Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Slow!


  • Please log in to reply
3 replies to this topic

#1 giverr4

giverr4

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 August 2007 - 10:46 PM

my laptop is running very slowly and im not sure how to fix it

here is a copy of my log Attached File  hijackthis.log   10.12KB   43 downloads

i would greatly appreciate any feedback on this

thanks Phil

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 08 August 2007 - 04:06 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum giverr4 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log.

*Note*
Please copy then paste all logs/reports directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 giverr4

giverr4
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 11 August 2007 - 02:26 AM

ok i did what u said and the following posts are 1. combofix 2.deljob 3. hijackthis ...thanks again i anticipate yer next post


ComboFix 07-08-11 - "Nikki" 2007-08-11 4:02:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.156 [GMT -3:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Nikki\APPLIC~1.\macromedia\Flash Player\#SharedObjects\HLUY2MJC\www.broadcaster.com
C:\DOCUME~1\Nikki\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Nikki\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 03:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 23:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-10 21:39 262,144 --a------ C:\DOCUME~1\Owner\NTUSER.DAT
2007-08-08 02:58 278,016 --a------ C:\WINDOWS\system32\vct3216.dll
2007-08-07 22:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-06 16:46 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
2007-08-05 10:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-05 09:42 <DIR> d-------- C:\DOCUME~1\Nikki\APPLIC~1\vlc
2007-08-05 09:40 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-05 08:04 <DIR> d-------- C:\Program Files\Nero
2007-08-04 20:26 <DIR> d-------- C:\Program Files\BitSpirit
2007-08-04 18:37 <DIR> d-------- C:\DOCUME~1\Nikki\APPLIC~1\Uniblue
2007-08-04 10:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-04 05:02 <DIR> d-------- C:\WINDOWS\setupupd


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 10:31 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-05 09:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 09:01 --------- d-------- C:\Program Files\CyberLink
2007-08-04 19:18 --------- d-------- C:\Program Files\WinAVIVideoConverter
2007-08-04 14:32 --------- d-------- C:\Program Files\Sony
2007-08-04 14:07 --------- d-------- C:\Program Files\Elaborate Bytes
2007-08-04 14:05 87608 --a------ C:\DOCUME~1\Nikki\APPLIC~1\ezpinst.exe
2007-08-04 14:05 47360 --a------ C:\DOCUME~1\Nikki\APPLIC~1\pcouffin.sys
2007-08-04 14:05 --------- d-------- C:\DOCUME~1\Nikki\APPLIC~1\Vso
2007-08-04 10:20 --------- d-------- C:\Program Files\MSN Messenger
2007-08-04 10:12 --------- d-------- C:\Program Files\MessengerPlus! 3
2007-08-04 08:09 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-04 08:08 --------- d-------- C:\DOCUME~1\Nikki\APPLIC~1\uTorrent
2007-08-04 08:03 --------- d-------- C:\Program Files\MUSICMATCH
2007-07-05 19:09 --------- d-------- C:\Program Files\Dl_cats
2007-05-16 12:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 12:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 12:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 12:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 12:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 12:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2005-12-22 19:55:44 56 --sh--r C:\WINDOWS\system32\80FA6D1F83.sys
2005-12-22 19:55:44 1,786 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50F18E7F-705D-4D32-A107-A8FAB785C8BD}]
C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81FE9266-913D-BFC3-47D0-78761E72E955}]
C:\DOCUME~1\Nikki\APPLIC~1\CLOCKP~1\MessInternet.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B07CB267-5E6F-441F-9B3C-324EFE70F897}]
C:\WINDOWS\system32\xxyxvwu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 18:41]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 22:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 17:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 17:02]
"Campboobbitsup"="C:\Documents and Settings\All Users\Application Data\2FourCampBoob\Peakdata.exe" [2005-10-15 18:30]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-10 23:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-10 23:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-13 23:53:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B07CB267-5E6F-441F-9B3C-324EFE70F897}"= C:\WINDOWS\system32\xxyxvwu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


R2 SimpTcp;Simple TCP/IP Services;C:\WINDOWS\system32\tcpsvcs.exe
R2 SNMP;SNMP Service;C:\WINDOWS\System32\snmp.exe
R3 dvd43llh;dvd43llh;C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
S2 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
S3 LPDSVC;TCP/IP Print Server;C:\WINDOWS\system32\tcpsvcs.exe
S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\System32\snmptrap.exe


Contents of the 'Scheduled Tasks' folder
2007-08-11 07:00:00 C:\WINDOWS\Tasks\ABEDE3A8919698E4.job
2007-08-11 07:05:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
2007-08-04 21:36:54 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-04 21:36:32 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 04:06:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 4:07:31
C:\ComboFix-quarantined-files.txt ... 2007-08-11 04:07

--- E O F ---




--------------------------------------------------------
File(s) moved to C:\deljob

ABEDE3A8919698E4.job
--------------------------------------------------------
Files remaining after cleaning

Check Updates for Windows Live Toolbar.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is 643B-4BA4

Directory of C:\Documents and Settings\Nikki\Application Data

10/08/2007 11:20 PM <DIR> .
10/08/2007 11:20 PM <DIR> ..
02/02/2007 07:18 AM <DIR> 1CLICK~1 1clickPro
28/07/2005 05:51 PM <DIR> Adobe
31/03/2007 08:13 PM <DIR> AdobeUM
15/02/2007 11:18 PM <DIR> Ahead
26/01/2006 12:56 AM <DIR> APPLEC~1 Apple Computer
11/08/2007 01:01 AM <DIR> AVG7
08/01/2007 11:37 PM <DIR> BITTOR~1 BitTorrent
22/10/2005 06:40 PM <DIR> CLOCKP~1 Clock Pile Peak
22/12/2005 04:55 PM <DIR> Corel
25/07/2005 01:09 PM <DIR> CYBERL~1 CyberLink
22/10/2005 06:41 PM <DIR> DEADPR~1 dead proc curb
29/01/2007 12:37 AM <DIR> dvdcss
09/10/2005 06:40 AM <DIR> Google
10/08/2007 11:20 PM <DIR> Grisoft
14/04/2007 02:25 AM <DIR> Gtek
12/10/2005 06:20 PM <DIR> Help
10/08/2004 03:08 PM <DIR> IDENTI~1 Identities
13/07/2005 11:49 PM <DIR> Intel
31/07/2005 06:57 PM <DIR> Lavasoft
26/07/2005 08:41 PM <DIR> LEADER~1 Leadertech
30/07/2005 08:14 PM <DIR> MACROM~1 Macromedia
06/07/2007 12:26 AM <DIR> MICROS~1 Microsoft
01/11/2005 07:02 PM <DIR> Mozilla
27/08/2005 05:19 AM <DIR> MSNINS~1 MSNInstaller
10/01/2006 10:03 AM <DIR> Netscape
07/02/2007 12:37 AM <DIR> PCTOOL~1 PC Tools
14/05/2007 02:35 PM <DIR> PUBLIS~1 Publish Providers
12/11/2005 11:24 AM <DIR> Real
27/12/2005 12:13 PM <DIR> SECRET~1 Secretmaker
09/04/2007 11:29 PM <DIR> SIMPLY~1 Simply Super Software
28/01/2007 07:50 PM <DIR> SlySoft
26/07/2005 08:42 PM <DIR> Sonic
14/05/2007 02:33 PM <DIR> Sony
14/05/2007 01:14 PM <DIR> SONYSE~1 Sony Setup
13/07/2005 11:47 PM <DIR> Sun
28/01/2007 11:41 PM <DIR> SUPERT~1 SuperTorrent
01/11/2005 07:02 PM <DIR> Talkback
04/08/2007 07:06 PM <DIR> Uniblue
04/08/2007 08:08 AM <DIR> uTorrent
05/08/2007 09:42 AM <DIR> vlc
04/08/2007 02:05 PM <DIR> Vso
07/02/2007 01:54 AM <DIR> Webroot
25/03/2006 10:12 PM <DIR> WHOLES~1 WholeSecurity
13/07/2005 11:55 PM <DIR> YOU'VE~1 You've Got Pictures Screensaver
0 File(s) 0 bytes
46 Dir(s) 41,528,680,448 bytes free
Volume in drive C has no label.
Volume Serial Number is 643B-4BA4

Directory of C:\Documents and Settings\All Users\Application Data

10/08/2007 11:16 PM <DIR> .
10/08/2007 11:16 PM <DIR> ..
03/05/2007 12:22 AM <DIR> 1CLICK~1 1Click DVD Copy
29/03/2007 03:01 AM <DIR> 1CLICK~2 1Click DVD Copy Pro
15/10/2005 06:30 PM <DIR> 2FOURC~1 2FourCampBoob
13/07/2005 11:55 PM <DIR> Adobe
15/02/2007 11:18 PM <DIR> Ahead
31/07/2005 07:13 PM <DIR> AOL
30/10/2005 06:39 PM <DIR> APPLEC~1 Apple Computer
10/08/2007 11:13 PM <DIR> avg7
11/11/2005 07:10 PM <DIR> BRODER~1 Broderbund Software
13/07/2005 11:51 PM <DIR> CYBERL~1 CyberLink
06/08/2007 07:04 PM <DIR> DVDSHR~1 DVD Shrink
28/01/2007 08:09 PM <DIR> ELABOR~1 Elaborate Bytes
10/08/2007 11:22 PM <DIR> Grisoft
13/07/2005 11:58 PM <DIR> GTek
13/07/2005 11:59 PM <DIR> INSTAL~1 InstallShield
13/07/2005 11:49 PM <DIR> Intel
08/10/2005 11:03 PM <DIR> MESSEN~1 Messenger Plus!
19/05/2007 01:17 AM <DIR> MICROS~1 Microsoft
27/12/2006 08:35 PM <DIR> Motive
05/08/2007 10:24 AM <DIR> Nero
15/09/2005 02:12 AM <DIR> QUICKT~1 QuickTime
11/11/2005 07:21 PM <DIR> RIVERD~1 Riverdeep Interactive Learning Limited
10/08/2004 03:13 PM <DIR> SBSI
04/08/2007 10:46 AM <DIR> SPYBOT~1 Spybot - Search & Destroy
09/06/2007 01:42 AM <DIR> TEMP
30/07/2005 08:18 PM <DIR> WINDOW~1 Windows Genuine Advantage
06/07/2007 12:24 AM <DIR> WINDOW~2 Windows Live Toolbar
0 File(s) 0 bytes
29 Dir(s) 41,528,676,352 bytes free
--------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:53 AM, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exchange.nbed.nb.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50F18E7F-705D-4D32-A107-A8FAB785C8BD} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81FE9266-913D-BFC3-47D0-78761E72E955} - C:\DOCUME~1\Nikki\APPLIC~1\CLOCKP~1\MessInternet.exe (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\xxyxvwu.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Campboobbitsup] "C:\Documents and Settings\All Users\Application Data\2FourCampBoob\Peakdata.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179520445937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7114 bytes


thanks again

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 11 August 2007 - 04:40 AM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Documents and Settings\Nikki\Application Data\Clock Pile Peak
C:\Documents and Settings\Nikki\Application Data\dead proc curb
C:\Documents and Settings\All Users\Application Data\2FourCampBoob


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

-------------------------------------------------------

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {50F18E7F-705D-4D32-A107-A8FAB785C8BD} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81FE9266-913D-BFC3-47D0-78761E72E955} - C:\DOCUME~1\Nikki\APPLIC~1\CLOCKP~1\MessInternet.exe (file missing)
O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - C:\WINDOWS\system32\xxyxvwu.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Campboobbitsup] "C:\Documents and Settings\All Users\Application Data\2FourCampBoob\Peakdata.exe"

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users