Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Painfully Slow System!


  • This topic is locked This topic is locked
9 replies to this topic

#1 Inveryes

Inveryes

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 06 October 2007 - 08:21 AM

Common problem I guess but PC is dreadfully slow at times. Not talking about internet, just general usage.

Symptoms:

For example, I click on "Start" then "My Computer" and a blank window opens whilst the little torch icon searches for the contents. Why?

Responses from the PC to clicking on buttons is slow.

Loading my settings at log on is slow.

Logging off is slow.

Sometimes after my daughter has been on the PC and logged off correctly, when I try to log on the monitor screen is blank and the light on the monitor flashes ( hibernation ? ). Nothing can be done to resurrect the monitor so we have to switch off and on again.

Listening to music on Windows Media Player minimized to the task bar, when I click on restore to full screen, it can take about 20 seconds and another 10 seconds or more before the animated vizualisations run smoothly.

So far I have run:

Ad Aware
Spybot
Eusing Registry Cleaner
McAfee Viruscan
Disk Defragmenter
Disk Cleanup
McAfee Quick Lite Internet Clean Up
McAfee Quick Lite Disk Clean Up
AVG Anti-Rootkit
Tried "Run", "temp" and deleted all files
Tried "Run", prefetch" and deleted all files
Ran through a hardware check via a telephone call to Dell. No problems found
Updated my BIOS from AO3 to AO9
I've looked up all running processes and none seem out of place.
I've run the Windows System File Check Utility ( it told me nothing at all so presumably it was OK )
and finally ran off a Hijck This log as below.

Can anyone please offer any advice?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:32, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] "C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" /START
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{210D279E-A0FF-4F8D-BC4B-6B0F3D27DA31}: NameServer = 62.241.163.200 62.241.162.201
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9330 bytes


System Spec:

Dell Dimension 8400 P4 530, 3.00 GHz, 800fsb, 1mb cache
Windows XP Home Edition SP2
1024mb Dual Channel DDR2 400 MHz ( 2 x 512 )
Dell M993 19 Ultra Scan CRT Monitor
256mb PCI Express x 16 ATI Radeon X800 XT
250Gb Serial ATA Hard Drive 8mb DataBurst cache
16x max DVD +/- RW dual layer
( NEC DVD+-RW ND 3450A)
Sound Blaster Audigy 2 (Dell), PCI w/Dolby Digital 5.1 and IEEE1394
Dell 5650 5.1 surround sound speaker system

BC AdBot (Login to Remove)

 


m

#2 Inveryes

Inveryes
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 06 October 2007 - 05:30 PM

In anticipation of being asked to produce a ComboFix log, here it is:

ComboFix 07-10-06.5 - Richard Wright 2007-10-06 23:11:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.399 [GMT 1:00]
Running from: C:\Documents and Settings\Richard Wright\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Joe\Desktop\internet.lnk
C:\Documents and Settings\Katie\Desktop\internet.lnk

.
((((((((((((((((((((((((( Files Created from 2007-09-06 to 2007-10-06 )))))))))))))))))))))))))))))))
.

