Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Running Slow! [Closed]

Started by Rafi12 , Dec 28 2008 09:40 AM

  • This topic is locked This topic is locked

#31
Rafi12
Posted 03 January 2009 - 12:24 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

ComboFix 09-01-01.02 - Rafi12 2009-01-03 13:12:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.252 [GMT -5:00]
Running from: c:\documents and settings\Rafi12\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rafi12\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\msexcr.ini
c:\windows\system32\rn.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus\Rapid Antivirus.ini
c:\windows\system32\msexcr.ini
c:\windows\system32\rn.tmp

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-02 11:48 . 2009-01-02 11:50 <DIR> d-------- C:\Rooter$
2009-01-01 20:22 . 2009-01-01 20:22 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Apple Computer
2008-12-31 19:36 . 2008-12-31 19:36 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Nexon
2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\acccore
2008-12-31 13:30 . 2008-12-31 13:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 13:23 . 2008-12-31 13:28 <DIR> d-------- c:\documents and settings\Rafi12\.SunDownloadManager
2008-12-31 13:14 . 2008-12-31 13:14 <DIR> d-------- C:\_OTMoveIt
2008-12-31 12:58 . 2008-12-31 12:58 1,393 --a------ c:\windows\imsins.BAK
2008-12-31 12:56 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-12-31 11:37 . 2008-12-31 11:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzNjc1Mzl8_
2008-12-30 14:19 . 2008-12-30 14:19 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-30 14:13 . 2008-12-30 14:13 <DIR> d-------- c:\windows\ERUNT
2008-12-30 11:17 . 2008-12-30 11:17 (2) -rahs-ot- c:\windows\winstart.bat
2008-12-30 11:16 . 2008-12-30 13:54 <DIR> d-------- c:\program files\UnHackMe
2008-12-30 09:26 . 2008-12-30 09:26 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Malwarebytes
2008-12-30 09:08 . 2005-10-14 20:20 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Jasc Software Inc
2008-12-30 09:08 . 2008-12-30 09:10 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\GTek
2008-12-30 09:08 . 2008-12-30 09:08 <DIR> d-------- c:\documents and settings\Juhi.RAFI
2008-12-29 20:41 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2008-12-29 20:41 . 2001-08-17 13:28 391,199 --a------ c:\windows\system32\dllcache\hsf_k56k.sys
2008-12-29 20:41 . 2001-08-17 13:28 289,887 --a------ c:\windows\system32\dllcache\hsf_fall.sys
2008-12-29 20:41 . 2001-08-17 13:28 199,711 --a------ c:\windows\system32\dllcache\hsf_faxx.sys
2008-12-29 20:41 . 2001-08-17 13:28 150,239 --a------ c:\windows\system32\dllcache\hsf_amos.sys
2008-12-29 20:41 . 2001-08-17 13:28 115,807 --a------ c:\windows\system32\dllcache\hsf_fsks.sys
2008-12-29 20:41 . 2001-08-17 13:28 67,167 --a------ c:\windows\system32\dllcache\hsf_bsc2.sys
2008-12-29 20:41 . 2001-08-17 13:28 57,471 --a------ c:\windows\system32\dllcache\hsf_samp.sys
2008-12-29 20:41 . 2001-08-17 22:36 19,456 --a------ c:\windows\system32\dllcache\hr1w.dll
2008-12-29 20:41 . 2001-08-17 22:36 9,759 --a------ c:\windows\system32\dllcache\hsf_inst.dll
2008-12-29 20:41 . 2001-08-17 13:52 5,760 --a------ c:\windows\system32\dllcache\hpt4qic.sys
2008-12-29 20:39 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2008-12-29 20:38 . 2004-08-03 21:32 137,088 --a------ c:\windows\system32\dllcache\essm2e.sys
2008-12-29 20:37 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2008-12-29 20:36 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2008-12-29 20:35 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2008-12-29 20:34 . 2001-08-17 22:36 256,512 --a------ c:\windows\system32\dllcache\devcon32.dll
2008-12-29 20:33 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2008-12-29 20:32 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2008-12-29 20:31 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2008-12-29 20:30 . 2008-02-21 01:12 36,864 --a------ c:\windows\system32\MD5.ocx
2008-12-29 20:12 . 2008-12-31 21:40 <DIR> d-------- C:\SDFix
2008-12-28 14:43 . 2008-12-28 14:44 <DIR> d-------- C:\rsit
2008-12-28 09:05 . 2008-12-28 09:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\scripting
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\en
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\bits
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\l2schemas
2008-12-28 08:31 . 2008-12-28 08:31 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-27 23:00 . 2008-12-28 08:25 <DIR> d-------- c:\windows\EHome
2008-12-27 22:52 . 2008-12-27 22:53 <DIR> d-------- c:\program files\ERUNT
2008-12-27 22:32 . 2008-12-27 22:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 23:16 . 2008-12-26 23:16 <DIR> d-------- c:\program files\Alwil Software
2008-12-22 18:06 . 2008-12-22 18:07 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\SUPERAntiSpyware.com
2008-12-22 17:06 . 2008-12-22 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-21 12:41 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 12:32 . 2008-12-21 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 12:30 . 2008-12-21 12:30 <DIR> dr-h----- C:\MSOCache
2008-12-19 23:12 . 2008-12-19 23:12 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-19 19:53 . 2008-12-19 21:06 <DIR> d-------- c:\program files\Microsoft Small Business
2008-12-19 19:48 . 2008-12-21 12:37 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-19 19:41 . 2008-12-19 19:52 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 17:03 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 15:53 . 2008-12-22 18:25 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\Spyware Terminator
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Simply Super Software
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-06 11:33 . 2008-12-06 11:33 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Roxio
2008-12-06 11:28 . 2008-12-06 11:28 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Research In Motion
2008-12-06 11:27 . 2008-12-06 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-06 11:25 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Roxio
2008-12-06 11:25 . 2008-12-06 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-06 11:24 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-06 11:20 . 2008-12-06 11:20 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Blackberry Desktop
2008-12-06 11:20 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-06 11:20 . 2008-12-06 11:20 4,128 --a------ C:\INFCACHE.1
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Research In Motion
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 14:25 --------- d-----w c:\program files\Cheat Engine
2009-01-03 03:15 27,236 ----a-w c:\documents and settings\Rafi12\Application Data\wklnhst.dat
2009-01-02 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:47 --------- d-----w c:\program files\Dl_cats
2009-01-01 03:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 19:37 --------- d-----w c:\program files\Java
2008-12-31 16:50 --------- d-----w c:\program files\Spyware Doctor
2008-12-30 18:01 --------- d--h--w c:\documents and settings\Rafi12\Application Data\ijjigame
2008-12-30 01:52 --------- d-----w c:\program files\MUSICMATCH
2008-12-29 16:26 --------- d-----w c:\documents and settings\RAFI UDDIN\Application Data\DNA
2008-12-29 16:06 --------- d-----w c:\program files\DNA
2008-12-28 14:06 --------- d-----w c:\program files\AIM6
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 19:49 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-26 01:00 --------- d-----w c:\program files\Google
2008-12-22 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-21 17:43 --------- d-----w c:\documents and settings\Rafi12\Application Data\GetRightToGo
2008-12-21 17:38 --------- d-----w c:\program files\Microsoft Works
2008-12-13 21:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 16:27 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-23 03:15 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-23 03:03 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-11-18 20:41 --------- d-----w c:\documents and settings\Rafi12\Application Data\Twain
2008-11-16 23:31 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-16 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 15:09 --------- d-----w c:\documents and settings\Rafi12\Application Data\SUPERAntiSpyware.com
2008-11-16 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-11-16 01:21 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-11 19:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 19:13 --------- d-----w c:\program files\WarRock
2008-11-08 13:37 --------- d-----w c:\program files\Conduit
2008-11-04 01:01 --------- d-----w c:\documents and settings\Rafi12\Application Data\DNA
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-10 00:58 64,736 -c--a-w c:\documents and settings\Rafi12\Application Data\GDIPFONTCACHEV1.DAT
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-05 00:40 9,998 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\wklnhst.dat
2008-08-20 19:46 64,736 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\GDIPFONTCACHEV1.DAT
2008-12-02 16:49 642,048 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_18.39.03.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-11 20:34:34 2,115,816 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 -c--a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-09-23 11:47:55 45,218 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-03 16:49:40 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-01-03 17:38:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_764.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-09-22 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rafi12^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-17 19:19 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 02:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 16:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a--c--- 2005-07-22 14:03 425984 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-01-27 01:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-20 20:11 3053056 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-17 20:03 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalaatTime]
--------- 2008-05-15 21:01 13496320 c:\program files\Salaat Time\SalaatTime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-01 15:48 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 20:03 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\RAFI UDDIN\\Desktop\\MapleStory\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC Server
"6000:TCP"= 6000:TCP:Touchpad Media Server

R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2006-08-30 2368]
S3 Dua1;Dua1;\??\c:\documents and settings\RAFI UDDIN\My Documents\My Music\DualEngi.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\Rafi12\Desktop\Moonlight\Moonlight\IlvMoney1224.sys []
S3 MooseKOPMA;MooseKOPMA;\??\c:\documents and settings\RAFI UDDIN\Desktop\Unused Desktop Shortcuts\MooseKOPMA.sys [2006-05-13 3712]
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 toBzM;toBzM;\??\C:\toBzM.sys []
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3582859218-466029492-1563943610-1008.job
- c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 13:56]

2008-12-08 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: *.servername
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\sysreqlab_ind.dll - O16 -: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Rafi12\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 13:17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 13:23:09
ComboFix-quarantined-files.txt 2009-01-03 18:23:06
ComboFix2.txt 2009-01-03 15:18:32
ComboFix3.txt 2009-01-02 23:39:30

Pre-Run: 44,491,419,648 bytes free
Post-Run: 44,486,864,896 bytes free

355 --- E O F --- 2008-12-29 00:17:23
  • 0

Advertisements

#32
XmichouX
Posted 04 January 2009 - 10:10 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

1) [Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:files
c:\documents and settings\Rafi12\Application Data\Twain
c:\windows\system32\config\systemprofile\Application Data\gadcom

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



2) Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

3) Please post me a new fresh HijackThis log.
  • 0

#33
Rafi12
Posted 04 January 2009 - 11:05 AM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the OTMoveIt3 log. I'll get you the Kaspersky and HijackThis logs later.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\documents and settings\Rafi12\Application Data\Twain moved successfully.
c:\windows\system32\config\systemprofile\Application Data\gadcom moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01042009_115924

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_c4.dat not found!
  • 0

#34
Rafi12
Posted 04 January 2009 - 08:08 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Unfortunately the scan froze again. Here's the new HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:59 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabaz...er/tdserver.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9857 bytes
  • 0

#35
XmichouX
Posted 05 January 2009 - 03:58 PM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#36
Rorschach112
Posted 09 January 2009 - 04:47 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP