43B1-9E9F-44CF6697BDAD}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{A62410DC-C2D0-4457-900F-5C80B89B6775}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{8D94E4FA-5BF1-440A-A519-A7135C502689}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{96EDA1EC-7431-4391-9B53-05A77C28C05C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{E6789982-A79C-4E1C-9601-01ADEBBBD8E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{C94A6AA5-DFA7-4935-9219-591B182DA88A}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{5576A35F-04A7-45FA-BA04-EFA5E5B72396}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6C4795E3-B2C7-4644-8CB3-20C8D52954C3}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1291996B-6B06-44D1-800D-443A990EF8C5}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A14D9158-390D-476E-B374-5BED29CF6B24}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{65D01209-EDBA-4196-B910-F346E2244BC5}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{865A7ACB-A2CD-4E5E-9DA9-939A279C7D1F}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{68F03D5E-EB23-4D13-A41E-39EDEFBD8B4C}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6000986C-783B-463C-B8E2-52992BB66098}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EFA70AA0-4B50-4BE3-8E8C-8C1763B3A400}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A10927FB-1B27-4B06-9B50-5FA4950233CE}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6C91AA0-E939-4671-8C2A-E808EABB7E28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{59EBBFA9-912B-4287-AD4F-6A99FE1D39AE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DFF4337-0CEF-498E-B0CB-D06B369ADE5C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AA0BFB7-D111-4654-8C50-C72B46686030}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{8F4D184C-2142-42D6-9C2B-84CF8C6A04AF}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{5BC86507-7EB8-4A5C-8966-42B3D5EAF893}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EF409CF5-0C6E-4930-8CA4-6C92974E6312}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E24880BB-555B-4304-9440-141A3813355D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A05D8832-B243-4EDC-BCB0-0DE74B6214C6}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{870D5712-FA2B-4824-8485-8211841DEA2F}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{ABDC396C-F035-4E90-BF10-7870316FD6E7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42CBE94A-B1E7-4D34-A4D7-07FF879C881D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DA4E6D5-2E20-494B-9A9F-EF3EBA522B82}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4923FC32-9E86-4947-8306-4227A65A2775}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
R3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] *Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 07:43:02 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-05 07:38:45 C:\Windows\Tasks\User_Feed_Synchronization-{4A8680CB-A7C1-4A8D-B7DA-033A8C0DD312}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 09:03:15
Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0 **************************************************************************
.
Completion time: 2008-05-05 9:05:45
ComboFix-quarantined-files.txt 2008-05-05 08:05:05 The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application. 201 --- E O F --- 2008-05-01 21:32:23 many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 7
|
Name: Adii
Date: May 5, 2008 at 02:02:10 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)Open notepad, Don't use any other texteditor than notepad or the script will fail.
Copy/paste the bold text below into notepad:
File::
C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll
Save this as text file with name of CFScript. Select "All files" from Save as Type. Then drag the CFScript file into ComboFix.exe icon. This will start ComboFix again. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with fresh Hijackthis Log. *Do Safe Computing*
Report Offensive Follow Up For Removal
|
|
Response Number 8
|
Name: baggie953
Date: May 5, 2008 at 02:15:17 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)ComboFix 08-05-01.3 - John Given 2008-05-05 10:05:16.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.182 [GMT 1:00]
Running from: C:\Users\John Given\Desktop\ComboFix.exe
Command switches used :: C:\Users\John Given\Desktop\CFScript.txt
* Created a new restore pointFILE ::
C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll
. ((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
. No new files created in this timespan .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 09:10 --------- d-----w C:\ProgramData\Kontiki
2008-05-05 06:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 18:16 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-03 15:51 --------- d-----w C:\ProgramData\Yahoo!
2008-05-03 15:46 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 03:18 --------- d-----w C:\Program Files\Kontiki
2008-05-03 03:18 --------- d-----w C:\Program Files\Channel4
2008-05-03 03:15 --------- d-----w C:\ProgramData\Channel4
2008-04-22 16:59 --------- d-----w C:\Program Files\Safari
2008-04-18 21:04 --------- d-----w C:\Users\John Given\AppData\Roaming\Yahoo!
