PF Usage gradually rises without stop. [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

PF Usage gradually rises without stop. [RESOLVED], Feels like my computer is slowly dying.

Options

Hadji View Member Profile	Oct 8 2008, 04:29 PM Post #1
New Member Posts: 5 OS: Windows XP	Hey guys. For the past week or so, my computer has been acting funny. After a few hours, I realized that my computer was slowing down and freezing, and that Windows was alerting me that my Virtual Memory was too low. This message has popped up in the past before but this time it's different. I looked at my task manager to see what was the problem and to my dismay found that my PF Usage was well over 2.5 gigs. I rebooted and the PF usage went back to around 300mb. But it will immediately begin to rise about 1mb per minute until my computer would basically lock up again. I'd have to reboot to be able to do anything. Before I thought I was just running too many programs...even though it was just FireFox and iTunes. But then I tried doing nothing after a reboot. Without opening anything, my PF usage would gradually rise in the same manner. Also several programs have disappeared from my task bar. I am on a Dell Inspiron E1505, and the standard Dell's wireless connection program would no longer work and the only way I option I had left was to check the box to "Let Windows Configure Your Wireless Connection." I also use StyleXP that applied a theme to Windows and since this all began my theme has disappeared and reverted back to the Windows Classic look and the program itself states it can not run on my computer, even though it had run fine in the past. I'm not sure what's happening to my computer. I'm not very tech savvy in the least and after browsing the internet to seek help (with no avail) I decided to come to you guys in hopes that you may be able to figure this out. Thanks in advance. My apologies if this post is particularly wordy.

Essexboy View Member Profile	Oct 15 2008, 01:41 PM Post #2
Global Moderator Posts: 9,560 From: Darkest Cornwall OS: Vista Ultimate	Hi there and sorry for the delay. Firstly I would like to see what is running on your system, to that end I will require two logs First Download & Run HijackThis.exe Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. Second Download OTViewIt to your desktop. Close all windows and double click OTViewIt Place a tick in the Scan all Users box Click Run Scan and let the program run uninterrupted On completion it will produce two logs on the Desktop, atttach the OTViewIt.txt and Extras.txt logs in your next post. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post

Hadji View Member Profile	Oct 15 2008, 02:39 PM Post #3
New Member Posts: 5 OS: Windows XP	Here you go. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:35:14 PM, on 10/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Linus\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\d3dx9_09.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\d3dx9_09.exe", O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Policies\Explorer\Run: [DirectX9] C:\WINDOWS\d3dx9_09.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11543 bytes Attached File(s)* OTViewIt.Txt ( 183.83K ) Number of downloads: 9 Extras.Txt ( 47.1K ) Number of downloads: 2

Essexboy View Member Profile	Oct 15 2008, 03:16 PM Post #4
Global Moderator Posts: 9,560 From: Darkest Cornwall OS: Vista Ultimate	Hmm this one looks tricky. So lets go for it Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\d3dx9_09.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\d3dx9_09.exe", O4 - HKCU\..\Policies\Explorer\Run: [DirectX9] C:\WINDOWS\d3dx9_09.exe Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Hadji View Member Profile	Oct 15 2008, 04:59 PM Post #5
New Member Posts: 5 OS: Windows XP	ComboFix 08-10-15.05 - Linus 2008-10-15 15:26:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.542 [GMT -7:00] Running from: C:\Documents and Settings\Linus\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_PACKET -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))))) . 2008-10-14 23:48 . 2008-10-14 23:48 <DIR> d-------- C:\Program Files\iPod 2008-10-14 23:48 . 2008-10-14 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-08 13:55 . 2008-10-08 14:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-08 13:55 . 2008-10-08 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-08 09:11 . 2008-10-08 09:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-10-08 00:04 . 2008-10-08 00:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-08 00:04 . 2008-10-08 00:04 <DIR> d-------- C:\Documents and Settings\Linus\Application Data\Malwarebytes 2008-10-08 00:04 . 2008-10-08 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-08 00:04 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-08 00:04 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-08 00:03 . 2008-10-08 00:03 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-10-05 01:42 . 2008-10-05 01:42 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-10-05 01:42 . 2008-10-05 01:42 <DIR> d-------- C:\WINDOWS\system32\en 2008-10-05 01:42 . 2008-10-05 01:42 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-05 01:42 . 2008-10-05 01:42 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-05 01:34 . 2008-10-05 01:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-05 00:46 . 2008-10-05 00:46 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2008-10-04 22:52 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-10-04 22:51 . 2008-04-13 11:46 121,984 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2008-10-04 22:51 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys 2008-10-04 22:51 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys 2008-10-04 22:51 . 2008-04-13 11:43 14,208 --------- C:\WINDOWS\system32\drivers\wacompen.sys 2008-10-04 22:51 . 2008-04-13 11:56 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2008-10-04 22:51 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-10-04 22:51 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys 2008-10-04 22:51 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys 2008-10-04 22:51 . 2008-04-13 17:12 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll 2008-10-04 22:51 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys 2008-10-04 22:50 . 2008-04-13 17:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-10-04 22:50 . 2008-04-13 17:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-10-04 22:50 . 2008-04-13 11:36 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys 2008-10-04 22:48 . 2008-04-13 17:12 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2008-10-04 22:48 . 2008-04-13 17:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-10-04 22:48 . 2004-08-03 22:29 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys 2008-10-04 22:48 . 2008-04-13 11:46 59,136 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2008-10-04 22:48 . 2008-04-13 17:12 32,768 --------- C:\WINDOWS\system32\setupn.exe 2008-10-04 22:48 . 2008-04-13 11:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2008-10-04 22:48 . 2004-08-03 22:41 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys 2008-10-04 22:48 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-10-04 22:47 . 2008-04-13 17:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll 2008-10-04 22:47 . 2008-04-13 17:12 150,528 --------- C:\WINDOWS\system32\qagent.dll 2008-10-04 22:47 . 2008-04-13 17:12 144,384 --------- C:\WINDOWS\system32\onex.dll 2008-10-04 22:47 . 2008-04-13 17:12 76,800 --------- C:\WINDOWS\system32\qutil.dll 2008-10-04 22:47 . 2008-04-13 17:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll 2008-10-04 22:47 . 2008-04-13 17:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll 2008-10-04 22:46 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2008-10-04 22:46 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-10-04 22:42 . 2008-04-13 17:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-10-04 22:42 . 2008-04-13 17:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-10-04 22:42 . 2008-04-13 17:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-10-04 22:42 . 2008-04-13 17:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-10-04 22:41 . 2008-04-13 17:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll 2008-10-04 22:41 . 2008-04-13 17:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll 2008-10-04 22:41 . 2008-04-13 17:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-10-04 22:41 . 2008-04-13 17:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-10-04 22:41 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-10-04 22:41 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-10-04 22:41 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-10-04 22:41 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-10-04 22:41 . 2007-06-20 22:52 974 --------- C:\WINDOWS\system32\pid.inf 2008-10-04 22:40 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-10-04 22:40 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-10-04 22:40 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-10-04 22:40 . 2008-04-13 11:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2008-10-04 22:40 . 2008-04-13 17:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2008-10-04 22:40 . 2008-04-13 11:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys 2008-10-04 22:40 . 2008-04-13 11:43 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2008-10-04 22:38 . 2008-04-13 17:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2008-10-04 22:37 . 2008-04-13 17:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-10-04 21:40 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-04 21:40 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-04 21:38 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-04 21:38 . 2008-05-08 07:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-04 20:56 . 2008-10-04 20:56 32 --ahs---- C:\WINDOWS\system32\{1682CDCC-EF50-4538-82EF-58809BC9E90B}.dat 2008-10-04 20:56 . 2008-10-04 20:56 32 --ahs---- C:\WINDOWS\{1CD084D4-AFC7-493C-920E-613B57167023}.dat 2008-10-04 20:56 . 2008-10-04 20:56 14 --a------ C:\WINDOWS\system32\SR2.dat 2008-10-04 20:53 . 2008-10-04 21:46 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-10-04 20:53 . 2008-10-04 20:53 <DIR> d-------- C:\Documents and Settings\Linus\Application Data\Symantec 2008-10-04 20:53 . 2002-08-15 19:59 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386 2008-10-04 20:53 . 2002-08-15 19:59 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-04 20:53 . 2002-08-15 19:59 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-01 16:27 . 2008-10-01 16:27 <DIR> d-------- C:\Program Files\Musicnotes 2008-10-01 16:25 . 2008-10-01 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Musicnotes 2008-09-28 04:40 . 2008-10-04 12:21 <DIR> d-------- C:\Documents and Settings\Linus\Application Data\tor 2008-09-28 04:39 . 2008-09-28 04:39 <DIR> d-------- C:\Program Files\Vidalia Bundle 2008-09-28 04:39 . 2008-10-04 00:04 <DIR> d-------- C:\Documents and Settings\Linus\Application Data\Vidalia . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 06:48 --------- d-----w C:\Program Files\iTunes 2008-10-15 06:46 --------- d-----w C:\Program Files\Bonjour 2008-10-15 06:45 --------- d-----w C:\Program Files\QuickTime 2008-10-15 06:44 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-14 07:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-14 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-10-13 09:00 --------- d-----w C:\Documents and Settings\Linus\Application Data\Move Networks 2008-10-05 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-05 11:08 --------- d-----w C:\Program Files\NavNet 2008-10-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-05 03:53 --------- d-----w C:\Program Files\Symantec 2008-10-01 20:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-08 22:41 --------- d-----w C:\Program Files\Microsoft Works 2008-09-01 19:52 --------- d-----w C:\Documents and Settings\Linus\Application Data\AdobeUM 2008-08-29 16:05 --------- d-----w C:\Program Files\Reference Assemblies 2008-08-29 16:05 --------- d-----w C:\Program Files\MSBuild 2008-07-21 18:35 79,240 ----a-w C:\Documents and Settings\Linus\Application Data\GDIPFONTCACHEV1.DAT 2006-11-02 09:17 222,218 --sha-r C:\WINDOWS\d3dx9_09.exe 2007-07-03 09:25 88 -csh--r C:\WINDOWS\system32\FBB5035CB1.sys 2007-07-03 09:31 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 50528] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 1392640] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-14 236544] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-08 185896] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 366400] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 50880] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 34504] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE" [2006-07-25 67264] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 622653] Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 2056275] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\America Online 9.0\\waol.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Last.fm\\LastFM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15507:TCP"= 15507:TCP:BitComet 15507 TCP "15507:UDP"= 15507:UDP:BitComet 15507 UDP R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b6347b4-2096-11dd-8e2f-0016cfcf9220}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B47IH455-YN5R-TXCV-66E7-N71EL0CDVIG8}] "C:\WINDOWS\d3dx9_09.exe" . - - - - ORPHANS REMOVED - - - - HKCU-Run-Active Desktop Calendar - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe HKLM-Run-PRISMSVR.EXE - C:\WINDOWS\system32\PRISMSVR.EXE Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Linus\Application Data\Mozilla\Firefox\Profiles\9lzvn3kj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 15:36:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Documents and Settings\Linus\Local Settings\Application Data\AOL\AOLDiag\AOL\IMAppServiceUSGM\Win32\6.5.9.1\0007a824.nub scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe . ************************************************************************ . Completion time: 2008-10-15 15:54:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-15 22:54:06 Pre-Run: 5,297,496,064 bytes free Post-Run: 5,245,530,112 bytes free 255 --- E O F --- 2008-10-15 19:05:53 ========================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:31 PM, on 10/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe C:\Program Files\AIM6\aolsoftware.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Linus\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11766 bytes

Hadji View Member Profile	Oct 15 2008, 05:12 PM Post #6
New Member Posts: 5 OS: Windows XP	Well everything seems to be back to normal, my programs have returned and the PF Usage is stable. Thanks =) Do you see anything else that should be fixed from the logs? I also have a question about StyleXP. It says it's no longer compatible with my version of windows. Was this because of some kind of update that i missed? This post has been edited by Hadji: Oct 15 2008, 05:30 PM

Essexboy View Member Profile	Oct 16 2008, 01:53 PM Post #7
Global Moderator Posts: 9,560 From: Darkest Cornwall OS: Vista Ultimate	QUOTE I also have a question about StyleXP. It says it's no longer compatible with my version of windows. Was this because of some kind of update that i missed? This may be because you have SP3 not sure I'm afraid Now the best part of the day ----- Your log now appears clean A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Do not show hidden files and folders. Click Yes to confirm. Click OK. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. XP Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? Keep safe

Essexboy View Member Profile	Oct 17 2008, 09:11 AM Post #8
Global Moderator Posts: 9,560 From: Darkest Cornwall OS: Vista Ultimate	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Malware Removal - HijackThis™ Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: