Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow network data transfer - PC2


  • This topic is locked This topic is locked
2 replies to this topic

#1 jolly_tas

jolly_tas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 04 September 2009 - 12:25 AM

Same trouble as my earlier post... the other PC on the network

Thankyou in advance.

** cant get an Ark.log as rootrepeal keeps freezing when scanning files. By checking all other boxes but files then the program crashes in 1/2 a second after pressing scan. **

DDS (Ver_09-07-30.01) - NTFSx86
Run by Tiffany at 14:31:17.73 on Fri 04/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1526.638 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Tiffany\FirefoxPortable\App\firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tiffany\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: &Egis Option Pack: {312105c4-2e13-4e10-af72-f9d79ba077e6} - c:\acer\empowering technology\edatasecurity\x86\eDsWebmailtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\tiffany\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\users\tiffany\appdata\roaming\micros~1\windows\startm~1\programs\startup\borgchat.lnk - c:\program files\borgchat\BORGChat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: ninemsn.com.au
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {744695A8-8142-4966-978A-5ED07D3EB744} = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\tiffany\appdata\roaming\mozilla\firefox\profiles\tphpozzv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig?hl=en&referrer=ign_n
FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\tiffany\firefoxportable\app\firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tiffany\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\tiffany\firefoxportable\app\firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\users\tiffany\firefoxportable\app\firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\users\tiffany\firefoxportable\app\firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\users\tiffany\firefoxportable\app\firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\all.js - pref("geo.enabled", true);
c:\users\tiffany\firefoxportable\app\firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\users\tiffany\firefoxportable\app\firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-14 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-25 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 297752]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1029456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-28 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-28 3072]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-9 29744]

=============== Created Last 30 ================

2009-09-04 13:15 <DIR> --d----- c:\users\tiffany\appdata\roaming\IObit
2009-09-04 13:15 <DIR> --d----- c:\program files\IObit
2009-09-04 03:10 16,384 a------- C:\msimg32.dll
2009-09-03 06:49 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 06:49 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-30 03:01 <DIR> --d----- c:\windows\CheckSur
2009-08-28 03:07 <DIR> --d----- C:\August_2009
2009-08-28 03:01 2,048 a------- c:\windows\system32\tzres.dll
2009-08-27 00:49 270,848 a------- c:\windows\system32\schannel.dll
2009-08-27 00:49 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-27 00:49 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-27 00:49 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-27 00:49 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-27 00:49 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-27 00:49 72,704 a------- c:\windows\system32\secur32.dll
2009-08-27 00:49 9,728 a------- c:\windows\system32\lsass.exe
2009-08-14 16:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-14 15:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-14 14:59 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-14 14:59 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-13 12:37 71,680 a------- c:\windows\system32\atl.dll
2009-08-13 12:37 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-13 12:37 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-13 12:37 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-13 12:37 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-13 12:37 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-13 12:37 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-13 12:37 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-13 12:37 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-13 12:37 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-13 12:37 18,432 a------- c:\windows\system32\amcompat.tlb

==================== Find3M ====================

2009-08-28 22:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 22:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-16 09:27 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 09:27 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 07:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-22 07:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-22 07:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-22 06:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-06-16 01:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-16 01:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-16 01:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 22:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-02-03 17:16 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-03 17:16 51,200 a------- c:\windows\inf\infpub.dat
2009-02-03 17:16 87,608 a------- c:\users\tiffany\appdata\roaming\inst.exe
2009-02-03 17:16 47,360 a------- c:\users\tiffany\appdata\roaming\pcouffin.sys
2008-10-19 10:11 86,016 a------- c:\windows\inf\infstor.dat
2008-07-09 13:38 174 a--sh--- c:\program files\desktop.ini
2008-07-09 13:26 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-26 05:27 8 a------- c:\users\tiffany\appdata\roaming\usb.dat.bin
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-10-12 00:08 2,112 a------- c:\users\tiffany\ACME.DAT
2008-07-09 13:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-07-09 13:48 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-07-09 13:48 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 14:32:54.66 ===============


Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:47 PM, on 4/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tiffany\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Egis Option Pack - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Global Startup: GammaTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://*.ninemsn.com.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{744695A8-8142-4966-978A-5ED07D3EB744}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7068 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:44 AM

Posted 21 September 2009 - 06:38 AM

Hello,

As with your other thread, please post a new HijackThis log and let me know of any changes that might have occurred since you originally posted. :(

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:44 AM

Posted 28 September 2009 - 02:03 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users