2008-04-16 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 10:16 --------- d-----w C:\ProgramData\LogiShrd
2008-04-12 10:15 --------- d-----w C:\Users\John Given\AppData\Roaming\Logitech
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-12 10:11 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-12 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 10:10 --------- d-----w C:\ProgramData\Logitech
2008-04-12 10:10 --------- d-----w C:\Program Files\Logitech
2008-04-09 21:02 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 10:43 --------- d-----w C:\Program Files\iTunes
2008-04-09 10:43 --------- d-----w C:\Program Files\iPod
2008-04-09 10:42 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 10:40 --------- d-----w C:\Program Files\QuickTime
2008-04-07 17:26 --------- d-----w C:\Program Files\Opera
2008-04-06 00:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 00:13 --------- d-----w C:\ProgramData\Symantec
2008-04-03 22:05 --------- d-----w C:\ProgramData\CheckPoint
2008-04-03 20:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 19:30 --------- d-----w C:\ProgramData\Avira
2008-04-03 19:30 --------- d-----w C:\Program Files\Avira
2008-04-03 14:22 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-03 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 14:00 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 17:44 --------- d-----w C:\Users\John Given\AppData\Roaming\Avant Profiles
2008-03-28 17:43 --------- d-----w C:\Program Files\Avant Browser
2008-03-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-17 22:19 --------- d-----w C:\Program Files\Microsoft Games
2008-03-14 05:19 --------- d-----w C:\Program Files\Java
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 03:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 03:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:12 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:12 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:12 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 03:12 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:12 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:12 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-08-30 17:53 174 --sha-w C:\Program Files\desktop.ini
2006-11-08 05:23 65,536 --sha-w C:\Windows\OEM\mp\boot\bootstat.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-01 11:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-29 20:11 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-01 18:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007060120070602\index.dat
. ((((((((((((((((((((((((((((( snapshot@2008-05-05_ 9.04.40.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 07:25:11 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-05 08:25:12 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-05 07:56:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-05 09:04:28 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-05 08:02:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 09:09:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 09:09:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:16 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"Setup my PC"="C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe" [2006-10-24 15:44 1016376]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 19:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 09:37 3772416 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 07:45 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"HostManager"="C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 15:58 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-18 05:57 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-12 11:10:51 789008]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-13 20:59:41 970752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0678C884-EF29-43B1-9E9F-44CF6697BDAD}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{A62410DC-C2D0-4457-900F-5C80B89B6775}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{8D94E4FA-5BF1-440A-A519-A7135C502689}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{96EDA1EC-7431-4391-9B53-05A77C28C05C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{E6789982-A79C-4E1C-9601-01ADEBBBD8E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{C94A6AA5-DFA7-4935-9219-591B182DA88A}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{5576A35F-04A7-45FA-BA04-EFA5E5B72396}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6C4795E3-B2C7-4644-8CB3-20C8D52954C3}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1291996B-6B06-44D1-800D-443A990EF8C5}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A14D9158-390D-476E-B374-5BED29CF6B24}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{65D01209-EDBA-4196-B910-F346E2244BC5}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{865A7ACB-A2CD-4E5E-9DA9-939A279C7D1F}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{68F03D5E-EB23-4D13-A41E-39EDEFBD8B4C}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6000986C-783B-463C-B8E2-52992BB66098}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EFA70AA0-4B50-4BE3-8E8C-8C1763B3A400}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A10927FB-1B27-4B06-9B50-5FA4950233CE}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6C91AA0-E939-4671-8C2A-E808EABB7E28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{59EBBFA9-912B-4287-AD4F-6A99FE1D39AE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DFF4337-0CEF-498E-B0CB-D06B369ADE5C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AA0BFB7-D111-4654-8C50-C72B46686030}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{8F4D184C-2142-42D6-9C2B-84CF8C6A04AF}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{5BC86507-7EB8-4A5C-8966-42B3D5EAF893}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EF409CF5-0C6E-4930-8CA4-6C92974E6312}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E24880BB-555B-4304-9440-141A3813355D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A05D8832-B243-4EDC-BCB0-0DE74B6214C6}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{870D5712-FA2B-4824-8485-8211841DEA2F}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{ABDC396C-F035-4E90-BF10-7870316FD6E7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42CBE94A-B1E7-4D34-A4D7-07FF879C881D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DA4E6D5-2E20-494B-9A9F-EF3EBA522B82}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4923FC32-9E86-4947-8306-4227A65A2775}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
R3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] *Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 08:43:05 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-05 07:38:45 C:\Windows\Tasks\User_Feed_Synchronization-{4A8680CB-A7C1-4A8D-B7DA-033A8C0DD312}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 10:09:05
Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0 **************************************************************************
.
