Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Virus Causing Limited Internet Connectivity and Intermittent BSOD


  • This topic is locked This topic is locked
13 replies to this topic

#1 swolmark

swolmark

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 29 October 2008 - 09:35 PM

HI,
I am experiencing limited internet connectivity and intermittent blue screen of deaths errors on my computer. I run Kaspersky Anti-Virus on the computer which did not find any viruses after a full scan. I followed the steps in the preparation guide as well with no success. I was not able to run any of the online virus scans because of the limited internet access. Any help will be greatly appreciated. Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:37 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108775668609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138469369560
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.sksinvestments.com/Remote/msrdp.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 11573 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 06 November 2008 - 04:53 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.

**Please copy done the information under "Techinical Information" when you get BSODs.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

Edited by PropagandaPanda, 06 November 2008 - 04:54 PM.


#3 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 12:20 AM

Panda,
Thank you so much for the reply. I really appreciate you taking a look at my bleeping computer! I am still having the same problems - limited internet connectivity and intermittent BSOD failures. The internet access is so limited that I am replying to you on a second computer (lap top). Here is the Hijack This log from the problem computer. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:07:29 PM, on 11/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - Trusted Zone: *.whataboutadog.com

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108775668609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138469369560

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.sksinvestments.com/Remote/msrdp.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe



--

End of file - 11363 bytes

#4 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 12:28 AM

Panda - I have not made any changes to the computer since starting the topic. Here is the technical information I recorded from the first BSOD error I received (over three weeks ago). I think that the errors are the same, but I will double check the next time I get a BSOD. If there is other information on the BSOD screen that would be helpful, please let me know where to look for it and I'll make sure to record it next time this happens.

Driver IRQL Not Less or Equal
Stop: 0x000000D1 (0x00000020, 0x00000002, 0x00000000, 0xABA2573A)
afd.sys - address ABA2574Abase@ABA2500 Datestamp 485b8a15

Thanks.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 08 November 2008 - 09:56 AM

Hello.

Let's take a more in depth look at your computer.

Download and Run OTScanIt
Download OTScanIt2 by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the "Scan all users" box.
  • Under the Additional Scans bar, click "Extras".
  • Copy into the Custom Scans:
    C:\wmplayer.exe /s
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


With Regards,
The Panda

#6 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 10:59 AM

Panda,
The OTScan report was larger than the 512K limit so I broke it into two files and will upload separately. I am not able to access the Kaspersky online scan because of the internet connectivity issues. I do have a KAV2009 on the infected computer, let me know if I should run the scan through the installed application. Also - when I downloaded OTScan on the desktop but I am not able to access folder shortcuts from the desktop anymore. This is a development as of this morning. Is it ok to reboot? I ran OTScan from a "download" folder on the C drive.

2nd OTScan doc to follow.

Attached Files



#7 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 11:00 AM

Panda - Bleeping Computer will not let me upload the second OTScan file because of upload size limitations to the account. Please advise. Thanks.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 08 November 2008 - 11:02 AM

Hello.

In that case please upload the file as one report below.

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/177151/suspected-virus-causing-limited-internet-connectivity-and-intermittent-bsod/
  • Select the logfile.
  • Under the comments section, say that the file was too large.
With Regards,
The Panda

#9 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 11:05 AM

Panda - that worked. The file has been uploaded. Thanks.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 08 November 2008 - 11:11 AM

Hello.

Please post the contents of:
c:\ComboFix.txt

Also, if any of these files exist, post them too:
c:\QooBox\ComboFix*.txt

With Regards,
The Panda

#11 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 11:21 AM

Here is the Combobox file:

