Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Running Slow For Unknown Reasons


  • This topic is locked This topic is locked
13 replies to this topic

#1 RoThiSePh

RoThiSePh

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 15 November 2006 - 07:21 AM

Lately my computer has been beginning to grind down a bit. I'm not sure if this is because my HD space is getting low (I've ~6 Gigs left out of 60 Gigs), but whenever I do anything on my computer, it basically starts acting choppy every 30 or so second intervals. It may be to do with compressing old files too, as I've done that a couple of times during disk cleanup, but I'm not sure. The problem is particularly annoying when I'm watching videos, on Windows Media Player, Quicktime, Youtube.. everything. And in iTunes it makes the music start cutting strangely, which is even worse.

I'm sure my RAM is ok, it seemed to cope before (512 Megs).. anyway, was just to see if you guys thought I've any infections or anything. I've done your standard 'check disk', 'spyware removal', 'stinger scan' etc etc, but I've not found anything huge. Please give any advice if you can on the info I've provided. Bear in mind I've had this laptop nearly 2 and a half years.


General specs:
-----------------
Windows XP (Service Pack 2) Home Edn.
Dell Inspiron | 1150 Laptop
CPU 2.66GHz Speed
512MB of RAM
55.8 Gig HD space, 7.33 Gig Remaining


HijackThis Log:
-----------------
Logfile of HijackThis v1.99.1
Scan saved at 12:13:53, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Nicholas Atkinson\Desktop\stingernew.exe
C:\Documents and Settings\Nicholas Atkinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.biffyclyro.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Lava.lnk = C:\Program Files\Lava Lamp\Lava.exe
O4 - Global Startup: Office Startup.lnk.disabled
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {E4F2B0F2-AE18-4254-9167-A8EE66E55A6F} (VivioAX Control 3.4) - https://www.cs.tcd.ie/Jeremy.Jones/vivio/vivioAX.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 RoThiSePh

RoThiSePh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 24 November 2006 - 02:57 PM

Seriously! It's been NINE DAYS. I'm really needing some help here.. please someone!! I've already posted twice in the 5 days thread! =(

#3 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 24 November 2006 - 03:37 PM

Hello RoThiSePh and Welcome to BleepingComputer!

I am very sorry for the delay in getting to you. I will be helping you clean your computer. I am currently reviewing your log and will post back as soon as I can. :thumbsup:

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#4 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 25 November 2006 - 12:49 PM

Hello Again RoThiSePh!

Sorry for the delay on getting back to you.

let us get started...

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
=========================

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

=========================

So, in the next reply:
1)F-Secure Log
2)Uninstall List

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#5 RoThiSePh

RoThiSePh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 26 November 2006 - 03:59 PM

Thanks very much for replying, my computer is starting to really get on my nerves..! Here's the info you asked for:


F-Secure Log
---------------
Scanning Report
Sunday, November 26, 2006 16:18:25 - 17:59:14

Computer name: NICKATKINSON
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 4 malware found
Possible Browser Hijack attempt (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)

W32/Malware.AIP (virus)

* C:\PROGRAM FILES\BT YAHOO\BT YAHOO HELP\VENDORS\BTBB\CONTENT\TEMPLATE\DRIVEN_DEV\BROADBANDASST\205CLIENT.EXE

W32/Smalltroj.IMC (virus)

* C:\DOCUMENTS AND SETTINGS\NICHOLAS ATKINSON\MY DOCUMENTS\DOWNLOADED PROGRAMS\FRETSONFIRE\FRETSONFIRE\FRETSONFIRE.EXE

Statistics
Scanned:

* Files: 44513
* System: 5410
* Not scanned: 3

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-11-24
* F-Secure AVP: 7.0.171, 2006-11-24
* F-Secure Orion: 1.2.37, 2006-11-24
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-08-29

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

----------------------------------


HijackThis Log
----------------

Logfile of HijackThis v1.99.1
Scan saved at 20:53:59, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Nicholas Atkinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.biffyclyro.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Lava.lnk = C:\Program Files\Lava Lamp\Lava.exe
O4 - Global Startup: Office Startup.lnk.disabled
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {E4F2B0F2-AE18-4254-9167-A8EE66E55A6F} (VivioAX Control 3.4) - https://www.cs.tcd.ie/Jeremy.Jones/vivio/vivioAX.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#6 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 26 November 2006 - 08:42 PM

Please post the Uninstall list as previously asked for please.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#7 RoThiSePh

RoThiSePh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 26 November 2006 - 08:53 PM

Oh god, I'm sorry, I didn't see that bit!! I assumed you meant do another HJT scan. Apologies. =S Here ya go!

"GNU make 3.80.0"
AccessDirect
Ad-Aware SE Personal
Adobe Reader 6.0.1
Apple Software Update
Audacity 1.2.2
AVG Free Edition
Azureus
BCM V.92 56K Modem
BlueSoleil
Broadcom Management Programs
BT Yahoo! Applications
BT Yahoo! Broadband Internet Connection Manager 4.2
BT Yahoo! Help
Dell Media Experience
Dell Solution Center
Dia (remove only)
DivX
DivX Player
D-Link VGA Webcam
EphPod
ewido anti-malware
FreezeSMS
Google Toolbar for Internet Explorer
Google Video Player
GTK+ 2.8.18-1 runtime environment
Hazard Perception
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HyperSnap 6
HyperSnap-DX
Intel® Extreme Graphics 2 Driver
iPod for Windows 2005-06-26
iTunes
J2SE Development Kit 5.0 Update 9
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
L&H TTS3000 British English
Lava i-Mate 3.0.0.0
Learn2 Player (Uninstall Only)
Lexmark 3100 Series
LimeWire 4.12.4
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Small Business
Microsoft Office Access 2003
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ Toolkit 2003
Microsoft Windows Journal Viewer
mIRC
Modem Helper
Mozilla Firefox (1.0.7)
MP3 Player
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
myTunes Redux 1.0
Paint Shop Pro 7 Evaluation
Panda ActiveScan
PDFCreator
PlayFKiSS
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer
Retro Sci-Fi Screensaver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Soldat 1.3.1
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
SpeedTouch USB Software
Spybot - Search & Destroy 1.3
SSH Secure Shell
Synaptics Pointing Device Driver
Tactical Ops
Theory Test Centre 2003
Tiscali 10.0
TK8 EasyNote 1.1
Together® 2006 Release 2
UltraISO V7.65 ME
Unreal
Unreal Tournament
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Vodafone 804SS USB driver Software
VPN Client
WA Update v3.50 beta2
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPcap 3.1 beta3
WinRAR archiver
WinUHA 2.0 RC1 (2005.02.27)
WinZip
Worms2 Demo
XEmacs 21.4.19
ZoneAlarm

#8 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 29 November 2006 - 08:05 PM

Good Job Rothiseph :thumbsup:

Can you please elaborate on the problems that you have?

Your version of Spybot S&D is out of date!, please update at one of the following places, provided in this link:

http://www.safer-networking.org/en/mirrors/index.html

When done with that...

===========================

Boot in to Safe Mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Azureus
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.4
myTunes Redux 1.0


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Azureus
C:\Program Files\LimeWire 4.12.4
C:\Program Files\myTunes Redux 1.0


After that, Reboot.

============================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

============================

Please download A-squared Free from:
http://download3.emsisoft.com/a2freesetup.exe

1. Follow all the instructions given by the installer.
2. Once installed, the A-squared Updater will automatically start. Downloading updates will take some time.
3. Please then go to Start > Programs > A-squared and press "a-squared StartCenter".
4. Click "Scan your computer for malware infections".
5. Make sure all three setting options are ticked. Then press "Scan selected folders". The scan will then commence.
6. Click "Save HTML-Report". Save the report to somewhere convenient.
7. If malware is found, click the button "Remove Selected Malware".

============================

In your next reply, you will have two logs to post:
1) A fresh HijackThis log
2) A-squared log
3) Problems you are having

logreeval

Edited by logreeval, 29 November 2006 - 09:50 PM.

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#9 RoThiSePh

RoThiSePh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 29 November 2006 - 10:08 PM

Um, I can see the sense in updating my Spybot and using the ATF Cleaner, but is it necessary for me to remove my BitTorrent and P2P software..? I don't really use Limewire or Azureus that much to be honest, but still, I'm well aware of the possibility that there are viruses etc on the networks.

Unless there is a specific reason other than to suggest I might be unaware of the liabilities of these programs, I don't really see a need to uninstall them..? I know they're on my system. Actually, I'm not too sure about the Java runtime environment, I updated it recently but I don't know why I need to delete that?