Completion time: 2008-05-05 10:13:01
ComboFix-quarantined-files.txt 2008-05-05 09:11:54
ComboFix2.txt 2008-05-05 08:05:46 The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application. 218 --- E O F --- 2008-05-01 21:32:23
.
.
.
.
.
.
.
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:02:48, on 05/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\wamp\wampmanager.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Windows\system32\taskeng.exe
C:\Users\John Given\Desktop\Little Used\darkthrone\Recruiter 40's\dtrecruit.exe
C:\Users\JOHNGI~1\AppData\Local\Temp\eee.669\bin\ruby.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Setup my PC] C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe /run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll",run
O4 - HKCU\..\Run: [7C5D4F7E6A060A225F5D] Rundll32.exe "C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe --
End of file - 13597 bytes many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 9
|
Name: Adii
Date: May 5, 2008 at 03:15:26 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)Open notepad, Don't use any other texteditor than notepad or the script will fail.
Copy/paste the bold text below into notepad:
File::
C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll
Save this as text file with name of CFScript. Select "All files" from Save as Type.Then drag the CFScript file into ComboFix.exe icon. This will start ComboFix again. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with fresh Hijackthis Log. ---- Please run HijackThis again! and click "Scan." Place checks next to the following entries:
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll",run
O4 - HKCU\..\Run: [7C5D4F7E6A060A225F5D] Rundll32.exe "C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll",s
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
---- Please Do system Clean Up: * Clean your Cache and Cookies in IE:
Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Under Browsing History, click Delete.
Click Delete Files, Delete cookies and Delete history
Click Close below. * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu..
Click the Clear now button below.. A new window will popup what to clear.
Select all and click the Clear button again.
Click OK to close the Options window * Clean other Temporary files + Recycle bin
Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.
----
Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool.
Download link: http://www.malwarebytes.org/mbam/pr... >DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
>Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
>If an update is found, it will download and install the latest database updates.
>Once the program has loaded, select Perform full scan, then click Scan.
>When the scan is complete, click OK, then Show Results to view the results.
>Be sure that everything is checked, and click Remove Selected.
>When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt Post its Log in your next reply. ---
How things are running onto your computer now?
*Do Safe Computing*
Report Offensive Follow Up For Removal
|
|
Response Number 10
|
Name: baggie953
Date: May 5, 2008 at 05:24:38 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)@ AdiiAll those pesky pop-ups have dissappeared now, the computer starts up much faster and 'so far' seems stable. As requested I've posted the logs below in case you find any more nasties!! Thanks a ton for your help so far, very much appreciated. ComboFix 08-05-01.3 - John Given 2008-05-05 11:26:26.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.285 [GMT 1:00]
Running from: C:\Users\John Given\Desktop\ComboFix.exe
Command switches used :: C:\Users\John Given\Desktop\CFScript.txt
* Created a new restore point FILE ::
C:\Users\JOHNGI~1\AppData\Local\Temp\gdbbrrfe.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\jjljruth.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\tUlKDSJc.dll
C:\Users\JOHNGI~1\AppData\Local\Temp\xxYqpQiJ.dll
. ((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
. No new files created in this timespan .