ComboFix 08-10-11.04 - Owner 2008-10-12 19:16:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.960 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\Temp\tpBe12
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\avsrgeki.ini
C:\WINDOWS\system32\bbopsgik.dllbox
C:\WINDOWS\system32\bqqlruox.ini
C:\WINDOWS\system32\evdiexyw.ini
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\hjacmvkp.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\movslvjp.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ohfxqmet.ini
C:\WINDOWS\system32\pac.txt
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-12-28 19:08 . 2008-12-28 20:43 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-12-28 19:08 . 2008-12-28 20:43 <DIR> d-------- C:\WINDOWS\system32\en
2008-12-28 19:08 . 2008-12-28 20:43 <DIR> d-------- C:\WINDOWS\system32\bits
2008-12-28 19:08 . 2008-12-28 20:42 <DIR> d-------- C:\WINDOWS\l2schemas
2008-12-28 18:55 . 2007-02-28 02:08 2,136,064 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-12-28 09:29 . 2008-12-28 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-11 19:35 . 2008-10-11 19:42 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-11 10:11 . 2008-10-11 10:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 17:24 . 2008-10-05 22:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
2008-10-04 21:49 . 2008-10-04 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 21:47 . 2008-10-04 21:47 <DIR> d-------- C:\Program Files\Bonjour
2008-10-04 21:32 . 2008-10-04 21:33 <DIR> d-------- C:\Program Files\Safari
2008-10-03 21:13 . 2008-10-03 21:13 <DIR> d-------- C:\Documents and Settings\Wolmark\Application Data\Apple Computer
2008-10-02 08:19 . 2008-10-04 21:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-02 08:19 . 2008-10-03 21:13 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 17:30 --------- d-----w C:\Program Files\Kaspersky Lab
2008-12-28 17:11 --------- d-----w C:\Program Files\Picasa2
2008-10-13 02:23 91,915,296 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-13 02:23 116,168 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-13 02:23 1,233,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-13 02:23 1,216,544 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-12 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-12 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-11 17:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-10 16:24 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-05 04:50 --------- d-----w C:\Program Files\iTunes
2008-10-05 04:49 --------- d-----w C:\Program Files\iPod
2008-10-05 04:46 --------- d-----w C:\Program Files\QuickTime
2008-10-05 04:46 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-11 04:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 04:47 --------- d-----w C:\Program Files\Google
2008-09-01 16:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-08-30 23:30 --------- d-----w C:\Program Files\Apple Software Update
2008-08-25 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-08-22 06:19 --------- d-----w C:\Program Files\RegCure
2008-01-26 23:07 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-01-22 15:31 284 ------w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2007-11-12 01:13 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 03:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 54,296 2003-12-03 00:11:04 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

----a-w 58,392 2003-12-03 00:11:12 C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe

----a-w 267,064 2007-09-14 17:00:06 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 289,576 2008-10-02 01:57:12 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 1,196,032 2005-04-23 02:19:00 C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe

----a-w 139,264 2003-08-15 04:11:32 C:\Program Files\Multimedia Card Reader\bak\shwicon2k.exe

----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 22:09:14 C:\Program Files\QuickTime\QTTask.exe

----atw 6,656 2007-05-24 14:44:59 C:\Program Files\Qurb\QSP-3.0.311.7\bak\QOELoader.exe
----atw 6,656 2008-01-02 23:32:02 C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe

----a-w 100,056 2006-02-25 02:16:07 C:\Program Files\SymNetDrv\bak\SNDMon.exe

----a-w 35,328 2007-05-14 22:22:22 C:\Program Files\Winamp\bak\winampa.exe

----a-w 212,992 2002-09-14 04:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 04:56:50 C:\WINDOWS\system32\ctfmon.exe

----a-w 114,688 2003-04-07 14:07:38 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 483,328 2003-05-23 09:55:38 C:\WINDOWS\system32\bak\hphmon05.exe

----a-w 81,920 2002-10-16 23:57:10 C:\WINDOWS\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-05 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
"RegistryMechanic"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-08 125624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-02-24 1462104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Organize.lnk]
backup=C:\WINDOWS\pss\Organize.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Replay Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
--a------ 2003-10-13 17:24 1732608 C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-08-12 22:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
--a------ 2003-06-18 19:19 53248 C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
--a------ 2003-06-22 21:25 24576 c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 07:23 90112 c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
--a------ 2005-10-31 12:18 101888 C:\Program Files\ESPNRunTime\DIGServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
--a------ 2005-10-31 12:05 278528 C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EazyScheduler]
--a------ 2004-11-27 21:15 410112 C:\Program Files\Eazy-Ware\ezSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 17:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 17:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfotoNow USB Detection]
--a------ 2002-11-05 11:32 77824 C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
--a----t- 2008-01-02 16:32 6656 C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-05 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a------ 2003-07-14 17:52 40960 C:\WINDOWS\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Twonkyvision\\TwonkyMedia.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TwonkyMedia\\TwonkyMedia.exe"=
"C:\\Program Files\\TwonkyMedia\\TwonkyMediaServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Rendezvous
"9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp
"3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp
"3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-05 29744]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
S4 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-12 C:\WINDOWS\Tasks\Photos&Music.job
- C:\Program Files\Stomp\Backup MyPC 6\System\sbestart.exe [2004-11-30 05:10]

2008-10-09 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-21 22:43]

2008-03-22 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
WebBrowser-{82EA2AB6-5C9C-27E3-46D8-42D223E18B11} - (no file)
WebBrowser-{11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bhat5fy5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.cnn.com/
FF -: plugin - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bhat5fy5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPJPI142.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 19:25:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-12 19:42:32 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-10-13 02:42:25

Pre-Run: 43,605,495,808 bytes free
Post-Run: 43,983,171,584 bytes free

296 --- E O F --- 2008-10-04 05:05:52


Here is the file from the QooBox folder:
2005-02-18 22:48:10 34 C:\Qoobox\Quarantine\C\WINDOWS\system\oeminfo.ini.vir
2006-10-29 21:35:01 1,423 C:\Qoobox\Quarantine\C\WINDOWS\IE4 Error Log.txt.vir
2007-04-26 05:30:14 29,184 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir
2007-09-24 01:05:14 279,600 C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2007-11-03 03:20:53 25,625 C:\Qoobox\Quarantine\C\Program Files\WinBudget\bin\matrix.dat.vir
2007-11-04 23:25:06 12,288 C:\Qoobox\Quarantine\C\Program Files\Insider\UnInstall.exe.vir
2007-11-05 14:54:53 573,147 C:\Qoobox\Quarantine\C\WINDOWS\system32\ohfxqmet.ini.vir
2007-11-06 14:58:34 570,599 C:\Qoobox\Quarantine\C\WINDOWS\system32\hjacmvkp.ini.vir
2007-11-07 15:03:52 570,262 C:\Qoobox\Quarantine\C\WINDOWS\system32\bqqlruox.ini.vir
2007-11-08 15:00:59 570,571 C:\Qoobox\Quarantine\C\WINDOWS\system32\avsrgeki.ini.vir
2007-11-10 03:40:12 443,580 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghhkj.bak2.vir
2007-11-10 05:01:15 584,632 C:\Qoobox\Quarantine\C\WINDOWS\system32\evdiexyw.ini.vir
2007-11-12 00:27:36 2,717 C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-11-12 00:41:57 563,935 C:\Qoobox\Quarantine\C\WINDOWS\system32\movslvjp.ini.vir
2007-11-12 00:47:18 6,543 C:\Qoobox\Quarantine\C\WINDOWS\system32\kjllm.bak1.vir
2007-11-12 00:55:58 6,861 C:\Qoobox\Quarantine\C\WINDOWS\system32\kjllm.tmp.vir
2007-11-12 01:16:14 1,254 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Favorites\Online Security Guide.lnk.vir
2007-11-12 01:19:38 7,048 C:\Qoobox\Quarantine\C\WINDOWS\system32\kjllm.ini2.vir
2007-11-12 01:19:42 20,640 C:\Qoobox\Quarantine\C\WINDOWS\system32\bbopsgik.dllbox.vir
2007-11-12 01:19:44 143 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-10-13 02:19:12 14,434 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-13 02:19:33 276 C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2008-10-13 02:22:26 54 C:\Qoobox\Quarantine\catchme.log
2008-10-13 02:41:39 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-13 02:41:39 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-13 02:41:39 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-10-13 02:41:42 200 C:\Qoobox\Quarantine\Registry_backups\Toolbar-{11A69AE4-FBED-4832-A2BF-45AF82825583}.reg.dat
2008-10-13 02:41:43 0 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{11A69AE4-FBED-4832-A2BF-45AF82825583}.reg.dat
2008-10-13 02:41:43 0 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{82EA2AB6-5C9C-27E3-46D8-42D223E18B11}.reg.dat
2008-10-13 02:41:54 270 C:\Qoobox\Quarantine\Registry_backups\Notify-dimsntfy.reg.dat

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 08 November 2008 - 11:33 AM

Hello.

Well it looks like ComboFix removed the infection you had. I'm not sure what is causing your connection problems.

This issue does not appear to be malware related. Please start a new topic in the Windows XP forum with a link back to this topic.

Uninstall ComboFix
Remove Combofix now that we're done with it.
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Run Cleanup with OTScantIt
This will remove all the tools we used.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Click the CleanUp bottun.
  • Restart if prompted.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#13 swolmark

swolmark
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 08 November 2008 - 03:27 PM

Thank you for the help. I will post this issue to the XP forum.

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 PM

Posted 08 November 2008 - 03:56 PM

Hello.

You are welcome. Good luck.

This topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users