Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help..want 2 C If I Got A Problem


  • Please log in to reply
12 replies to this topic

#1 pink boriqua

pink boriqua

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 19 August 2008 - 12:22 PM

My computer is so slow. When playing a game or checking email it will take forever to go to the next thing. I often get shutdown when playing a game on the internet. Whats going on??
Ive scanned for virus and for spyware and malware with spybot, super antispyware and Avira. I also use ccleaner.
Kathy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:08 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Kathy_2\My Documents\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\HijackThis.exe
C:\WINDOWS\Explorer.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\Kathy_2\My Documents\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://games.myspace.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} (AtlBoxWordCtlAttrib Class) - http://games.myspace.com/gameshell/games/c...n/abcisland.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\Kathy_2\My Documents\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 5980 bytes

Edited by Orange Blossom, 19 August 2008 - 05:48 PM.
Fix BB code tags. ~ OB


BC AdBot (Login to Remove)

 


m

#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 02 September 2008 - 09:30 AM

Hello Kathy and welcome at BleepingComputer,

Sorry to have kept you waiting for so long, but the forums are really busy.

Your log looks quite fine actually. :thumbsup:

If you still need help :

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Download RSIT by random/random and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • If it cannot locate TrendMicro's HijackThis, the tool will be downloaded, so please allow the download and accept the installation.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Greetings,
Thunder

Edited by Thunder, 02 September 2008 - 09:31 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 02 September 2008 - 11:01 AM

I was unable to run RSIT this message came out.
KathyPosted Image

Whats next??
Kathy

Edited by pink boriqua, 02 September 2008 - 11:02 AM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 02 September 2008 - 04:56 PM

Hello Kathy,

Please post the contents of C:\rsit\log.txt so we can find out what's blocking RSIT.

Then, let's perform a deep check :

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, and you're notified a more current version is available, please download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder

Edited by Thunder, 03 September 2008 - 02:15 AM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 04 September 2008 - 04:50 AM

Logfile of random's system information tool (written by random/random)
Run by Kathy_2 at 2008-09-02 10:37:51
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 51 GB (44%) free of 114 GB
Total RAM: 127 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:45 AM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Kathy_2\My Documents\SUPERAntiSpyware.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kathy_2\Local Settings\Temporary Internet Files\Content.IE5\2ZN6XKZ4\RSIT[1].exe
C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\Kathy_2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Kathy_2\MYDOCU~1\!ADMIN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Documents and Settings\Kathy_2\My Documents\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Kathy_2\MYDOCU~1\!ADMIN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Kathy_2\MYDOCU~1\!ADMIN~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-456746835644} (AtlBoxWordCtlAttrib Class) - http://games.myspace.com/gameshell/games/c...n/abcisland.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Documents and Settings\Kathy_2\My Documents\SASWINLO.dll
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5665 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\DOCUME~1\Kathy_2\MYDOCU~1\!ADMIN~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-07 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

#6 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 04 September 2008 - 10:08 AM

This is my combofix.


ComboFix 08-09-03.03 - Kathy_2 2008-09-04 7:10:22.1 - NTFSx86
Running from: C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\#SharedObjects\EQB972DJ\bin.clearspring.com
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\#SharedObjects\EQB972DJ\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\#SharedObjects\EQB972DJ\interclick.com
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\#SharedObjects\EQB972DJ\interclick.com\ud.sol
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Kathy_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Kathy_2\Cookies\kathy_2@ad.yieldmanager[2].txt
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\system32\unsvchosts.lzma

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-02 10:37 . 2008-09-04 05:54 <DIR> d-------- C:\rsit
2008-09-02 09:36 . 2008-09-02 09:36 <DIR> d-------- C:\Program Files\Sun
2008-09-02 09:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-01 15:26 . 2008-09-01 15:26 <DIR> d--hs---- C:\Documents and Settings\Kathy_2\PrivacIE
2008-09-01 14:53 . 2008-09-01 14:55 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-30 16:08 . 2008-08-30 16:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-29 20:11 . 2008-08-29 20:12 <DIR> d-------- C:\Documents and Settings\Kathy_2\Application Data\acccore
2008-08-29 20:08 . 2008-08-29 20:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2008-08-29 20:05 . 2008-08-29 20:10 <DIR> d-------- C:\Program Files\AIM6
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-21 18:27 . 2008-08-29 07:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-20 18:36 . 2008-08-25 09:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\rkfree
2008-08-19 15:39 . 2008-08-21 13:31 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-12 18:08 . 2008-08-12 18:08 <DIR> d-------- C:\Documents and Settings\Kathy_2\Application Data\vlc
2008-08-12 14:39 . 2008-09-03 13:35 <DIR> d-------- C:\Documents and Settings\Kathy_2\Application Data\FrostWire
2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ C:\WINDOWS\system32\msdbg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 15:52 --------- d-----w C:\Program Files\ScreenshotCaptor
2008-09-02 13:35 --------- d-----w C:\Program Files\Java
2008-09-01 13:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-30 00:09 --------- d-----w C:\Program Files\Viewpoint
2008-08-30 00:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-08-30 00:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-24 01:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-22 07:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 07:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 07:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 07:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 07:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 07:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 07:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 07:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 07:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 06:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-20 23:02 --------- d-----w C:\Program Files\Yahoo!
2008-07-30 16:00 --------- d-----w C:\Program Files\Oberon Media
2008-07-29 14:08 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-29 04:18 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\BitTorrent
2008-07-28 22:26 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\Pogo Games
2008-07-23 23:45 --------- d-----w C:\Program Files\MSN Messenger
2008-07-23 23:36 --------- d-----w C:\Program Files\MySpace
2008-07-23 22:57 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\Canneverbe_Limited
2008-07-23 11:43 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-07-23 01:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-23 01:12 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\SUPERAntiSpyware.com
2008-07-23 01:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-23 01:02 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\Malwarebytes
2008-07-23 01:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-23 00:55 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-21 00:21 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-21 00:21 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-17 14:00 --------- d-----w C:\Program Files\Desktop
2008-07-14 23:31 --------- d-----w C:\Program Files\Avira
2008-07-14 23:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-07-14 23:23 --------- d-----w C:\Program Files\CCleaner
2008-07-14 23:21 --------- d-----w C:\Program Files\CDBurnerXP
2008-07-11 23:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-07-11 22:56 --------- d--h--r C:\Documents and Settings\Kathy_2\Application Data\yahoo!
2008-07-11 22:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2008-07-08 18:33 --------- d-----w C:\Documents and Settings\Kathy_2\Application Data\AdobeUM
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-12 15:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 15:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 15:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 15:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-08-13 18:20 24,192 ----a-w C:\Documents and Settings\Kathy_2\usbsermptxp.sys
2007-08-13 18:20 22,768 ----a-w C:\Documents and Settings\Kathy_2\usbsermpt.sys
2007-08-10 11:46 92,064 ----a-w C:\Documents and Settings\Kathy_2\mqdmmdm.sys
2007-08-10 11:46 9,232 ----a-w C:\Documents and Settings\Kathy_2\mqdmmdfl.sys
2007-08-10 11:46 79,328 ----a-w C:\Documents and Settings\Kathy_2\mqdmserd.sys
2007-08-10 11:46 66,656 ----a-w C:\Documents and Settings\Kathy_2\mqdmbus.sys
2007-08-10 11:46 6,208 ----a-w C:\Documents and Settings\Kathy_2\mqdmcmnt.sys
2007-08-10 11:46 5,936 ----a-w C:\Documents and Settings\Kathy_2\mqdmwhnt.sys
2007-08-10 11:46 4,048 ----a-w C:\Documents and Settings\Kathy_2\mqdmcr.sys
2007-01-24 16:08 30,624 -c--a-w C:\Documents and Settings\Kathy_2\Application Data\GDIPFONTCACHEV1.DAT
2006-12-31 00:20 2,561 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2005-03-26 01:44 30,288 -c--a-w C:\Documents and Settings\Brittany Ann Peacock\Application Data\GDIPFONTCACHEV1.DAT
2005-02-28 04:14 30,752 -c--a-w C:\Documents and Settings\Robert E. Peacock Jr\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Documents and Settings\Kathy_2\My Documents\!Administrator!\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"SUPERAntiSpyware"="C:\Documents and Settings\Kathy_2\My Documents\SUPERAntiSpyware.exe" [2008-05-28 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-07 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Documents and Settings\Kathy_2\My Documents\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Documents and Settings\Kathy_2\My Documents\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMPE.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Documents and Settings\\Kathy_2\\My Documents\\FrostWire\\FrostWire.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 59296]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 AKDWC20ET;Creation Station;C:\WINDOWS\system32\Drivers\csvid.sys [ ]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [ ]
S3 NikeDrv;nike psa[play driver;C:\WINDOWS\system32\Drivers\NikeDrv.sys [2002-08-29 08:00 12032]
S3 usbser2k;Motorola USB Modem Driver from Win2K SP4;C:\WINDOWS\system32\DRIVERS\usbser2k.sys [2006-07-28 22768]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 245664]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kathy_2\Application Data\Mozilla\Firefox\Profiles\cf5ypreg.default\
.
.
------- File Associations (Beta) -------
.
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 07:20:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-04 7:26:11
ComboFix-quarantined-files.txt 2008-09-04 11:25:59
ComboFix2.txt 2008-07-22 21:58:55