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 10:28 --------- d-----w C:\ProgramData\Kontiki
2008-05-05 06:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-04 18:16 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-03 15:51 --------- d-----w C:\ProgramData\Yahoo!
2008-05-03 15:46 --------- d-----w C:\Program Files\Yahoo!
2008-05-03 03:18 --------- d-----w C:\Program Files\Kontiki
2008-05-03 03:18 --------- d-----w C:\Program Files\Channel4
2008-05-03 03:15 --------- d-----w C:\ProgramData\Channel4
2008-04-22 16:59 --------- d-----w C:\Program Files\Safari
2008-04-18 21:04 --------- d-----w C:\Users\John Given\AppData\Roaming\Yahoo!
2008-04-16 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-12 10:16 --------- d-----w C:\ProgramData\LogiShrd
2008-04-12 10:15 --------- d-----w C:\Users\John Given\AppData\Roaming\Logitech
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-04-12 10:13 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-12 10:11 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-12 10:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 10:10 --------- d-----w C:\ProgramData\Logitech
2008-04-12 10:10 --------- d-----w C:\Program Files\Logitech
2008-04-09 21:02 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 20:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-09 10:43 --------- d-----w C:\Program Files\iTunes
2008-04-09 10:43 --------- d-----w C:\Program Files\iPod
2008-04-09 10:42 --------- d-----w C:\ProgramData\Apple Computer
2008-04-09 10:40 --------- d-----w C:\Program Files\QuickTime
2008-04-07 17:26 --------- d-----w C:\Program Files\Opera
2008-04-06 00:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 00:13 --------- d-----w C:\ProgramData\Symantec
2008-04-03 22:05 --------- d-----w C:\ProgramData\CheckPoint
2008-04-03 20:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 19:30 --------- d-----w C:\ProgramData\Avira
2008-04-03 19:30 --------- d-----w C:\Program Files\Avira
2008-04-03 14:22 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-03 13:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-30 14:00 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 17:44 --------- d-----w C:\Users\John Given\AppData\Roaming\Avant Profiles
2008-03-28 17:43 --------- d-----w C:\Program Files\Avant Browser
2008-03-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-17 22:19 --------- d-----w C:\Program Files\Microsoft Games
2008-03-14 05:19 --------- d-----w C:\Program Files\Java
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 03:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 03:14 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:14 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:12 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:12 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:12 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:12 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:12 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:12 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 03:12 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:12 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:12 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:12 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-08-30 17:53 174 --sha-w C:\Program Files\desktop.ini
2006-11-08 05:23 65,536 --sha-w C:\Windows\OEM\mp\boot\bootstat.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-01 11:40 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-01 11:40 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-29 20:11 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-29 20:11 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-01 18:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007060120070602\index.dat
. ((((((((((((((((((((((((((((( snapshot@2008-05-05_ 9.04.40.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 07:25:11 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-05 10:25:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-05 07:56:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-05 10:25:50 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-05 08:02:12 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 10:29:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 10:29:02 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:16 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"Setup my PC"="C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe" [2006-10-24 15:44 1016376]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 19:12 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 09:37 3772416 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 07:45 815104]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"HostManager"="C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 22:08 228088]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 15:58 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-18 05:57 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-12 11:10:51 789008]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-08-13 20:59:41 970752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0678C884-EF29-43B1-9E9F-44CF6697BDAD}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{A62410DC-C2D0-4457-900F-5C80B89B6775}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{8D94E4FA-5BF1-440A-A519-A7135C502689}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{96EDA1EC-7431-4391-9B53-05A77C28C05C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{E6789982-A79C-4E1C-9601-01ADEBBBD8E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{C94A6AA5-DFA7-4935-9219-591B182DA88A}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{5576A35F-04A7-45FA-BA04-EFA5E5B72396}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{6C4795E3-B2C7-4644-8CB3-20C8D52954C3}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1291996B-6B06-44D1-800D-443A990EF8C5}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A14D9158-390D-476E-B374-5BED29CF6B24}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{65D01209-EDBA-4196-B910-F346E2244BC5}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{865A7ACB-A2CD-4E5E-9DA9-939A279C7D1F}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{68F03D5E-EB23-4D13-A41E-39EDEFBD8B4C}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6000986C-783B-463C-B8E2-52992BB66098}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EFA70AA0-4B50-4BE3-8E8C-8C1763B3A400}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A10927FB-1B27-4B06-9B50-5FA4950233CE}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6C91AA0-E939-4671-8C2A-E808EABB7E28}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{59EBBFA9-912B-4287-AD4F-6A99FE1D39AE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DFF4337-0CEF-498E-B0CB-D06B369ADE5C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6AA0BFB7-D111-4654-8C50-C72B46686030}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{8F4D184C-2142-42D6-9C2B-84CF8C6A04AF}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{5BC86507-7EB8-4A5C-8966-42B3D5EAF893}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EF409CF5-0C6E-4930-8CA4-6C92974E6312}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E24880BB-555B-4304-9440-141A3813355D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A05D8832-B243-4EDC-BCB0-0DE74B6214C6}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{870D5712-FA2B-4824-8485-8211841DEA2F}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{ABDC396C-F035-4E90-BF10-7870316FD6E7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{42CBE94A-B1E7-4D34-A4D7-07FF879C881D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DA4E6D5-2E20-494B-9A9F-EF3EBA522B82}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4923FC32-9E86-4947-8306-4227A65A2775}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 13:37]
R3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
R3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [] *Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 09:43:04 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-05 07:38:45 C:\Windows\Tasks\User_Feed_Synchronization-{4A8680CB-A7C1-4A8D-B7DA-033A8C0DD312}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 11:29:21
Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully
hidden files: 0 **************************************************************************
.
Completion time: 2008-05-05 11:31:17
ComboFix-quarantined-files.txt 2008-05-05 10:30:19
ComboFix2.txt 2008-05-05 09:13:02
ComboFix3.txt 2008-05-05 08:05:46 The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application. 219 --- E O F --- 2008-05-01 21:32:23
.
.
.
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:47, on 05/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?F...
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Setup my PC] C:\Program Files\Packard Bell\SetUpMyPC\SMP.exe /run
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe --
End of file - 11955 bytes
.
.
.
.
.
Malwarebytes' Anti-Malware 1.11
Database version: 717 Scan type: Full Scan (C:\|D:\|)
Objects scanned: 141676
Time elapsed: 1 hour(s), 15 minute(s), 46 second(s) Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0 Memory Processes Infected:
(No malicious items detected) Memory Modules Infected:
(No malicious items detected) Registry Keys Infected:
(No malicious items detected) Registry Values Infected:
(No malicious items detected) Registry Data Items Infected:
(No malicious items detected) Folders Infected:
(No malicious items detected) Files Infected:
(No malicious items detected) many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 11
|
Name: Adii
Date: May 5, 2008 at 13:02:42 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)I could not find any more nasties on your computer, logs looking much better. Hope your computer would be running fine.But for your further pc protection against malware and spyware, please read out following recommendations by Spywaredetail.com. Hope it will help you alot to Protect your computer. Link: http://spywaredetail.com/malware_pr... ---- Cheers, Adii *Do Safe Computing*
Report Offensive Follow Up For Removal
|
|
Response Number 12
|
Name: baggie953
Date: May 5, 2008 at 13:42:26 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)AdiiThank you again for helping me to resolve my computing problems. Computer is still running much faster and stabler than ever before. Cheers John many thanks
Report Offensive Follow Up For Removal
|
|
Response Number 13
|
Name: Adii
Date: May 5, 2008 at 22:11:45 Pacific
Subject: My new laptop is suddenly so slow
|
Reply: (edit)You can remove used tool combofix and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files.--
You Welcome,
Glad i could Help you.
cheers,
*Do Safe Computing*
| |
