Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Computer Running Slow and Glitchy
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-10-2008, 08:57 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Computer Running Slow and Glitchy
Hi, this is my first time posting here. I found this forum and it seemed very helpful. Last week I was trying to download something through Bittorent(have since uninstalled it) and after that my computer has been having major issues. At one point I was having a problem with system shutdown associated with the message System Shutdown NT Authority/Shutdown. I have since resolved that issue and run spybot and AVG virus scan. They found alot of trogans and stuff. My computer is running better but it is still kind of slow and glitchy. I tried to follow the steps before posting but when I ran gmer.exe my cpu would shut off. It was after I said yes to a full scan. I then ran RSIT.exe and it pulled up the log.txt but not the info.txt. I am going to post that log. I would really appreciate any help. Thank you!!

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-10 11:46:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 151 GB (50%) free of 301 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:24 AM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.Jezebelle\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {2BF8B4D3-5ED9-4979-AE5D-F7CECAA7997E} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: Rmn plugin - {5beefd1c-446f-48a7-a7c7-c8e5986a9760} - rbsgam.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 0 - {9142EAD4-C950-42A4-8287-2DA9AD69CF67} - C:\Program Files\Messenger\laguri81.dll (file missing)
O2 - BHO: (no name) - {9FB07BE0-2CBC-4C92-99C8-D6886BBC5DD6} - C:\Program Files\Windows Plus\hote83122.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\opnooon.dll (file missing)
O2 - BHO: {be0bd828-1a10-9128-b764-4375d548b13c} - {c31b845d-5734-467b-8219-01a1828db0eb} - C:\WINDOWS\system32\iqvvrilm.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Ealb] "C:\DOCUME~1\OWNER~1.JEZ\APPLIC~1\FNTS~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://email3.uncg.edu/dwa7W.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: opnooon - opnooon.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 10209 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BF8B4D3-5ED9-4979-AE5D-F7CECAA7997E}]
C:\WINDOWS\system32\pmkhf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5beefd1c-446f-48a7-a7c7-c8e5986a9760}]
Rmn plugin - rbsgam.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9142EAD4-C950-42A4-8287-2DA9AD69CF67}]
C:\Program Files\Messenger\laguri81.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FB07BE0-2CBC-4C92-99C8-D6886BBC5DD6}]
C:\Program Files\Windows Plus\hote83122.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-08 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-09-09 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-09-09 654832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
C:\WINDOWS\system32\opnooon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c31b845d-5734-467b-8219-01a1828db0eb}]
C:\WINDOWS\system32\iqvvrilm.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-09-09 2554944]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-08 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-08-17 69632]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-12-14 577536]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-17 185896]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-05-01 131072]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-04-08 648504]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-08 1234712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"Ealb"=C:\DOCUME~1\OWNER~1.JEZ\APPLIC~1\FNTS~1\chkdsk.exe -vt yazb []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnooon]
opnooon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"=C:\WINDOWS\system32\opnooon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0jkxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0jkxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe"="C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Steam\steamapps\desolece\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\desolece\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\WOWoW\Repair.exe"="C:\Program Files\WOWoW\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Steam\steamapps\desolece\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\desolece\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2008-11-10 11:42:07 ----D---- C:\Program Files\trend micro
2008-11-10 11:42:06 ----D---- C:\rsit
2008-11-10 09:39:21 ----A---- C:\WINDOWS\gmer.ini
2008-11-10 09:39:19 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-10 09:39:19 ----A---- C:\WINDOWS\gmer.exe
2008-11-10 09:39:19 ----A---- C:\WINDOWS\gmer.dll
2008-11-08 18:37:59 ----HD---- C:\$AVG8.VAULT$
2008-11-08 16:19:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-08 16:18:43 ----D---- C:\Program Files\AVG
2008-11-08 16:18:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-08 07:46:00 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-11-08 07:31:44 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-08 01:08:30 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\AVGTOOLBAR
2008-11-06 11:45:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-06 05:19:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-06 03:50:28 ----A---- C:\WINDOWS\wininit.ini
2008-11-06 02:36:25 ----A---- C:\WINDOWS\system32\alog.txt
2008-11-06 02:26:07 ----A---- C:\WINDOWS\Qzifijolo.dll
2008-11-06 02:26:03 ----A---- C:\WINDOWS\system32\mkrnl.exe
2008-11-06 02:25:31 ----D---- C:\Program Files\Microsoft Common
2008-11-06 02:25:01 ----D---- C:\WINDOWS\system32\QI19
2008-10-20 10:17:14 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\pdf995
2008-10-20 10:17:14 ----A---- C:\WINDOWS\pdf995.ini
2008-10-17 02:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-17 02:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-17 02:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-17 02:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-17 02:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-17 02:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-09 02:00:41 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-09 02:00:41 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-09 02:00:41 ----A---- C:\WINDOWS\system32\java.exe
2008-09-21 02:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-20 15:52:59 ----D---- C:\WINDOWS\Prefetch
2008-09-20 13:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-20 13:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 1357 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 1352 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 1347 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 1342 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 1337 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 1332 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 1327 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 1321 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-09-20 1316 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 1313 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 13:02:33 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 13:02:33 ----D---- C:\WINDOWS\system32\en
2008-09-20 13:02:33 ----D---- C:\WINDOWS\system32\bits
2008-09-20 13:02:33 ----D---- C:\WINDOWS\l2schemas
2008-09-20 13:00:38 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 12:54:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-15 23:46:41 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-15 23:46:38 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-15 23:46:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-15 23:46:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-15 23:46:31 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-15 23:46:31 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-15 23:46:29 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-15 23:46:29 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-15 23:46:29 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-15 23:46:29 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-15 23:46:29 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-15 23:46:29 ----N---- C:\WINDOWS\slrundll.exe
2008-09-15 23:46:27 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-15 23:46:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-15 23:46:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-15 23:46:26 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-15 23:46:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-15 23:46:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-15 23:46:25 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-15 23:46:25 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-15 23:46:23 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-15 23:46:20 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-15 23:46:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-15 23:46:19 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-15 23:46:19 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-15 23:46:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-15 23:46:18 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-15 23:46:13 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-15 23:46:13 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-15 23:46:13 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-15 23:46:13 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-15 23:46:12 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-15 23:46:08 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-15 23:46:04 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-15 23:46:04 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-15 23:46:03 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-15 23:46:01 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-15 23:46:00 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-15 23:46:00 ----A---- C:\WINDOWS\003347_.tmp
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-15 23:45:59 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-15 23:45:58 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-15 23:45:57 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-15 23:45:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-15 23:45:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-15 23:45:56 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-15 23:45:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-15 23:45:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-15 23:45:52 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-15 23:45:52 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-15 23:45:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-15 23:45:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-15 23:45:51 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-15 23:45:51 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-15 23:45:51 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-15 23:45:49 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-13 03:33:15 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-11 02:00:49 ----D---- C:\Program Files\MSXML 6.0
2008-09-11 02:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-09-11 02:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 20:07:58 ----D---- C:\Program Files\MSBuild
2008-09-10 2027 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-10 20:05:52 ----D---- C:\Program Files\Reference Assemblies
2008-09-10 20:05:31 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-09-10 20:05:15 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-09-10 20:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys
2008-09-10 20:03:37 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2008-09-10 20:02:20 ----D---- C:\Program Files\Linksys
2008-09-03 13:02:53 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2008-09-03 13:02:53 ----A---- C:\WINDOWS\system32\pdfmona.dll
2008-09-03 13:02:53 ----A---- C:\WINDOWS\system32\pdf995mon.dll
2008-09-03 13:02:36 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\TaxCut
2008-09-03 13:01:57 ----D---- C:\Program Files\TaxCut07
2008-09-03 13:01:57 ----D---- C:\Program Files\PDF995
2008-09-03 13:01:07 ----D---- C:\Documents and Settings\All Users\Application Data\TaxCut
2008-09-03 13:00:18 ----SHD---- C:\WINDOWS\ftpcache
2008-09-02 20:34:18 ----D---- C:\Program Files\Microsoft Games
2008-08-17 23:17:46 ----A---- C:\WINDOWS\cdplayer.ini
2008-08-17 23:17:05 ----D---- C:\Program Files\Common Files\xing shared
2008-08-17 23:16:59 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-08-17 23:16:52 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-08-17 23:16:52 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-08-17 23:16:51 ----D---- C:\Program Files\Real
2008-08-17 23:16:51 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-08-16 02:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-16 02:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-16 02:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-16 02:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-16 02:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-16 02:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-16 02:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-16 02:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953838_0$