Pre-Run: 52,776,280,064 bytes free
Post-Run: 52,786,413,568 bytes free

197 --- E O F --- 2008-09-02 11:14:36

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 04 September 2008 - 05:10 PM

double post

Edited by Thunder, 04 September 2008 - 05:12 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 04 September 2008 - 05:10 PM

Hello Kathy,

Go to Start > Control Panel > Software > Add/remove programs and uninstall Revealer Keylogger Free and Viewpoint
Both are NOT recommended!
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Your problems didn't start trying to install/installing IE8 beta by any chance ?

What problems remain ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 05 September 2008 - 08:56 AM

I can't find Revealer Keylogger Free and Viewpoint on (add or remove program). I did remove viewpoint media player. My problem started weeks before that. I use to have AVG AntiVirus Free Edition but I think a virus took it down. It just didnt work, it had lots of error message. I delete it and tried to reinstall but it wont let me. It keep saying that I had to remove ewido first. I don't have ewido, so I installed
Avira anti vir but now Im having problems with it. I get lots of errors and it wont let me update it no more. Then my internet was become sluggish. It would restart or pause for long lengths of time. It started to shut down alot. Then one day
I had no background or ads or animation to anything on the net. So I uninstalled IE7 and installed IE8. I get some backgrounds
but I can't play any games.(pogo, myspace). I don't know whats going on. I hope that helped alittle.
Kathy
Posted Image
Posted Image

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 05 September 2008 - 09:13 AM

Hello Kathy,

Looks like there's all sort of things going wrong there :thumbsup:

I noticed you're running Kathy_2 as a profile name.
You didn't make a second profile when the original encoutered problems, did you ?

Do you have a Windows XP (SP2) installation CD handy ?

Do you have any previous Java installation in your Software list (other then Java™ 6 update 7) ?
If so, please remove them.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 05 September 2008 - 10:46 AM

No, I didnt make a new profile name. I dont know how to do that. I did delete all my kids user profiles.
I'm the only one now(administrator)

I have the window xp cd, and yes, I removed all java except java 6 update 7. Then I installed the new java and I still have this problem.
I dont know if this helps but we got a fast dsl a couple days ago.
Kathy

#12 pink boriqua

pink boriqua
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Morrow, GA
  • Local time:04:34 AM

Posted 05 September 2008 - 10:50 AM

Hey Thunder,
I do remember deleting my first administrator Kathy 2 years ago. Now I know what your talking about. It was so slow, I thought I had to much junk on it so I deleted and made a new user.
Kathy :thumbsup:

PS I still cant find this(Revealer Keylogger Free)

Edited by pink boriqua, 05 September 2008 - 10:55 AM.


#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:34 AM

Posted 06 September 2008 - 09:26 AM

Hello Kathy,

Please remove your previous version of RSIT from your desktop,
then download en run this one : http://images.malwareremoval.com/random/rsitbeta.exe

It's important you save it to your Desktop before running it !!

Please post both logs provided it runs OK now.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users