2007-10-06 23:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 18:25 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-06 16:58 <DIR> dr-h----- C:\Documents and Settings\Richard Wright\Application Data\SecuROM
2007-10-06 12:36 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-06 12:36 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-06 12:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-06 12:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-06 12:36 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-06 12:35 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-06 12:35 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-10-06 12:35 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-06 12:35 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-06 12:35 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-10-06 12:33 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-10-06 12:32 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-10-06 12:32 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-10-06 12:32 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-10-06 12:29 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-10-06 12:29 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-10-06 12:29 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-10-06 12:29 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-10-06 12:29 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-10-06 12:29 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-10-06 12:29 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-10-06 12:29 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-10-06 12:29 11,325 --a--c--- C:\WINDOWS\system32\dllcache\vchnt5.dll
2007-10-06 12:25 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-10-06 12:25 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-10-06 12:25 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-10-06 12:25 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-10-06 12:25 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-10-06 12:25 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-10-06 12:25 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-10-06 12:25 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-10-06 12:25 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-10-06 12:23 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-10-06 12:23 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-10-06 12:23 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-10-06 12:23 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-10-06 12:23 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2007-10-06 12:23 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2007-10-06 12:19 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2007-10-06 12:19 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-10-06 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2007-10-06 12:19 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2007-10-06 12:19 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-10-06 12:15 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-10-06 12:15 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2007-10-06 12:15 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2007-10-06 12:15 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2007-10-06 12:10 9,344 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys
2007-10-06 12:10 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys
2007-10-06 12:10 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys
2007-10-06 12:10 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-10-06 12:10 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2007-10-06 12:10 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2007-10-06 12:10 180,360 --a--c--- C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2007-10-06 12:10 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll
2007-10-06 12:10 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-06 12:09 87,040 --a--c--- C:\WINDOWS\system32\dllcache\nm6wdm.sys
2007-10-06 12:09 65,278 --a--c--- C:\WINDOWS\system32\dllcache\netflx3.sys
2007-10-06 12:09 60,480 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.dll
2007-10-06 12:09 39,264 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.sys
2007-10-06 12:09 32,840 --a--c--- C:\WINDOWS\system32\dllcache\ngrpci.sys
2007-10-06 12:09 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2007-10-06 12:09 126,080 --a--c--- C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2007-10-06 12:07 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-10-06 12:07 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-10-06 12:07 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2007-10-06 12:07 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2007-10-06 12:07 126,686 --a--c--- C:\WINDOWS\system32\dllcache\mtlmnt5.sys
2007-10-06 12:07 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2007-10-06 12:07 1,309,184 --a--c--- C:\WINDOWS\system32\dllcache\mtlstrm.sys
2007-10-06 11:54 314,752 --a--c--- C:\WINDOWS\system32\dllcache\camdro21.sys
2007-10-06 11:54 223,232 --a--c--- C:\WINDOWS\system32\dllcache\camdrv21.sys
2007-10-06 11:54 171,264 --a--c--- C:\WINDOWS\system32\dllcache\camdrv30.sys
2007-10-06 11:45 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-10-05 22:54 401,720 --a------ C:\Program Files\HiJackThis.exe
2007-10-05 22:46 <DIR> d-------- C:\Program Files\DRIVERS
2007-10-04 21:42 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-04 21:42 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-09-26 18:38 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-09-26 17:13 <DIR> d-------- C:\Program Files\RegistryPatrol3.0
2007-09-23 15:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-09-23 15:11 <DIR> d-------- C:\Program Files\avg
2007-09-22 23:12 <DIR> d-------- C:\Program Files\PCPitstop
2007-09-21 21:37 <DIR> d-------- C:\Documents and Settings\Richard Wright\Application Data\Uniblue
2007-09-20 21:50 <DIR> d-------- C:\WINDOWS\pss
2007-09-20 18:06 <DIR> d-------- C:\Program Files\startuplist
2007-09-20 17:27 66,808 --a------ C:\Program Files\STOPzilla_Setup.exe
2007-09-20 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-09-11 16:26 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 16:58 107888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-06 11:13 9331 --a------ C:\Program Files\hijackthis.log
2007-10-02 20:27 --------- d-------- C:\Documents and Settings\Richard Wright\Application Data\uTorrent
2007-10-02 08:34 --------- d-------- C:\Documents and Settings\Richard Wright\Application Data\SiteAdvisor
2007-09-30 10:02 --------- d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-09-25 21:52 --------- d-------- C:\Program Files\DivX
2007-09-25 21:47 --------- d-------- C:\Program Files\Anvil Studio
2007-09-21 21:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-20 22:13 --------- d-------- C:\Program Files\DVD shrink
2007-09-20 18:06 54859 --a------ C:\Program Files\startuplist.zip
2007-09-20 18:00 --------- d-------- C:\Program Files\Rio
2007-09-20 17:52 --------- d-------- C:\Program Files\Championship Manager 5
2007-09-20 17:50 --------- d-------- C:\Program Files\THQ
2007-09-20 17:48 --------- d-------- C:\Program Files\Apple Software Update
2007-09-19 20:43 --------- d-------- C:\Program Files\iTunes
2007-09-18 08:31 --------- d-------- C:\Documents and Settings\Richard Wright\Application Data\Apple Computer
2007-09-15 18:25 --------- d-------- C:\Documents and Settings\Katie\Application Data\VideoEgg
2007-09-09 19:02 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-09 00:07 --------- d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-08-31 20:12 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-29 22:03 --------- d-------- C:\Documents and Settings\Kirsty\Application Data\DivX
2007-08-29 18:03 --------- d-------- C:\Documents and Settings\Kirsty\Application Data\Move Networks
2007-08-24 01:28 --------- d-------- C:\Documents and Settings\Joe\Application Data\Apple Computer
2007-08-21 21:17 --------- d-------- C:\Documents and Settings\Katie\Application Data\SiteAdvisor
2007-08-17 19:38 --------- d-------- C:\Documents and Settings\Katie\Application Data\Sonic
2007-08-15 13:51 --------- d-------- C:\Documents and Settings\Joe\Application Data\SiteAdvisor
2007-08-08 09:57 --------- d-------- C:\Documents and Settings\Joe\Application Data\DivX
2007-08-07 13:43 --------- d-------- C:\Documents and Settings\Joe\Application Data\uTorrent
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 00:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 00:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-07 22:21 1688176 --a------ C:\Program Files\dvdaudioextractor.exe
2005-07-18 20:17 348869 --a------ C:\Program Files\GoogleEarth.exe
2005-05-15 14:18 12754672 --a--c--- C:\Program Files\Common Files\MP10Setup.exe
2005-05-03 22:25 20798256 --a--c--- C:\Program Files\Common Files\AdbeRdr70_enu_full.exe
2005-05-03 22:18 111232 --a--c--- C:\Program Files\Common Files\example_register.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2004-03-11 02:50 C:\WINDOWS\system32\CTHELPER.EXE]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 18:55]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2003-01-30 18:55]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-07-31 16:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe" [2004-09-08 05:00]

C:\Documents and Settings\Katie\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-06-24 01:23:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee QuickClean Imonitor]
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCPitstop Optimize Registration Reminder"=C:\Program Files\PCPitstop\Optimize\Reminder.exe
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE

R3 LVCap138;LifeView LR138 Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys
R3 lvtuner;LifeView WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys
R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys
S3 lac97inf;lac97inf;\??\C:\DOCUME~1\Anne\LOCALS~1\Temp\lac97inf.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 V2210VID;DigitalCam Pro;C:\WINDOWS\system32\DRIVERS\V2210vid.sys
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 05:49:13 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 00:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-01 20:51:01 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-09-21 20:51:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 23:19:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-06 23:22:47
C:\ComboFix-quarantined-files.txt ... 2007-10-06 23:22
.
--- E O F ---

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 16 October 2007 - 10:15 AM

Delete your existing combofix and redownload it with these instructions:
  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.

#4 Inveryes

Inveryes
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 16 October 2007 - 12:32 PM

Thanks grinler!

Here's the combofix log:


ComboFix 07-10-16.1 - Richard Wright 2007-10-16 18:18:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.627 [GMT 1:00]
Running from: C:\Documents and Settings\Richard Wright\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-14 09:18 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2007-10-14 09:04 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Lavasoft
2007-10-13 19:11 <DIR> d--h----- C:\Documents and Settings\Kirsty\Application Data\GTek
2007-10-13 16:35 <DIR> d-------- C:\Program Files\Autoruns
2007-10-13 16:34 496,226 --a------ C:\Program Files\Autoruns.zip
2007-10-11 12:59 <DIR> d-------- C:\Documents and Settings\Katie\Application Data\Samsung
2007-10-11 12:47 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-10-11 12:47 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2007-10-11 12:47 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2007-10-11 12:47 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2007-10-11 12:46 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-10-11 12:46 <DIR> d-------- C:\Program Files\Samsung
2007-10-11 12:46 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2007-10-11 12:46 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2007-10-11 12:46 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2007-10-11 12:46 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2007-10-11 12:46 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2007-10-11 12:46 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2007-10-11 12:46 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2007-10-11 10:42 <DIR> d-------- C:\Program Files\ACW
2007-10-11 10:42 135,528 --a------ C:\Program Files\315265.exe
2007-10-10 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2007-10-10 17:26 0 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2007-10-10 17:11 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-09 22:03 <DIR> d--h----- C:\Documents and Settings\Anne\Application Data\GTek
2007-10-09 19:13 <DIR> d--h----- C:\Documents and Settings\Katie\Application Data\GTek
2007-10-09 18:48 <DIR> d-------- C:\Program Files\UPHClean
2007-10-09 17:58 559,856 --a------ C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe
2007-10-09 17:54 98,358 --a------ C:\WINDOWS\dla.exe
2007-10-09 17:54 87,488 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2007-10-09 17:54 61,498 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-10-09 17:54 40,480 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-10-09 17:54 23,545 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-10-09 17:54 5,627 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-10-09 17:45 <DIR> d-------- C:\Program Files\DellSupport
2007-10-09 17:45 <DIR> d--h----- C:\Documents and Settings\Richard Wright\Application Data\GTek
2007-10-09 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-08 17:21 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-10-08 15:25 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
2007-10-08 15:11 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-10-08 15:10 11,776 --a------ C:\WINDOWS\INRES.DLL
2007-10-08 15:10 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2007-10-08 15:10 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2007-10-08 13:46 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-07 22:16 <DIR> d-------- C:\Program Files\CCleaner
2007-10-06 23:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 16:58 <DIR> dr-h----- C:\Documents and Settings\Richard Wright\Application Data\SecuROM
2007-10-06 12:36 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-06 12:36 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-06 12:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-06 12:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-06 12:36 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-06 12:35 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-06 12:35 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-06 12:35 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-06 12:35 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-10-06 12:35 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-10-06 12:33 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-10-06 12:32 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-10-06 12:32 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-10-06 12:32 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-10-06 12:29 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-10-06 12:29 794,399 --a--c--- C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-10-06 12:29 793,598 --a--c--- C:\WINDOWS\system32\dllcache\usr1806.sys
2007-10-06 12:29 765,884 --a--c--- C:\WINDOWS\system32\dllcache\usrti.sys
2007-10-06 12:29 687,999 --a--c--- C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-10-06 12:29 224,802 --a--c--- C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-10-06 12:29 113,762 --a--c--- C:\WINDOWS\system32\dllcache\usrpda.sys
2007-10-06 12:29 11,325 --a--c--- C:\WINDOWS\system32\dllcache\vchnt5.dll
2007-10-06 12:29 7,556 --a--c--- C:\WINDOWS\system32\dllcache\usroslba.sys
2007-10-06 12:25 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-10-06 12:25 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-10-06 12:25 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-10-06 12:25 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-10-06 12:25 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-10-06 12:25 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-10-06 12:25 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-10-06 12:25 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-10-06 12:25 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-10-06 12:23 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-10-06 12:23 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-10-06 12:23 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-10-06 12:23 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-10-06 12:23 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2007-10-06 12:23 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2007-10-06 12:19 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-10-06 12:19 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-10-06 12:19 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2007-10-06 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2007-10-06 12:19 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2007-10-06 12:15 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-10-06 12:15 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2007-10-06 12:15 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2007-10-06 12:15 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2007-10-06 12:10 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-10-06 12:10 1,897,408 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-06 12:10 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2007-10-06 12:10 180,360 --a--c--- C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2007-10-06 12:10 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll
2007-10-06 12:10 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 17:13 --------- d-----w C:\Documents and Settings\Richard Wright\Application Data\uTorrent
2007-10-16 10:35 82,432 ----a-w C:\Documents and Settings\Katie\Application Data\GDIPFONTCACHEV1.DAT
2007-10-13 15:24 --------- d-----w C:\Documents and Settings\Richard Wright\Application Data\SiteAdvisor
2007-10-13 12:43 46,910 ----a-w C:\Documents and Settings\Richard Wright\Application Data\wklnhst.dat
2007-10-11 11:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-09 20:10 230,432 ----a-w C:\StiImg.dat
2007-10-09 16:53 --------- d-----w C:\Program Files\Sonic
2007-10-08 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 16:08 9,891 ----a-w C:\Program Files\hijackthis log file 8-10-07.txt
2007-10-08 16:07 9,891 ----a-w C:\Program Files\hijackthis.log
2007-10-08 14:13 --------- d-----w C:\Program Files\Creative
2007-10-08 14:11 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-08 12:50 --------- d-----w C:\Program Files\Java
2007-10-08 07:53 9,483 ----a-w C:\Program Files\hijackthis log 8-10-07.txt
2007-10-08 07:50 8,528 ----a-w C:\Program Files\startuplist.txt
2007-10-07 18:03 19,540 ----a-w C:\Documents and Settings\Katie\Application Data\wklnhst.dat
2007-10-07 12:25 --------- d-----w C:\Documents and Settings\Richard Wright\Application Data\McAfee
2007-10-07 12:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-06 15:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-30 09:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-09-25 20:52 --------- d-----w C:\Program Files\DivX
2007-09-25 20:47 --------- d-----w C:\Program Files\Anvil Studio
2007-09-24 13:15 45,960 ----a-w C:\Documents and Settings\Anne\Application Data\wklnhst.dat
2007-09-20 21:13 --------- d-----w C:\Program Files\DVD shrink
2007-09-20 17:00 --------- d-----w C:\Program Files\Rio
2007-09-20 16:52 --------- d-----w C:\Program Files\Championship Manager 5
2007-09-20 16:50 --------- d-----w C:\Program Files\THQ
2007-09-20 16:48 --------- d-----w C:\Program Files\Apple Software Update
2007-09-19 19:43 --------- d-----w C:\Program Files\iTunes
2007-09-18 07:31 --------- d-----w C:\Documents and Settings\Richard Wright\Application Data\Apple Computer
2007-09-15 17:25 --------- d-----w C:\Documents and Settings\Katie\Application Data\VideoEgg
2007-09-13 21:25 26,380 ----a-w C:\Documents and Settings\Kirsty\Application Data\wklnhst.dat
2007-09-11 15:26 --------- d-----w C:\Documents and Settings\Katie\Application Data\DivX
2007-09-09 18:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-09-08 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-08-31 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-29 21:03 --------- d-----w C:\Documents and Settings\Kirsty\Application Data\DivX
2007-08-29 17:03 --------- d-----w C:\Documents and Settings\Kirsty\Application Data\Move Networks
2007-08-24 00:28 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2007-08-21 20:17 --------- d-----w C:\Documents and Settings\Katie\Application Data\SiteAdvisor
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 18:38 --------- d-----w C:\Documents and Settings\Katie\Application Data\Sonic
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 23:06 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 23:06 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-06-16 18:32 82,896 ----a-w C:\Documents and Settings\Kirsty\Application Data\GDIPFONTCACHEV1.DAT
2007-05-23 13:49 7,082 ----a-w C:\Documents and Settings\Joe\Application Data\wklnhst.dat
2007-05-07 21:21 1,688,176 ----a-w C:\Program Files\dvdaudioextractor.exe
2007-04-28 07:54 82,896 ----a-w C:\Documents and Settings\Richard Wright\Application Data\GDIPFONTCACHEV1.DAT
2007-03-22 11:39 82,896 ----a-w C:\Documents and Settings\Anne\Application Data\GDIPFONTCACHEV1.DAT
2005-12-12 16:02 77,440 ----a-w C:\Documents and Settings\Joe\Application Data\GDIPFONTCACHEV1.DAT
2005-07-18 19:17 348,869 ----a-w C:\Program Files\GoogleEarth.exe
2005-05-15 13:18 12,754,672 -c--a-w C:\Program Files\Common Files\MP10Setup.exe
2005-05-03 21:25 20,798,256 -c--a-w C:\Program Files\Common Files\AdbeRdr70_enu_full.exe
2005-05-03 21:18 111,232 -c--a-w C:\Program Files\Common Files\example_register.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 18:55]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2003-01-30 18:55]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-07-31 16:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2004-09-08 05:00]

C:\Documents and Settings\Katie\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-06-24 01:23:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCPitstop Optimize Registration Reminder"=C:\Program Files\PCPitstop\Optimize\Reminder.exe
"PC Pitstop Optimize Scheduler"=C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"UpdReg"=C:\WINDOWS\UpdReg.EXE

R3 LVCap138;LifeView LR138 Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys
R3 lvtuner;LifeView WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys
R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys
S3 lac97inf;lac97inf;\??\C:\DOCUME~1\Anne\LOCALS~1\Temp\lac97inf.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 V2210VID;DigitalCam Pro;C:\WINDOWS\system32\DRIVERS\V2210vid.sys
S3 w900bus;Sony Ericsson 900i driver (WDM);C:\WINDOWS\system32\DRIVERS\w900bus.sys
S3 w900mdfl;Sony Ericsson 900i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w900mdfl.sys
S3 w900mdm;Sony Ericsson 900i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w900mdm.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 05:49:13 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-10-09 16:24:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-09 16:24:21 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-11 20:51:05 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-09-21 20:51:06 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 18:21:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-16 18:22:44
C:\ComboFix-quarantined-files.txt ... 2007-10-06 23:22
C:\ComboFix2.txt ... 2007-10-06 23:22
.
--- E O F ---

*************************************
and the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:12, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9822 bytes

I stopped a running McAfee process, mcmscsvc.exe, and that does seem to have helped. However if you can see any other issues that would be great.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 16 October 2007 - 01:03 PM

The only thing that jumps out at me are these lines from the CF log:

2007-10-11 10:42 135,528 --a------ C:\Program Files\315265.exe
2007-10-09 17:58 559,856 --a------ C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe

Did you purposely download these files to this location? Do you know what 315265.exe is?

#6 Inveryes

Inveryes
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 16 October 2007 - 04:29 PM

The only thing that jumps out at me are these lines from the CF log:

2007-10-11 10:42 135,528 --a------ C:\Program Files\315265.exe

Don't know what this is but it sems to have been created at the exact same time as I installed Active Content Wizard.


2007-10-09 17:58 559,856 --a------ C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe

This is a Microsoft Hotfix Package.


Did you purposely download these files to this location? Do you know what 315265.exe is?


To be honest I'm not really sure what either of these are. I've tried so many diferent options in the last few days.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 17 October 2007 - 10:52 AM

Go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file:

C:\Program Files\315265.exe

Finally click on the Send File button.

#8 Inveryes

Inveryes
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 17 October 2007 - 11:17 AM

Go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file:

C:\Program Files\315265.exe

Finally click on the Send File button.



Done.

Thanks :thumbsup:

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 AM

Posted 17 October 2007 - 11:25 AM

Looks legit, but you can delete it if you wish.

I do not see any malware on your machine at all. I suggest you ask your question in the Windows xp forum and see if they can advise on how to speed it up. It is not a malware related issue though.

#10 Inveryes

Inveryes
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 PM

Posted 18 October 2007 - 12:29 PM

Looks legit, but you can delete it if you wish.

I do not see any malware on your machine at all. I suggest you ask your question in the Windows xp forum and see if they can advise on how to speed it up. It is not a malware related issue though.


OK. Thanks very much for your help. It's appreciated. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users