Anyway, my problems are difficult to be specific with. It's not been as bad lately because I shut down some background processes and have been trying to restrict opening too many programs at once. Anyway, it seems that even that doesn't work - sometimes it just generally slows down every 20 or so seconds.

For example, if a video was playing on something like Youtube, Quicktime player, WMV... it would play ok for maybe around 15 seconds, then 5 would be slowing down / chopping about, and it takes a further few seconds to catch up with itself. I give video as an example because it's probably the easiest to convey, but this happens across EVERYTHING - general computer functionality coming to a brick wall, basically.

Anyway, thanks very much for bearing with me, I really appreciate it. :thumbsup:

#10 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 30 November 2006 - 12:15 AM

Please run the A-Squared program as requested in the previous post please, I will be replying with other instructions later

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#11 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 01 December 2006 - 10:05 AM

Hello Rothiseph,

please do the ASquared scan as said before and...

P2P programs do have a high chance of viruses, spyware etc. Limewire is a little "iffy", so if you could please uninstall that and use "Frostwire", it is a better alternative to Limewire. You can download it from here:
http://www.peercommons.com/frostwire/4.10....4.10.9_Beta.exe

As for the java, I was just having you uninstall the older version, because some types of malware get on to your computer by holes in the older versions of java, so please just uninstall "J2SE Runtime Environment 5.0 Update 6", not the one with a 9 on the end, that one is up to date.

I found an entry pertaining to McAfee, namely this entry:
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
have you had mcafee installed, but uninstalled it?

Next reply:
1)A-Squared Scan
2)Fresh HijackThis log

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#12 RoThiSePh

RoThiSePh
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 01 December 2006 - 02:14 PM

Hey, sorry I've taken so long to reply, had a busy week of studying... I uninstalled the Java Runtime environment, and Limewire, and myTunes, but I've left Azureus there because I use it now and again.

I've done the a^2 and HijackThis scans, as you'll see below. Though the a^2 instructions you gave did not really apply to the program at all.. it seemed a completely different layout to the way you described it. Still, it's not like it was difficult to know what to do. =]

Also, I did used to have McAfee installed on my laptop (when I got it), but I removed it straight away because when I had it on my old computer it gave me nothing but hassle. I use AVG instead. Anyway, logs:


A Squared Log
----------------------------------------------------------------------
a-squared Free - Version 2.1

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 01/12/2006 18:01:49

C:\Program Files\Common Files\totem shared detected: Trace.Directory.ISTbar
C:\Program Files\intermute\spysubtract detected: Trace.Directory.SpySubtract
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle detected: Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort detected: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWaySearchAssistant --> Changed detected: Trace.Registry.MyWay
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWaySearchAssistant --> SlowInfoCache detected: Trace.Registry.MyWay
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey detected: Trace.Registry.WebHancer
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:58 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:72 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:73 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:169 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:179 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:180 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:181 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:182 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:184 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:185 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:186 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:275 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:276 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:285 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:286 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:287 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:335 detected: Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:361 detected: Trace.TrackingCookie
C:\Program Files\BT Yahoo! Broadband\DialBBICM.exe detected: Heuristic.Dialer
C:\Program Files\Cisco Systems\VPN Client\ppptool.exe detected: Heuristic.Dialer
C:\Program Files\mIRC\mirc.exe detected: Riskware.Client-IRC.Win32.mIRC.16

Scanned

Files: 65105
Traces: 87105
Cookies: 382
Processes: 50

Found

Files: 3
Traces: 37
Cookies: 18
Processes: 0
Registry keys: 0

Scan end: 01/12/2006 18:57:53
Scan time: 00:56:04

C:\Program Files\mIRC\mirc.exe Deleted Riskware.Client-IRC.Win32.mIRC.16
C:\Program Files\BT Yahoo! Broadband\DialBBICM.exe Deleted Heuristic.Dialer
C:\Program Files\Cisco Systems\VPN Client\ppptool.exe Deleted Heuristic.Dialer
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:58 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:72 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:73 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:169 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:179 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:180 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:181 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:182 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:184 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:185 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:186 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:275 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:276 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:285 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:286 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:287 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:335 Deleted Trace.TrackingCookie
C:\Documents and Settings\Nicholas Atkinson\Application Data\Mozilla\Firefox\Profiles\2k1roh3m.default\cookies.txt:361 Deleted Trace.TrackingCookie
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey Deleted Trace.Registry.WebHancer
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWaySearchAssistant --> Changed Deleted Trace.Registry.MyWay
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWaySearchAssistant --> SlowInfoCache Deleted Trace.Registry.MyWay
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Height Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Left Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Maximized Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Top Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\bounds --> Main.Width Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Download Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Queue Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Columns\Transfers --> Upload Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Data --> AresNet1 Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Download Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Queue Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares\Positions\Transfers --> Upload Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ServerPort Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> ChatRoom.ShowJP Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Extra.ShowActiveCaption Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoConnect Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.AutoStartUp Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> General.LastLibraryMode Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastChatRoomBrowse Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastLibrary Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastPMBrowse Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> GUI.LastSearch Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Personal.GUID Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Privacy.SendRegularPath Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AllowBrowse Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> PrivateMessage.AwayMessage Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.HasLQCa Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQuery Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Stats.LstCaQueryInt Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.MaximizeUpBandOnIdle Deleted Trace.Registry.Ares
Value: HKEY_CURRENT_USER\Software\Ares --> Transfer.ServerPort Deleted Trace.Registry.Ares
C:\Program Files\intermute\spysubtract Deleted Trace.Directory.SpySubtract
C:\Program Files\Common Files\totem shared Deleted Trace.Directory.ISTbar

Deleted

Files: 3
Traces: 37
Cookies: 18

----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------


HijackThis Log
----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:09:00, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
C:\Program Files\Lava Lamp\Lava.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\TK8\TK8 EasyNote 1.1\Note.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QuickTime\PictureViewer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicholas Atkinson\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.biffyclyro.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_17_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Lava.lnk = C:\Program Files\Lava Lamp\Lava.exe
O4 - Global Startup: Office Startup.lnk.disabled
O4 - Global Startup: TK8 EasyNote 1.1.lnk = C:\Program Files\TK8\TK8 EasyNote 1.1\EasyNote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {E4F2B0F2-AE18-4254-9167-A8EE66E55A6F} (VivioAX Control 3.4) - https://www.cs.tcd.ie/Jeremy.Jones/vivio/vivioAX.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = st-andrews.ac.uk,st-and.ac.uk
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

#13 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 03 December 2006 - 11:51 AM

Hello again Rothiseph

It seems as though A-Squared has deleted some legit files:

C:\Program Files\mIRC\mirc.exe Deleted Riskware.Client-IRC.Win32.mIRC.16
C:\Program Files\BT Yahoo! Broadband\DialBBICM.exe Deleted Heuristic.Dialer
C:\Program Files\Cisco Systems\VPN Client\ppptool.exe Deleted Heuristic.Dialer

You should probably reinstall your BT Yahoo! Broadband program and the VPN Client, mirc is your choice, I might suggest IceChat from here


Now, we are going to do some simple cleanup tasks on your computer...

================

lease re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

================

To use Disk Defragmenter:

1.Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Defragmenter.
Disk Defragmenter dialog box

Posted Image

Click Analyze to start the Disk Defragmenter.

2.In the Disk Defragmenter dialog box, click the drives that you want to defragment, and then click the Analyze button.After the disk is analyzed, a dialog box appears, letting you know whether you should defragment the analyzed drives.

3.To defragment the selected drive or drives, click the Defragment button.After the defragmentation is complete, Disk Defragmenter displays the results.

4.To display detailed information about the defragmented disk or partition, click View Report.

5.To close the View Report dialog box, click Close.

6. To close the Disk Defragmenter utility, click the Close button on the title bar of the window.

================

When done with that, tell me how the computer is running, and post a fresh HJT log.

logreeval

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image


#14 logreeval

logreeval

  • Members
  • 351 posts
  • OFFLINE
  •  
  • Location:Petaluma, California
  • Local time:02:55 PM

Posted 17 December 2006 - 12:33 PM

Due to the lack of feedback this topic is now closed.
If you would like this topic reopened, PM a Staff member with a link to this topic.
This applies to the topic starter ONLY, everyone else start a New Topic.

Glad we could help :thumbsup:

Are you infected?, if you need help, go here!
Do you want to learn how you got infected, and how to prevent it? Try looking here!
For some free malware removal/prevention tools, and some malware prevention advice, check out my site!

Please don't PM me asking for help, post on the forums instead.

Am I helping you and haven't replied in a few days?, Go ahead and send me a polite PM.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users