Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Running Slow


  • This topic is locked This topic is locked
7 replies to this topic

#1 uglycustard

uglycustard

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 24 July 2007 - 04:48 AM

Hi can you checkout my hjt log please pc is running slow I've used Adware SE Spybot and also ran Stinger as well as cleaning out temp internet files recycle bin etc

thanks
steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:24, on 24/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hjt\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.expertagent.co.uk/asp/ScriptX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{887797C2-812A-4402-ABEB-64F9033AEF2C}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 4859 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 24 July 2007 - 05:27 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum uglycustard :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

It appears you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

-----------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-----------------------------------------------

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

----------------------------------------------

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a fresh Hijackthis log.
Posted Image
Posted Image

#3 uglycustard

uglycustard
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 25 July 2007 - 03:29 PM

Hi thanks for help I've done everythig of the above list you give me
First here is the Combofix

"2" - 2007-07-25 19:29:19 [GMT 1:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))


2007-07-25 19:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 14:49 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-24 14:24 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\AdobeUM
2007-07-24 12:41 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\ParetoLogic
2007-07-23 22:29 <DIR> d-------- C:\hjt
2007-07-21 22:04 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Uniblue
2007-07-20 16:26 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-20 16:26 <DIR> d-------- C:\Program Files\DSC_Program
2007-07-20 14:07 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\CyberLink
2007-07-18 22:49 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\TrojanHunter
2007-07-18 22:33 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-07-17 10:31 <DIR> d-------- C:\Program Files\SoundInDepth.com
2007-07-14 15:58 <DIR> d-------- D:\DOCUME~1\sharon\APPLIC~1\HP
2007-07-14 14:28 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\HP
2007-07-14 14:27 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-07-14 14:27 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2007-07-14 14:19 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-07-14 14:19 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-07-14 14:19 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Image Zone Express
2007-07-14 14:06 <DIR> d-------- C:\Program Files\Common Files\HP
2007-07-14 14:05 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-07-14 14:04 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-07-14 14:01 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-07-14 14:01 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-07-14 14:01 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-07-14 14:01 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-07-14 14:01 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-07-14 14:01 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-07-14 13:59 <DIR> d-------- C:\Program Files\HP
2007-07-14 13:53 121,340 --a------ C:\WINDOWS\hpoins11.dat
2007-07-13 16:04 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Lavasoft
2007-07-10 10:06 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Sonic
2007-07-10 10:06 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Leadertech
2007-07-09 19:06 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Creative
2007-07-09 18:18 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Ulead Systems
2007-07-09 15:29 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Google
2007-07-09 15:08 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\OD2
2007-07-09 15:07 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Sony Corporation
2007-07-09 14:48 2,359,296 --ah----- D:\DOCUME~1\2\NTUSER.DAT
2007-07-09 14:48 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\You've Got Pictures Screensaver
2007-07-09 14:48 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Symantec
2007-07-09 14:48 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\Real
2007-07-09 14:48 <DIR> d-------- D:\DOCUME~1\2\APPLIC~1\AOL
2007-07-09 14:28 <DIR> d-------- C:\Program Files\EMCO MoveOnBoot
2007-07-09 13:51 786,432 --ah----- D:\DOCUME~1\NETWOR~1.002\NTUSER.DAT
2007-07-09 13:51 786,432 --ah----- D:\DOCUME~1\LOCALS~1.002\NTUSER.DAT
2007-07-09 13:48 <DIR> d-------- C:\Program Files\Pando Networks
2007-07-09 13:37 <DIR> d-------- C:\Program Files\East-Tec Eraser 2007
2007-07-08 18:44 <DIR> d-------- C:\Program Files\taskmanager17
2007-07-08 18:44 <DIR> d-------- C:\Program Files\SimplecoverPrintXS
2007-07-08 18:44 <DIR> d-------- C:\Program Files\lpripper
2007-07-06 14:43 <DIR> d-------- C:\Program Files\Free Sound Recorder
2007-07-06 14:23 <DIR> d-------- C:\My Recordings
2007-07-06 14:21 <DIR> d-------- C:\Program Files\FREE Hi-Q Recorder
2007-07-05 09:24 <DIR> d-------- C:\Program Files\Privacy Mantra 2.03
2007-07-03 19:31 <DIR> d-------- D:\DOCUME~1\sharon\APPLIC~1\Sonic
2007-07-03 18:52 <DIR> d-------- D:\DOCUME~1\sharon\APPLIC~1\LimeWire
2007-07-03 18:51 <DIR> d-------- C:\Program Files\LimeWire
2007-07-03 18:33 <DIR> d-------- D:\DOCUME~1\sharon\APPLIC~1\Sony Corporation
2007-06-29 10:57 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2007-06-29 10:57 <DIR> d-------- C:\Program Files\URLSnooper2
2007-06-29 10:50 <DIR> d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-06-26 19:24 <DIR> d-------- C:\Program Files\RM Downloader
2007-06-26 15:13 <DIR> d-------- C:\Program Files\WinPcap
2007-06-26 15:06 <DIR> d-------- C:\Program Files\WMR11
2007-06-26 13:17 <DIR> d-------- C:\Downloaded Videos


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-14 19:06:37 114,688 ----a-w C:\WINDOWS\system32\liclock.dll
2007-07-14 18:18:37 -------- d-----w C:\Program Files\a-squared Free
2007-07-14 12:43:44 -------- d-----w C:\Program Files\Canon
2007-06-30 16:18:09 -------- d-----w C:\Program Files\FaceOnBody
2007-06-26 20:40:07 -------- d-----w C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2007-06-07 13:16:24 -------- d-----w C:\Program Files\Registry Distiller 1.03
2007-06-07 13:08:47 -------- d-----w C:\Program Files\Ss-Tools
2007-06-01 15:48:13 -------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-05-26 11:33:42 24 ----a-w C:\WINDOWS\system32\sysmwwod.dll
2007-05-26 08:13:50 -------- d-----w C:\Program Files\Kaspersky Lab
2007-05-26 07:52:11 -------- d-----w C:\Program Files\SuperScan
2007-05-25 14:45:25 -------- d-----w C:\Program Files\Alwil Software
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-25 14:05]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 21:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wanadoo Connection Kit.lnk]
backup=C:\WINDOWS\pss\Wanadoo Connection Kit.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]
RunDll32 sbusbdll.dll,RCMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\APPS\SMP\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 4.7\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMX]
C:\Program Files\WinMX\WinMX.exe -m

R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 lanmanserver;Server;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 lanmanworkstation;Workstation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport;C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S2 zntport;ioctrl driver ;\??\C:\WINDOWS\system32\zntport.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 QCDonner;Logitech QuickCam Express;C:\WINDOWS\system32\DRIVERS\OVCD.sys
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S4 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\system32\mnmsrvc.exe


Contents of the 'Scheduled Tasks' folder
2007-02-09 17:30:00 C:\WINDOWS\tasks\Extended Warranty.job
2007-02-09 17:30:03 C:\WINDOWS\tasks\Master CD_DVD Creator.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-25 19:32:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Logon User Name"="Owner"
"CleanShutdown"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning]
"CD Recorder Drive"="\\?\Volume{50d70fac-8da0-11da-909a-806d6172696f}\"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{50d70fac-8da0-11da-909a-806d6172696f}]
"Drive Type"=dword:00000001
"CurrentCDWriteSpeed"=dword:ffffffff
"MaxCDWriteSpeed"=dword:00000030

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg]
"ProgID"="PI3.Image"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PostBootReminders\Microsoft.OfferTour]
"Title"="Take a tour of Windows XP"
"Text"="To learn about the exciting new features in XP now, click here. To take the tour later, click All Programs on the Start menu, and then click Accessories."
"IconResource"="tourstart.exe,0"
"ShellExecute"="tourstart.exe"
"ShowTime"=dword:0000ea60
"RetryInterval"=dword:00000000
"RetryCount"=dword:00000000
"TypeFlags"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Application Data"
"Cookies"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Cookies"
"Desktop"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Desktop"
"Favorites"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Favorites"
"NetHood"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\NetHood"
"Personal"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\My Documents"
"PrintHood"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\PrintHood"
"Recent"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Recent"
"SendTo"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\SendTo"
"Start Menu"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Start Menu"
"Templates"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Templates"
"Programs"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Start Menu\Programs"
"Startup"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Start Menu\Programs\Startup"
"Local Settings"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings"
"Local AppData"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data"
"Cache"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\Temporary Internet Files"
"History"="D:\Documents and Settings\NetworkService.NT AUTHORITY.002\Local Settings\History"
"My Pictures"="D:\Documents and Settings\Owner\My Documents\My Pictures"
"My Music"="D:\Documents and Settings\Owner\My Documents\My Music"
"CD Burning"="D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CD Burning"
"My Video"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C98C782-8CC0-47DB-BD00-212A335982BB}\iexplore]
"Count"=dword:0000000a
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267F6A-A6F9-11D0-BC94-00C04FB67863}\iexplore]
"Type"=dword:00000001
"Count"=dword:00000014
"Time"=hex:d6,07,01,00,03,00,19,00,0d,00,1c,00,1b,00,6b,03
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"1001"=dword:00000000
"1407"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"Flags"=dword:000000db
"1407"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"1001"=dword:00000000
"1206"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1607"=dword:00000000
"1800"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1A00"=dword:00000000
"1A05"=dword:00000000
"1A10"=dword:00000000
"1E05"=dword:00030000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"1407"=dword:00000000
"1601"=dword:00000001
"1607"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"1604"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"Flags"=dword:000000db

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000000
"1004"=dword:00000001
"1201"=dword:00000001
"1206"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1607"=dword:00000000
"1800"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1809"=dword:00000003
"1A00"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1C00"=dword:00030000
"1E05"=dword:00030000
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel"=dword:00000000
"1407"=dword:00000000
"1601"=dword:00000001
"1607"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"MSMSGS"=""C:\Program Files\Messenger\msmsgs.exe" /background"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\grpconv.exe"="Windows Progman Group Converter"
"@xpsp1res.dll,-11001"="Internet Explorer"
"@shell32.dll,-22059"="Services"
"@C:\Program Files\Internet Explorer\iexplore.exe,-702"="Internet Explorer"
"C:\WINDOWS\SYSTEM32\netsh.exe"="Network Command Shell"
"@xpsp1res.dll,-2048"="USERPROFILE\Start Menu\Programs\Internet Explorer.lnk"
"@xpsp1res.dll,-2049"="ALLUSERSPROFILE\Start Menu\Programs\Accessories\Media Center\Media Center.lnk"
"@xpsp1res.dll,-2050"="ALLUSERSPROFILE\Start Menu\Programs\Windows Journal.lnk"
"@xpsp1res.dll,-2052"="ALLUSERSPROFILE\Start Menu\Programs\Get Going with Tablet PC.lnk"
"@xpsp1res.dll,-2053"="ALLUSERSPROFILE\Start Menu\Programs\Get Online with MSN.lnk"
"@xpsp2res.dll,-6109"="ALLUSERSPROFILE\Start Menu\Programs\MSN.lnk"
"@xpsp1res.dll,-2055"="USERPROFILE\Start Menu\Programs\Windows Media Player.lnk"
"@xpsp1res.dll,-2056"="ALLUSERSPROFILE\Start Menu\Programs\Windows Messenger.lnk"
"@xpsp1res.dll,-2057"="USERPROFILE\Start Menu\Programs\Accessories\Tour Windows XP.lnk"
"@xpsp1res.dll,-2058"="ALLUSERSPROFILE\Start Menu\Programs\Accessories\Windows Movie Maker.lnk"
"@xpsp1res.dll,-2059"="ALLUSERSPROFILE\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk"
"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"="\x5fae\x8edf\x65b0\x6ce8\x97f3\x8f38\x5165\x6cd5 2002a"
"C:\WINDOWS\sm56hlpr.exe"="Motorola SM56 Win32 Utility"
"C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"="Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\SOUNDMAN.EXE"="Realtek Sound Manager"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="Symantec User Session"
"C:\Program Files\Norton Internet Security\cfgwiz.exe"="Symantec Internal Component"
"C:\Program Files\Norton Internet Security\UrlLstCk.exe"="URL Check List"
"C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"="Norton Security Center Helper"
"C:\Program Files\Norton Internet Security\Norton AntiVirus\BootWarn.exe"="Norton AntiVirus Boot Warning"
"C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"="AutoDetector"
"C:\Apps\Powercinema\PCMService.exe"="CyberLink PowerCinema Resident Program"
"C:\Sysprep\factory.exe"="Factory pre-installation utility"
"C:\Sysprep\sysprep.exe"="sysprep utility"
"C:\OEMCUST\TOOLS\WIN32\CHKTIME.EXE"="CHKTIME"
"C:\FACTONLY\SOFTINST.EXE"="SOFTINST"
"C:\WINDOWS\System32\sigverif.exe"="File Signature Verification"
"@netcfgx.dll,-50001"="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."
"@netcfgx.dll,-50003"="Allows other computers to access resources on your computer using a Microsoft network."
"@netcfgx.dll,-50015"="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."
"@netcfgx.dll,-50002"="Allows your computer to access resources on a Microsoft network."
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\General]
"computername"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalBase"="D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML"
"DTDFile"="D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD"
"LocalDelta"="D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML"
"RemoteDelta"="D:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSR.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-25 19:34:00

--- E O F ---
and here the hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:02, on 25/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\hjt\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - C:\PROGRA~1\orange4\orange4.dll
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE4\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.expertagent.co.uk/asp/ScriptX.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 5737 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 26 July 2007 - 04:09 AM

The Combofix.txt and your Hijackthis log are both clean,hows your pc running now.
Posted Image
Posted Image

#5 uglycustard

uglycustard
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 26 July 2007 - 06:10 AM

Thanks Richie things seem to be running alot better and the internet seems alot faster too,thanyou very much for your help

kind regards
steve

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 26 July 2007 - 07:15 AM

You're welcome Steve :thumbsup:

Find and delete:
Combofix.exe
C:\QOOBOX.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#7 uglycustard

uglycustard
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 26 July 2007 - 12:51 PM

Thanks again Richie I'm very gratefull for your help,PC is defo running much faster.

cheers
steve

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 26 July 2007 - 02:20 PM

You're most welcome Steve :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users