Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.Trojan.Tibs [RESOLVED]

Started by Congo123 , Aug 02 2008 12:13 PM

  • This topic is locked This topic is locked

#1
Congo123
Posted 02 August 2008 - 12:13 PM

Congo123

    New Member

  • Member
  • Pip
  • 4 posts
Win32.Trojan.Tibs came up on an adware 2008 search. I think I have some kind of Trojan downloader? possibly as I am getting random Trojans on AVG, Adaware, etc about once per month. I'm a complete newb with malware and am currently reading how to post a Hijackthis log. I just joined this forum and read through the self help removal guides and didn't see this Trojan specifically, but I did see other Win32.Trojan guides. Any guidance?

Also these are the other 2 trojans that came up on AVG the last 2 months.: Trojan Horse SHeur.BCIF and Generic10.ABYM in a system32\msfont.dll file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:43 PM, on 8/2/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Documents and Settings\Patrick1\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30052D13-E375-4AA3-94BE-A7EA5D335A80}: NameServer = 192.168.1.1,192.168.1.2
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FAH@C:+Second Folding+FAH504-Console.exe - Stanford University - C:\Second Folding\FAH504-Console.exe
O23 - Service: FAH@C:+Third Folding+FAH504-Console.exe - Stanford University - C:\Third Folding\FAH504-Console.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

--
End of file - 6770 bytes



2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABIT uGuru
Ad-Aware
Adobe Flash Player Plugin
AI RoboForm (All Users)
Alarm Clock v1.0
AnalogX DXMan
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 7.5
AviSynth 2.5
CCleaner (remove only)
CDDRV_Installer
CeRegEditor 0.0.4.4
COMODO Firewall Pro
Diskeeper 2007 Pro Premier
ffdshow [rev 1897] [2008-03-13]
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel Matrix Storage Manager
Java™ 6 Update 2
Java™ 6 Update 5
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Tool Web Package:WntIpcfg.exe
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mIRC
Monkey's Audio
Mozilla Firefox (2.0.0.16)
Mp3tag v2.39
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
neroxml
PC Wizard 2008.1.82
PeerGuardian 2.0
Picasa 2
Realtek AC'97 Audio
Registry Mechanic 6.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB950759)
Spybot - Search & Destroy
SpywareBlaster 4.1
Super Mp3 Recorder Professional v6.2
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
Winamp (remove only)
Windows Defender
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Presentation Foundation
WinRAR archiver
Xvid 1.1.3 final uninstall

Edited by Congo123, 02 August 2008 - 12:24 PM.

  • 0

Advertisements

#2
greyknight17
Posted 02 August 2008 - 12:54 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Congo123
Posted 02 August 2008 - 01:22 PM

Congo123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Edit: Ok got scan going... blocked everything with router stupidly and that's the hold up. Sorry. Thanks for the help as well!!!

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-08-02 15:47:10
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Windows Defender 1.1.3806.0 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00199231 HackTool/EvID HackTools No 0 Yes No C:\System Volume Information\_restore{CC5AE3F0-BCA3-4E06-82D3-FB125AD23EB0}\RP1\A0000001.exe
00199231 HackTool/EvID HackTools No 0 Yes No C:\System Volume Information\_restore{CC5AE3F0-BCA3-4E06-82D3-FB125AD23EB0}\RP26\A0015271.exe
00415224 Generic Trojan Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{045C5380-3D8B-45F5-9D26-24F4D31E9FB0}\RP117\A0022488.exe
00889019 Generic Trojan Virus/Trojan No 0 Yes No E:\System Volume Information\_restore{61DA53DC-13A9-4C37-8915-6AD8DA1A3053}\RP92\A0009772.exe
01895149 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{CC5AE3F0-BCA3-4E06-82D3-FB125AD23EB0}\RP26\A0014221.exe
01895149 Malicious Packer SecRisk No 0 Yes No C:\System Volume Information\_restore{CC5AE3F0-BCA3-4E06-82D3-FB125AD23EB0}\RP1\A0000002.exe
03117151 Trj/Zapchast.CK Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{CC5AE3F0-BCA3-4E06-82D3-FB125AD23EB0}\RP46\A0019730.dll
03253603 Bck/Hupigon.AZG Virus/Trojan No 1 Yes No C:\Program Files\AviDvdBurner\Patch.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location t
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description t
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================


Combofix

ComboFix 08-08-01.05 - Patrick1 2008-08-02 15:51:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.613 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patrick1\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-02 15:08 . 2008-08-02 15:08 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-02 15:08 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-02 14:57 . 2008-08-02 14:57 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-08-02 14:56 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-08-02 13:03 . 2008-08-02 13:03 <DIR> d-------- C:\Program Files\COMODO
2008-08-02 13:03 . 2008-08-02 13:03 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\Comodo
2008-08-02 13:03 . 2008-08-02 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-02 13:03 . 2008-08-02 13:03 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-02 13:03 . 2008-08-02 13:03 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-02 13:03 . 2008-08-02 13:03 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 10:45 . 2008-08-02 10:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-02 09:46 . 2008-08-02 09:46 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-02 09:46 . 2008-08-02 09:46 <DIR> d-------- C:\Program Files\MSECACHE
2008-07-26 06:07 . 2008-07-26 06:07 <DIR> d-------- C:\Program Files\Xvid
2008-07-26 06:07 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-26 06:07 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-26 06:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-26 05:44 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-26 05:44 . 2008-03-04 12:32 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-07-26 05:44 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-26 05:09 . 2008-08-02 09:02 <DIR> d-------- C:\Program Files\mplayerc_20080308
2008-07-26 05:09 . 2008-07-26 05:09 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\Media Player Classic
2008-07-25 23:58 . 2008-07-25 23:58 <DIR> d-------- C:\Program Files\AnalogX
2008-07-22 03:49 . 2008-07-22 03:49 <DIR> d-------- C:\Program Files\uTorrent
2008-07-22 03:49 . 2008-06-20 06:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-07-22 03:49 . 2008-06-20 06:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-22 03:48 . 2008-08-02 09:02 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\uTorrent
2008-07-14 19:06 . 2008-05-08 06:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-07-14 19:06 . 2008-05-09 05:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-07-03 20:34 . 2008-07-03 20:34 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\ATI
2008-07-03 20:34 . 2008-07-03 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-07-03 20:34 . 2008-07-03 20:34 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-03 20:32 . 2008-06-02 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-03 20:31 . 2008-07-03 20:32 <DIR> d-------- C:\Program Files\ATI Technologies
2008-07-03 20:31 . 2008-07-03 20:31 <DIR> d-------- C:\ATI
2008-07-03 20:09 . 2008-02-12 01:00 104,960 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys
2008-07-03 20:09 . 2008-02-12 01:00 36,463 --a------ C:\WINDOWS\system32\drivers\ati1tuxx.sys
2008-07-03 20:09 . 2008-02-12 01:00 28,672 --a------ C:\WINDOWS\system32\drivers\atinsnxx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 20:08 --------- d-----w C:\Program Files\Panda Security
2008-08-02 19:45 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-02 19:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 17:26 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-02 15:48 12,960 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-08-02 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 15:46 --------- d-----w C:\Program Files\Lavasoft
2008-08-02 15:03 --------- d-----w C:\Documents and Settings\Patrick1\Application Data\AVG7
2008-08-02 14:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-02 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 11:29 --------- d-----w C:\Program Files\The Witcher
2008-08-02 11:28 --------- d-----w C:\Program Files\FlashGet
2008-08-02 09:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 10:45 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-26 10:44 --------- d-----w C:\Program Files\ffdshow
2008-07-26 10:08 --------- d-----w C:\Program Files\QuickTime
2008-07-26 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-26 10:07 --------- d-----w C:\Program Files\AC3Filter
2008-07-26 04:13 --------- d-----w C:\Program Files\VideoLAN
2008-07-22 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-05 09:41 --------- d-----w C:\Program Files\Winamp
2008-07-04 10:31 --------- d-----w C:\Program Files\Picasa2
2008-07-04 01:29 --------- d-----w C:\Program Files\Google
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 10:44 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-03 10:44 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-03 10:43 --------- d-----w C:\Program Files\Futuremark
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-20 21:40 1,753,088 ----a-w C:\WINDOWS\dd-wrt.v24_micro_wrt54gv8.bin
2008-05-20 21:40 1,753,088 ----a-w C:\dd-wrt.v24_micro_wrt54gv8.bin
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-11 02:37 8 ----a-w C:\Documents and Settings\Patrick1\Application Data\usb.dat
2007-09-06 04:46 52,494,336 ----a-w C:\Documents and Settings\Patrick1\TRACE_BOOT+DRIVERS_1_1.BIN
2008-04-05 16:32 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"HijackThis startup scan"="C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" [2008-01-06 07:24 396288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30 139264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-02 13:03 1655552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\WINDOWS\system32\zzzdeltemp.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuru]
--a------ 2003-09-22 21:34 192512 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-15 08:48 579584 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-02-12 14:59 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 08:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-11-26 10:40]
R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 17:52]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-02 13:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-02 13:03]
S3 cpuz129;cpuz129;C:\DOCUME~1\Patrick1\LOCALS~1\Temp\cpuz_x32.sys []
S3 FAH@C:+Second Folding+FAH504-Console.exe;FAH@C:+Second Folding+FAH504-Console.exe;C:\Second Folding\FAH504-Console.exe [2007-07-11 02:43]
S3 FAH@C:+Third Folding+FAH504-Console.exe;FAH@C:+Third Folding+FAH504-Console.exe;C:\Third Folding\FAH504-Console.exe [2007-07-11 02:43]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys []

*Newly Created Service* - CATCHME
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Patrick1\Application Data\Mozilla\Firefox\Profiles\5y3czrjl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 15:52:48
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+Second Folding+FAH504-Console.exe]
"ImagePath"="C:\Second Folding\FAH504-Console.exe -svcstart -svcstart -verbosity 9 -forceasm -advmethods -local"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+Third Folding+FAH504-Console.exe]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-08-02 15:53:20
ComboFix-quarantined-files.txt 2008-08-02 20:53:16

Pre-Run: 47,446,573,056 bytes free
Post-Run: 47,421,661,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

256 --- E O F --- 2008-08-02 02:07:21

Edited by Congo123, 02 August 2008 - 02:46 PM.

  • 0

#4
greyknight17
Posted 03 August 2008 - 05:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
cpuz129
File::
C:\Program Files\AviDvdBurner\Patch.exe

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?
  • 0

#5
Congo123
Posted 03 August 2008 - 10:05 PM

Congo123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the reply. :) It's running better. Still chugging hard for example on right clicking just to check properties. A bunch of programs needed to be uninstalled reinstalled as they crashed on opening. No major programs....example Winamp. This is my old gaming rig p4 3.2 oc'd to 3.8 with dual raptors and it's definitely still slowed a bit. Still some minor tasks are taking major processing. Followed instructions above and posted log below. Thanks again.

Congo


ComboFix 08-08-03.03 - Patrick1 2008-08-03 22:59:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.739 [GMT -5:00]
Running from: C:\Documents and Settings\Patrick1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patrick1\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ129
-------\Service_cpuz129


((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 22:29 . 2008-07-09 03:05 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-08-03 09:29 . 2008-08-03 09:29 <DIR> d-------- C:\Program Files\Java
2008-08-03 09:29 . 2008-08-03 09:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-03 09:29 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-03 01:04 . 2008-08-03 01:04 <DIR> d-------- C:\Program Files\D-Tools
2008-08-03 01:04 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-08-03 01:04 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-08-02 20:34 . 2008-08-02 22:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-02 20:34 . 2008-08-02 22:58 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\SUPERAntiSpyware.com
2008-08-02 20:34 . 2008-08-02 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-02 20:07 . 2008-08-02 20:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-02 20:01 . 2008-08-02 20:06 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\Winamp
2008-08-02 19:35 . 2008-08-02 19:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-02 19:35 . 2008-08-02 19:35 <DIR> d-------- C:\Program Files\AVG
2008-08-02 19:35 . 2008-08-02 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-02 19:35 . 2008-08-02 19:35 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-02 19:35 . 2008-08-02 19:35 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-02 14:57 . 2008-08-02 14:57 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-08-02 13:03 . 2008-08-02 13:03 <DIR> d-------- C:\Program Files\COMODO
2008-08-02 13:03 . 2008-08-02 13:03 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\Comodo
2008-08-02 13:03 . 2008-08-02 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-02 13:03 . 2008-08-02 13:03 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-02 13:03 . 2008-08-02 13:03 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-02 13:03 . 2008-08-02 13:03 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-02 09:46 . 2008-08-02 09:46 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-02 09:46 . 2008-08-02 09:46 <DIR> d-------- C:\Program Files\MSECACHE
2008-07-26 06:07 . 2008-07-26 06:07 <DIR> d-------- C:\Program Files\Xvid
2008-07-26 06:07 . 2008-04-27 10:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-26 06:07 . 2008-04-27 10:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-26 06:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-26 05:44 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-26 05:44 . 2008-03-04 12:32 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-07-26 05:44 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-07-26 05:09 . 2008-08-02 09:02 <DIR> d-------- C:\Program Files\mplayerc_20080308
2008-07-26 05:09 . 2008-07-26 05:09 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\Media Player Classic
2008-07-22 03:49 . 2008-07-22 03:49 <DIR> d-------- C:\Program Files\uTorrent
2008-07-22 03:49 . 2008-08-02 23:05 361,600 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-22 03:49 . 2008-06-20 06:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-07-22 03:48 . 2008-08-03 22:57 <DIR> d-------- C:\Documents and Settings\Patrick1\Application Data\uTorrent
2008-07-14 19:06 . 2008-05-08 06:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-07-14 19:06 . 2008-05-09 05:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 03:59 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-04 03:29 --------- d-----w C:\Program Files\AC3Filter
2008-08-03 06:02 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-08-03 04:26 --------- d-----w C:\Program Files\mIRC
2008-08-03 04:05 361,600 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-03 04:05 361,600 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-08-03 03:58 --------- d-----w C:\Program Files\Panda Security
2008-08-03 01:01 --------- d-----w C:\Program Files\Winamp
2008-08-03 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 23:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 17:26 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-02 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 14:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-02 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 11:29 --------- d-----w C:\Program Files\The Witcher
2008-08-02 11:28 --------- d-----w C:\Program Files\FlashGet
2008-07-26 10:45 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-26 10:44 --------- d-----w C:\Program Files\ffdshow
2008-07-26 10:08 --------- d-----w C:\Program Files\QuickTime
2008-07-26 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-26 04:13 --------- d-----w C:\Program Files\VideoLAN
2008-07-22 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 10:31 --------- d-----w C:\Program Files\Picasa2
2008-07-04 01:34 --------- d-----w C:\Documents and Settings\Patrick1\Application Data\ATI
2008-07-04 01:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-07-04 01:32 --------- d-----w C:\Program Files\ATI Technologies
2008-07-04 01:29 --------- d-----w C:\Program Files\Google
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 10:44 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-03 10:44 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-03 02:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-05-20 21:40 1,753,088 ----a-w C:\WINDOWS\dd-wrt.v24_micro_wrt54gv8.bin
2008-05-20 21:40 1,753,088 ----a-w C:\dd-wrt.v24_micro_wrt54gv8.bin
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-11 02:37 8 ----a-w C:\Documents and Settings\Patrick1\Application Data\usb.dat
2007-09-06 04:46 52,494,336 ----a-w C:\Documents and Settings\Patrick1\TRACE_BOOT+DRIVERS_1_1.BIN
2008-04-05 16:32 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat
2008-04-05 16:32 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-02-12 10:20 361344 ad075303568ec3b139cec4c22baaecd1 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-08-02 23:05 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-08-02 23:05 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-08-02_15.53.06.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-22 22:04:56 69,120 ----a-w C:\WINDOWS\daemon.dll
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-09-19 20:10:56 349,184 ----a-w C:\WINDOWS\system32\avisynth.dll
+ 2008-03-29 22:35:00 306,688 ----a-w C:\WINDOWS\system32\avisynth.dll
- 2008-01-05 03:36:52 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-08-03 00:35:08 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2008-02-22 06:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 14:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30 139264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-02 13:03 1655552]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\WINDOWS\system32\zzzdeltemp.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuru]
--a------ 2003-09-22 21:34 192512 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-08-02 19:35 1232152 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-02-12 14:59 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
--a------ 2008-01-06 07:24 396288 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 16:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2003-11-26 10:40]
R0 uGuru;uGuru;C:\WINDOWS\system32\Drivers\uGuru.sys [2004-02-26 17:52]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-02 19:35]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-02 13:03]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-02 13:03]
S3 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 19:35]
S3 FAH@C:+Second Folding+FAH504-Console.exe;FAH@C:+Second Folding+FAH504-Console.exe;C:\Second Folding\FAH504-Console.exe [2007-07-11 02:43]
S3 FAH@C:+Third Folding+FAH504-Console.exe;FAH@C:+Third Folding+FAH504-Console.exe;C:\Third Folding\FAH504-Console.exe [2007-07-11 02:43]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys []
S4 KV;KV;C:\DOCUME~1\Patrick1\LOCALS~1\Temp\KV.exe []
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - (no file)
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-DAEMON Tools Pro Agent - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 23:01:44
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Second Folding+FAH504-Console.exe]
"ImagePath"="C:\Second Folding\FAH504-Console.exe -svcstart -svcstart -verbosity 9 -forceasm -advmethods -local"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Third Folding+FAH504-Console.exe]
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-03 23:02:47 - machine was rebooted [Patrick1]
ComboFix-quarantined-files.txt 2008-08-04 04:02:43
ComboFix2.txt 2008-08-02 20:53:21

Pre-Run: 51,978,829,824 bytes free
Post-Run: 51,875,655,680 bytes free

281 --- E O F --- 2008-08-02 23:12:20
  • 0

#6
greyknight17
Posted 04 August 2008 - 10:10 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
For your right click issue, take a look here to see if it can find which program is causing the problem.

For the sluggishness, you can try disabling a bunch of unnecessary startup items so it will use less resources every time you start up your computer. To do this, go to Start->Run and type in msconfig and hit OK. Then go to the Startup tab and uncheck all the programs you don't need at startup. You may ask, which ones are required? Only essential programs like your antivirus, antispyware and firewall should be running. If you must have some other programs running, I guess you can leave them as well. Everything else should be disabled. If you are unsure what a certain process does, search for the name in Google.
  • 0

#7
Congo123
Posted 06 August 2008 - 01:20 AM

Congo123

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for all the help. I'm back up to speed!!

Congo
  • 0

#8
greyknight17
Posted 06 August 2008 - 06:29 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP