Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Slow Computer!


  • Please log in to reply
9 replies to this topic

#1 Machienzo

Machienzo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 01 October 2007 - 03:57 AM

Hi guys. Lately my computer has been running very slowly, and error reports are popping up everywhere. Spyware is constant, and my lag in-games has risen dramatically. Games freeze and then quit, and my computer has restarted alot. Please analyse this log, and detirmine what my problem is! thanks!








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:43 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 203.114.128.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: XBTP01621 Class - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-NZ/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://ps3media.ign.com/ps3/image/article/...19041333801.jpg
O24 - Desktop Component 1: (no name) - http://pictureserver.funnyjunk.com/pics2/dumbkid.jpg
O24 - Desktop Component 10: (no name) - http://kutthroat.forum5.com/templates/AdIn...s/top_image.jpg
O24 - Desktop Component 11: (no name) - http://media.ign.com/thumb/100/1007039/fin...03026_thumb.jpg
O24 - Desktop Component 12: (no name) - http://upload.wikimedia.org/wikipedia/en/2/28/Sephac.jpg
O24 - Desktop Component 13: (no name) - http://www.lacoctelera.com/myfiles/trashi/...yramid_head.jpg
O24 - Desktop Component 14: (no name) - http://www.starblogs.net/archives/weavers.jpg
O24 - Desktop Component 2: (no name) - http://ps3media.ign.com/ps3/image/article/...09023346321.jpg
O24 - Desktop Component 3: (no name) - http://ps3media.ign.com/ps3/image/article/...09023341493.jpg
O24 - Desktop Component 4: (no name) - http://ps3media.ign.com/ps3/image/article/...13104818547.jpg
O24 - Desktop Component 5: (no name) - http://ps3media.ign.com/ps3/image/article/...13104822406.jpg
O24 - Desktop Component 6: (no name) - http://upload.wikimedia.org/wikipedia/en/0/01/Ffvxiii3.jpg
O24 - Desktop Component 7: (no name) - http://upload.wikimedia.org/wikipedia/en/9/95/Ffvxiii6.jpg
O24 - Desktop Component 8: (no name) - http://upload.wikimedia.org/wikipedia/en/7...oxas_as_-13.jpg
O24 - Desktop Component 9: (no name) - http://upload.wikimedia.org/wikipedia/en/t...0px-Ffvxiii.jpg













-If anyone can help? please do! I dont know my system specs, or how to check em. Im very n00bish at this, and very worried. I have very expensive business files on this computer which I cant backup just yet, so Im nervous, as many of you older people may understand. thanks in advance to all those who can help!

Edited by Machienzo, 01 October 2007 - 06:30 PM.


BC AdBot (Login to Remove)

 


m

#2 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 01 October 2007 - 04:43 PM

Bump! I may not be allowed to bump, but its getting worse. i really need fast help. Please reply if you can.
Also I cant uninstall many applications as of this morning. and comp is slower now, than from my post yesterday.
I understand you guys are swamped with applications regarding help. And some seem more serious than mine, so do them first.

Edited by Machienzo, 01 October 2007 - 04:49 PM.


#3 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 04 October 2007 - 07:50 PM

Hi guys, I really need some help insuring my computer is clean. I keep getting error reports, and my computer is very buggy. Page loading and downloading is very slow also. Please help if you can. Thanks in advance. Without further ado, here is my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:27 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 203.114.128.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 10: (no name) - http://kutthroat.forum5.com/templates/AdIn...s/top_image.jpg
O24 - Desktop Component 11: (no name) - http://media.ign.com/thumb/100/1007039/fin...03026_thumb.jpg
O24 - Desktop Component 12: (no name) - http://upload.wikimedia.org/wikipedia/en/2/28/Sephac.jpg
O24 - Desktop Component 13: (no name) - http://www.lacoctelera.com/myfiles/trashi/...yramid_head.jpg
O24 - Desktop Component 14: (no name) - http://www.starblogs.net/archives/weavers.jpg

--
End of file - 4644 bytes

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 09 October 2007 - 11:43 AM

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u3.
  • Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
  • Close any programs you may have running - especially any web browsers.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Greets Jürgenv

Donation: Click me.

#5 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 October 2007 - 04:00 AM

Thank you for a response! I followed what u have written, and uninstalled the Java stuff, as well as currently downloading the new Java one. ITs gonna take 2 hours! (stuff of that size used to take 10minutes) And I shall post my New HijackThis log, and Combofix log when im done. Also, the combo link u provided appears of my computer to be old/out of date.
Sorry Ill be as fast as I can, and I shall report back to you when I can. I apologise for this, and Thanks again for helping me.

#6 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 October 2007 - 10:38 PM

Ok Here we go. Both logs are here now :D
First, the Hijackthis Log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:24 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inspire.net.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 203.114.128.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 10: (no name) - http://kutthroat.forum5.com/templates/AdIn...s/top_image.jpg
O24 - Desktop Component 11: (no name) - http://media.ign.com/thumb/100/1007039/fin...03026_thumb.jpg
O24 - Desktop Component 12: (no name) - http://upload.wikimedia.org/wikipedia/en/2/28/Sephac.jpg
O24 - Desktop Component 13: (no name) - http://www.lacoctelera.com/myfiles/trashi/...yramid_head.jpg
O24 - Desktop Component 14: (no name) - http://www.starblogs.net/archives/weavers.jpg

--
End of file - 4550 bytes















And the ComboFix log:







ComboFix 07-10-09.3 - Jamie Ambrose 2007-10-11 16:27:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.64.1033.18.678 [GMT 13:00]
Running from: C:\Documents and Settings\Jamie Ambrose\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-11 16:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 21:18 335 --a------ C:\WINDOWS\mozregistry.dat
2007-10-07 20:53 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-03 15:51 <DIR> d-------- C:\Program Files\Ashampoo
2007-10-02 11:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-10-01 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-01 21:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-29 16:42 <DIR> d-------- C:\Program Files\CCleaner
2007-09-24 15:52 <DIR> d-------- C:\Documents and Settings\Jamie Ambrose\Application Data\SolidDocuments
2007-09-24 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2007-09-20 23:22 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-09-20 23:22 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-09-17 13:35 <DIR> d-------- C:\Documents and Settings\Jamie Ambrose\Application Data\RecordPad
2007-09-17 13:35 <DIR> d-------- C:\Documents and Settings\Jamie Ambrose\Application Data\NCH Swift Sound
2007-09-17 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-09-13 18:37 <DIR> d-------- C:\Documents and Settings\Jamie Ambrose\Application Data\dvdcss
2007-09-13 18:29 <DIR> d-------- C:\Documents and Settings\Jamie Ambrose\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 03:25 --------- d-----w C:\Program Files\Steam
2007-10-09 04:40 --------- d-----w C:\Program Files\STEAM 2
2007-10-07 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-07 03:24 --------- d-----w C:\Documents and Settings\Jamie Ambrose\Application Data\LimeWire
2007-10-03 00:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-30 07:55 --------- d-----w C:\Program Files\World of Warcraft
2007-09-29 22:45 --------- d-----w C:\Program Files\Google
2007-09-29 07:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-01 08:16 11,665 ----a-w C:\WINDOWS\system32\Swpcmr.dll
2007-09-01 06:23 65,552 ----a-w C:\WINDOWS\system32\Ke386.DLL
2007-08-31 03:17 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-08-30 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-08-22 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 07:56 --------- d-----w C:\Documents and Settings\Jamie Ambrose\Application Data\Nvu
2007-08-18 07:15 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-08-17 00:53 --------- d-----w C:\Documents and Settings\Jamie Ambrose\Application Data\Smart PC Solutions
2007-08-16 09:42 --------- d-----w C:\Documents and Settings\Jamie Ambrose\Application Data\Apple Computer
2007-08-11 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-11 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2007-08-04 01:23 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-07-30 07:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 07:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 07:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 07:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 07:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 07:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 07:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 07:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 07:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-05-18 15:13:33 622,415 --sh--w C:\WINDOWS\system32\klnmp.bak1
2007-05-19 04:09:59 622,398 --sh--w C:\WINDOWS\system32\pqstv.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 20:48]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 16:01 C:\WINDOWS\SOUNDMAN.EXE]
"razer"="C:\Program Files\Razer\razerhid.exe" [2005-05-17 18:21]
"nwiz"="nwiz.exe" [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 14:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 20:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoSMHelp"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"EditLevel"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsHistory"=1 (0x1)
"NoTrayItemsDisplay"=0 (0x0)

R3 Intels51;Intel® 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 03:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 16:33:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 16:34:18
.
--- E O F ---





















-Also it should be noted, when the Combofix was completed, that my default internet browser reverted back to Internet Explorer (was using firefox).

#7 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 11 October 2007 - 08:35 AM

Go to http://www.virustotal.com/nl/ and upload the following files:

C:\WINDOWS\system32\Swpcmr.dll
C:\WINDOWS\system32\Ke386.DLL

Post the results of it here.
Greets Jürgenv

Donation: Click me.

#8 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 October 2007 - 11:21 PM

This is the result for the Swpcmr.dll file.

--------------------------------------------------------------------

Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 -
Authentium 4.93.8 2007.10.12 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 -
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5204 2007.10.12 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.11 -
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.12 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 -
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2586 2007.10.11 -
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Prevx1 V2 2007.10.12 -
Rising 19.44.40.00 2007.10.12 -
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 -
TheHacker 6.2.8.086 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 -
Additional information
File size: 11665 bytes
MD5: 3312782d4c5b3486826c5beaf9533498
SHA1: 954edd81736737097ee04c321d6858a85a961cfc


-----------------------------------------------------------------------------------------------------


-0% w00. Now for the next file, which is Ke386.DLL



========================================================




Antivirus Version Last Update Result
AhnLab-V3 2007.10.12.0 2007.10.11 -
AntiVir 7.6.0.20 2007.10.11 -
Authentium 4.93.8 2007.10.12 -
Avast 4.7.1051.0 2007.10.11 -
AVG 7.5.0.488 2007.10.11 -
BitDefender 7.2 2007.10.12 -
CAT-QuickHeal 9.00 2007.10.11 -
ClamAV 0.91.2 2007.10.11 -
DrWeb 4.44.0.09170 2007.10.12 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5204 2007.10.12 -
Ewido 4.0 2007.10.11 -
FileAdvisor 1 2007.10.12 -
Fortinet 3.11.0.0 2007.10.11 -
F-Prot 4.3.2.48 2007.10.11 -
F-Secure 6.70.13030.0 2007.10.12 -
Ikarus T3.1.1.12 2007.10.12 -
Kaspersky 7.0.0.125 2007.10.12 -
McAfee 5139 2007.10.11 -
Microsoft 1.2908 2007.10.12 -
NOD32v2 2586 2007.10.11 -
Norman 5.80.02 2007.10.11 -
Panda 9.0.0.4 2007.10.11 -
Prevx1 V2 2007.10.12 -
Rising 19.44.40.00 2007.10.12 -
Sophos 4.22.0 2007.10.12 -
Sunbelt 2.2.907.0 2007.10.11 -
Symantec 10 2007.10.12 -
TheHacker 6.2.8.086 2007.10.11 -
VBA32 3.12.2.4 2007.10.11 -
VirusBuster 4.3.26:9 2007.10.11 -
Webwasher-Gateway 6.0.1 2007.10.11 -
Additional information
File size: 65552 bytes
MD5: ba223e0e5588e3556e98940990f7b6bd
SHA1: 5bc79e58bb231feb786eec96b1d477abd59b917f


============================================

Both saying 0%. I guess that makes no infection! :D
Theres the logs anyway sir :thumbsup:

#9 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:50 AM

Posted 12 October 2007 - 08:55 AM

No it means it didn't scanned. :thumbsup: Are you sure something sas 'done' or 'finished'? Are those files in a queued position?
Greets Jürgenv

Donation: Click me.

#10 Machienzo

Machienzo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 12 October 2007 - 10:15 PM

Both of them said 0/32 FINISHED.

Maybe I missed something. Ill rescan them to be sure. Sorry :thumbsup:

Edited by Machienzo, 12 October 2007 - 10:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users