Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1st time user of this forum


  • Please log in to reply
62 replies to this topic

#1 MAKRLM

MAKRLM

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 15 June 2009 - 03:14 AM

I have never run High Jack This before. I hope I have done all things necessary for you to help me.
My computer is running slow and not reponding to websites like it used to. It takes forever for things to load.
Dell Demension 8300
Windows XP Home edition w/SP3 installed and IE7. All up to date. 1 gig memory, 120 gig hard drive, 3.00 Intel Pentium 4 Processor.
I use AOL for most everything I do.
When I open my Address book, on the left side where "Catagories" are, there is a line of symbols and or letters that of a font I do not recognize. They keep changing every time I open it up and I can not delete them.
I do not know if I have a Virus/Malware/etc. of have nothing to worry about.

Any and all help would be greatly appreciated.
Thank you...
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 0:48:24.04 on Mon 06/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.519 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\BackUp\CmdBkSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\AOL\1144473045\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: SpywareBlock Class: {0a87e45f-537a-40b4-b812-e2544c21a09f} - c:\program files\spycatcher\SCActiveBlock.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {7792546F-70AE-4ABC-B2B6-BE68E9410002} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Vomba Branding Window: {50ed07ef-2f49-40cd-bb69-23df2fd9ee1c} - %SystemRoot%\system32\shdocvw.dll
EB: Pictavision Mediashare: {c92850df-26ba-4598-8be0-b476a71fe645} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1a\AOL.EXE" -b
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HostManager] c:\program files\common files\aol\1144473045\ee\AOLSoftware.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [POINTER] point32.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {CCF00E14-7C5E-4420-9BF3-AA4809CFAA13} - c:\program files\clickclean\ClickClean.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
DPF: {233C1507-6A77-46A4-9443-F871F945D258}
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39145.9761689815
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941}
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: {EE3ADB7B-7147-4918-B2AA-A6535397CF42} = 216.165.129.158,216.170.153.146
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = :\windows\system3

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-7 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-5-7 28544]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-5 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-5 24096]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-9-11 14624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-8-20 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-8-20 55024]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-11-5 692496]
R2 ComodoBackupService;ComodoBackupService;c:\program files\comodo\backup\CmdBkSvc.exe [2008-12-3 1023488]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-19 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-16 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1005904]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-31 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-8-20 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-18 44928]

=============== Created Last 30 ================

2009-06-11 01:23 4,958,588 a------- c:\windows\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-06-10 21:48 <DIR> --d----- c:\program files\common files\xing shared
2009-06-10 00:00 <DIR> --d----- c:\program files\Secunia
2009-06-07 23:43 <DIR> --d----- c:\program files\WeatherMate
2009-06-02 20:13 <DIR> --d----- c:\program files\iPod
2009-06-02 20:13 <DIR> --d----- c:\program files\iTunes
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-24 19:14 <DIR> --d----- c:\docume~1\owner\applic~1\WeatherWatcherLive
2009-05-24 19:13 <DIR> --d----- c:\program files\Weather Watcher Live
2009-05-22 00:53 3,840 a------- c:\windows\system32\drivers\BANTExt.sys

==================== Find3M ====================

2009-05-31 19:59 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-21 11:33 410,984 ac------ c:\windows\system32\deploytk.dll
2009-05-15 18:45 132,640 ac------ c:\windows\system32\drivers\cmdguard.sys
2009-05-15 18:24 272 a------- c:\windows\system32\drivers\sfi.dat
2009-05-14 20:02 168,208 a------- c:\windows\system32\guard32.dll
2009-05-14 20:02 24,096 ac------ c:\windows\system32\drivers\cmdhlp.sys
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 01:49 372,768 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-05 01:49 20,000 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-05 01:49 6,068 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-05 01:49 2,948 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-01 11:30 3,366,912 ac------ c:\windows\system32\GPhotos.scr
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-25 18:23 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-24 00:52 25,992 ac------ c:\windows\system32\pgdfgsvc.exe
2004-10-28 18:34 560 ac------ c:\documents and settings\owner\PCDOC.BAT
2003-07-16 13:48 94,784 -c-sh--- c:\windows\twain.dll
2008-04-13 17:12 551,936 a--sh--- c:\windows\system32\oleaut32.dll
2008-09-06 20:30 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 0:49:17.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 15 June 2009 - 06:47 AM

Hello MAKRLM,

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 16 June 2009 - 01:57 AM

Hello Tea,
Thanks for the info.
I ran MalwareBytes Comodo Virus, Spybot Search and Destroy and Ad-aware - They came up clean. Except Ad-Aware. It always has cookies it does not like me to have.

I will try to add the results you asked for.

I hope this helps.....

Mac -------

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 17 June 2009 - 11:00 AM

Hello,

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 19 June 2009 - 01:26 AM

Hello again Tea,
Well I used ComboFix and it did some changes to my computer. It removed a couple of things also.
It seems to be running slower now..

Here are the reports from it and HighJackThis.....

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 19 June 2009 - 09:11 AM

Hello,

How is it running now please?

I'd like to have a file looked at, please :

O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - c:\internet cleaner\icleaner.exe (HKCU)
http://www.prevx.com/filenames/19118574461...LEANER.EXE.html

Do you use this program, and if so, for how long?

Please navigate to the following file:

c:\internet cleaner\icleaner.exe

Please go to VirusTotal and submit the file for a scan and post the results in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 20 June 2009 - 02:10 AM

Hi Tea,
I have not used iCleaner in about 3 years. It has been on my computer since 2003.
I got it from a Local computer repair outfit. I had problems and it was of the programs that they installed.

My computer has been slower in all respcts since I ran that ComboFIx.
I have to click some things a second time to get them to open or close, but not all the time...

Here are the results you wanted:
File has already been analysed:
MD5: 6f11daefe464c26da65eb64cab79ac7c
First received: 2007.11.15 10:20:52 UTC
Date: 2007.11.15 10:20:52 UTC [>582D]
Results: 1/33
Permalink: analisis/2019e50613eca0125fbe8f4ff78b57e5e3f45b98003361cbe8de6be7d3b40709-1195122052


That is the only way I can figure out to send it too you.
Hope it helps.

Should I remove it?? I am thinking I should, but will wait to hear from you.

Thanks so much for your help in this problem...

Mac (MAKRLM)

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 20 June 2009 - 09:58 AM

Hello,

You're welcome. :)

Yes, remove it. :thumbup2:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - c:\internet cleaner\icleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - c:\internet cleaner\icleaner.exe (HKCU)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folder(s) (if they exist):

c:\internet cleaner

Reboot your computer.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Could I please see an uninstall list?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 21 June 2009 - 02:44 AM

Hello again Tea,
Well I did what you wanted and here are the results:

Also incuded are a couple of examples of what I originaly was talking about - re: the wierd symbols in my address book on AOL.
They are the ones between "Catagories and Groups".

Thanks again for what you have been doing for me. I have been learning a lot from this. May not remeber it all, but it has been educational for me.. Big Grin on that :thumbup2:

Mac -MAKRLM -------

Attached Files



#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 21 June 2009 - 09:57 AM

Good morning Mac :cool:

You're welcome :)

And thank you for the screenshots! :thumbup2: I've not ever seen such, but I'm going to ask if any of my colleagues have and try to get an answer for you.

For the uninstall list, there are several things that need to go. Old versions of Java are useless and vulnerable, not to mention they take up a ton of space. Please uninstall all but the newest version, which is the update 14 :

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1


This alone is going to free up a whole gig of space on your hard drive, and make your computer a bit safer. :)

You have two installs of Spybot showing. Uninstall the oldest version and keep the newer.

You have 3 for AdAware :

Ad-Aware
Ad-Aware
Ad-Aware SE Personal


Uninstall the oldest versions.

Reboot your computer to reset the registry and complete the uninstalls.

On the chocolate M&Ms entries.....I'm assuming the screensaver is from the same place......did they come from an official M&Ms site?

I see you already had CCleaner......and I asked you to use ATF cleaner. ATF cleaner is easier and safer to use, but if you prefer CCleaner then you can uninstall ATF Cleaner. :) Sorry about that. I should have looked first.

How is it running after some time has passed?

I'll get back to you as soon as I have an answer. Should be pretty quick. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 22 June 2009 - 02:35 AM

Hello again Tea,
I removed most of the items you wanted me to.
I could not remove Ad-Aware SE Personal because I got a window that said:

Wise Install
Could not open INSTALL LOG file


I am a m&m's Collector and the items were downloaded from their site so I feel they are ok.

I use CCleaner once in awhile and ATF seldomly. I use Glaries Utlities and Advanced System Care the most.
They seem not otbe as intrusive as CCleaner. I have learned to really check what it is going to remove. I have lost some things using it.

Computer seems to running a little better. Still slow on some things but better on others. Sorry I can not give specific areas. :thumbup2:

Do you want me to run another HighJack This scan or anything else???

Thanks agin -- Mac ---

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 22 June 2009 - 10:34 AM

Hello again Mac,

I removed most of the items you wanted me to.

Good. The Java was the most important, so that's okay. :thumbup2: I don't know which one of the AdAwares did that, so you might have to turn them all off to get to the one you want. AdAware can be stubborn at times, for sure.

I am a m&m's Collector and the items were downloaded from their site so I feel they are ok.

Excellent. Screensavers gotten from the wrong place can cripple computers, so I wanted to be sure.

I have learned to really check what it is going to remove. I have lost some things using it.

Me too. That's why I asked. :)

Computer seems to running a little better. Still slow on some things but better on others. Sorry I can not give specific areas.

No need to be sorry at all.

I happen to have a colleague that uses AOL, so try this: In your Address Book, look in Address Preferences and uncheck, or turn off, "Automatically add e-mail addresses to my Address Book" and then see if you can delete the entry.

Let me know how you come out. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 25 June 2009 - 12:08 AM

Hello yet again Tea,

It took me awhile to find the Address Preferences you wanted me to go to.
When I finally found it, it was already blank.
I checked it and then unchecked to be sure.

Did not help matters at all. Still get those Wierd symbols just as often...

My computer seems to be running ok for now.. Still a little slow, but that could be just AOL. It goes into a "Not responding mode" every night around 8:30. Once in awhile earlier.

Thanks again for all your help -------

Mac ----

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:23 AM

Posted 25 June 2009 - 01:05 PM

Hello Mac,

Oy.....well then back to the drawing board. Keep an eye out and I'll get back to you as soon as I can. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 MAKRLM

MAKRLM
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 June 2009 - 02:42 AM

Tea,

OK - I will be waiting on "Baited Breathe" to hear if you find out any thing about my Wierd Symbols.....

Thanks again ----------

Til then -------- Mac ------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users