======List of files/folders modified in the last 3 months======

2008-11-10 11:42:07 ----AD---- C:\Program Files
2008-11-10 11:36:31 ----D---- C:\Program Files\Mozilla Firefox
2008-11-10 10:20:00 ----D---- C:\WINDOWS\Temp
2008-11-10 10:19:55 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2008-11-10 10:19:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-10 10:19:42 ----D---- C:\WINDOWS\Registration
2008-11-10 10:19:17 ----D---- C:\WINDOWS
2008-11-10 10:19:14 ----D---- C:\Program Files\Steam
2008-11-10 10:19:13 ----D---- C:\WINDOWS\system32
2008-11-10 09:44:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-10 09:44:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 09:39:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-10 08:42:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 08:13:47 ----HD---- C:\Config.Msi
2008-11-09 08:13:46 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-08 23:28:36 ----SHD---- C:\WINDOWS\Installer
2008-11-08 23:28:36 ----D---- C:\Program Files\Common Files
2008-11-08 23:27:52 ----D---- C:\Program Files\CyberLink
2008-11-08 23:19:48 ----D---- C:\Program Files\Winamp
2008-11-08 16:18:41 ----D---- C:\WINDOWS\WinSxS
2008-11-08 16:18:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-08 16:18:24 ----SD---- C:\Documents and Settings\Owner.Jezebelle\Application Data\Microsoft
2008-11-08 16:03:55 ----SHD---- C:\System Volume Information
2008-11-08 16:01:58 ----HD---- C:\WINDOWS\inf
2008-11-08 07:50:13 ----D---- C:\ComboFix
2008-11-08 07:33:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-08 01:46:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-08 01:35:36 ----SHD---- C:\RECYCLER
2008-11-08 00:49:13 ----D---- C:\WINDOWS\system
2008-11-08 00:26:50 ----D---- C:\WINDOWS\system32\Restore
2008-11-06 11:45:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-06 11:45:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-06 10:43:26 ----D---- C:\Program Files\Adobe
2008-11-06 05:19:37 ----D---- C:\Program Files\Lavasoft
2008-11-06 04:56:53 ----D---- C:\Program Files\HijackThis
2008-11-06 04:56:47 ----A---- C:\VundoFix.txt
2008-11-06 03:58:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 02:25:01 ----D---- C:\Temp
2008-11-05 13:12:35 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\OpenOffice.org2
2008-11-03 11:34:44 ----D---- C:\Documents and Settings
2008-10-17 02:01:21 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 11:00:25 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\Image Zone Express
2008-10-11 11:00:24 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\Printer Info Cache
2008-10-09 02:37:27 ----D---- C:\Program Files\LimeWire
2008-10-09 02:00:40 ----D---- C:\Program Files\Java
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-20 15:54:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-20 15:53:05 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 15:52:30 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 15:52:30 ----D---- C:\Program Files\Messenger
2008-09-20 15:52:29 ----D---- C:\WINDOWS\system32\wbem
2008-09-20 15:52:29 ----D---- C:\WINDOWS\AppPatch
2008-09-20 15:52:28 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 15:51:29 ----D---- C:\WINDOWS\security
2008-09-20 13:07:12 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 13:05:13 ----RSD---- C:\WINDOWS\assembly
2008-09-20 13:02:52 ----D---- C:\WINDOWS\Help
2008-09-20 13:02:44 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-20 13:02:43 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 13:02:43 ----D---- C:\WINDOWS\ime
2008-09-20 13:02:34 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 13:02:34 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 13:02:33 ----D---- C:\WINDOWS\PeerNet
2008-09-20 13:02:33 ----D---- C:\Program Files\Internet Explorer
2008-09-20 13:02:32 ----D---- C:\Program Files\Movie Maker
2008-09-20 13:00:28 ----D---- C:\WINDOWS\system32\npp
2008-09-20 13:00:28 ----D---- C:\WINDOWS\mui
2008-09-20 13:00:27 ----D---- C:\WINDOWS\msagent
2008-09-20 13:00:25 ----D---- C:\WINDOWS\srchasst
2008-09-20 13:00:23 ----D---- C:\Program Files\NetMeeting
2008-09-20 13:00:22 ----D---- C:\WINDOWS\system32\Com
2008-09-20 13:00:20 ----D---- C:\Program Files\Windows NT
2008-09-20 13:00:19 ----D---- C:\Program Files\Outlook Express
2008-09-20 13:00:16 ----D---- C:\Program Files\Common Files\System
2008-09-20 12:59:59 ----D---- C:\WINDOWS\system32\oobe
2008-09-20 12:54:35 ----D---- C:\WINDOWS\ehome
2008-09-15 23:26:59 ----D---- C:\WINDOWS\Debug
2008-09-15 19:33:55 ----HD---- C:\Documents and Settings\Owner.Jezebelle\Application Data\Move Networks
2008-09-10 21:39:22 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-10 20:05:37 ----D---- C:\WINDOWS\system32\spool
2008-09-10 20:03:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-10 20:03:24 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-23 11:20:16 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\HP
2008-08-20 00:30:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 00:30:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 00:30:51 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 00:30:51 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-18 00:20:40 ----D---- C:\Documents and Settings\Owner.Jezebelle\Application Data\Real
2008-08-17 23:17:01 ----D---- C:\Program Files\Common Files\Real
2008-08-14 05:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgldx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-08 97928]
R1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-08 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-19 2560]
R2 avgtdix;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-04-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-04-08 25272]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-23 1094751]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2006-02-23 167808]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\OWNER~1.JEZ\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-10 85969]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-04-08 648504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-05-11 172032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-04 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-09 138680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 11-10-2008, 10:30 AM   #2 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Sorry here is the info.txt. I guess it did get it and put it into a folder. It does not bring it up again.

Also, just to add to the symptoms. The internet seems to be running very slowly and lots of time its won't bring up the page and I have to refresh it several times to get it to work.

The gmer.exe still makes the computer restart.
Attached Files
File Type: txt info.txt (16.0 KB, 3 views)
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-10-2008, 11:57 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Here is the gmer.exe file that I got from running it in safe mode. It did not respond the same as when I was running it in regular mode. Not sure what that means but it did not crash the CPU in safe mode.
Attached Files
File Type: txt gmer.txt (2.1 KB, 2 views)
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 11:46 AM   #4 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Bump. CPU still running slow.
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 12:15 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Hello -

There are signs of a variant of a "banker trojan" showing in your log. Even though the trojan has been identified and can be killed, because of it's backdoor functionality, there is no way to be sure what information has been stolen from your system. If you do any banking or have recently paid for goods or services online you will need to change all passwords where applicable and it would be wise to contact your bank or credit card company to inform them of your situation. This also applies to passwords for any confidential sites you use such as Paypal, Ebay, Email etc... The infection you have has the ability to download and execute files, log keystrokes, Redirect connections, Sniff sent packets for information & Steal personal information so it is a very serious threat.

I'm not certain that removing what I do see will address your main concern which seems to be a slow computer, but it's where we should begin.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

  8. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 07:14 PM   #6 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Hello Tetonbob,
Thank you so much for your help!! Ok, I did the steps so far and here are the logs. I attached the Combofix.txt log because it was so long but if you would rather have it posted in the forum I can do that too. Thanks again for all of your help and I await your next instructions!!


ComboFix 08-11-13.02 - Owner 2008-11-15 21:47:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1391 [GMT -5:00]
Running from: c:\documents and settings\Owner.Jezebelle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.Jezebelle\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Microsoft Common
c:\windows\system32\alog.txt
c:\windows\system32\fhkmp.ini
c:\windows\system32\fhkmp.ini2
c:\windows\system32\kaxs.dat
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\tb.dr
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_restore


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-11 15:46 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 11:42 . 2008-11-10 11:42 <DIR> d-------- C:\rsit
2008-11-10 11:42 . 2008-11-10 12:27 <DIR> d-------- c:\program files\trend micro
2008-11-10 09:39 . 2008-11-10 13:49 250 --a------ c:\windows\gmer.ini
2008-11-08 18:37 . 2008-11-13 17:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 16:19 . 2008-11-08 16:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 16:19 . 2008-11-08 16:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-08 16:18 . 2008-11-15 21:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\program files\AVG
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 16:18 . 2008-11-08 16:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 07:46 . 2008-11-08 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-08 07:31 . 2008-11-08 07:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 07:20 . 2008-11-08 07:20 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-08 01:23 . 2008-11-08 01:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-08 01:08 . 2008-11-08 01:08 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\AVGTOOLBAR
2008-11-06 05:19 . 2008-11-06 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 05:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 03:50 . 2008-11-06 03:50 141 --a------ c:\windows\wininit.ini
2008-11-06 02:31 . 2008-11-06 03:04 58 --a------ c:\windows\system32\winwp.bmp
2008-11-06 02:26 . 2008-11-06 02:26 144,896 --a------ c:\windows\system32\mkrnl.exe
2008-11-06 02:26 . 2008-11-06 02:26 24,576 --a------ c:\windows\Qzifijolo.dll
2008-11-06 02:25 . 2008-11-06 02:33 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 02:25 . 2008-11-06 02:25 <DIR> d-------- c:\temp\NT32
2008-11-06 02:25 . 2008-11-06 02:25 2 --a------ C:\-925240183
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ\LOCALS~1
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner_Jezebelle
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\pdf995
2008-10-20 10:17 . 2008-10-20 10:17 28 --a------ c:\windows\pdf995.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 02:50 --------- d-----w c:\program files\Steam
2008-11-14 03:05 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\OpenOffice.org2
2008-11-10 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 13:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 04:27 --------- d-----w c:\program files\CyberLink
2008-11-09 04:19 --------- d-----w c:\program files\Winamp
2008-11-06 10:19 --------- d-----w c:\program files\Lavasoft
2008-11-03 16:46 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\TaxCut
2008-11-03 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Printer Info Cache
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Image Zone Express
2008-10-09 07:37 --------- d-----w c:\program files\LimeWire
2008-10-09 07:00 --------- d-----w c:\program files\Java
2008-09-16 00:33 --------- d--h--w c:\documents and settings\Owner.Jezebelle\Application Data\Move Networks
2008-02-28 13:30 274 ----a-w c:\documents and settings\Owner.Jezebelle\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot_2007-11-16_22.57.08.89 )))))))))))))))))))))))))))))))))))))))))
.

<snipped to fit>
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-17 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-08 648504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\desolece\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\WOWoW\\Repair.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-04-18 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-03-01 24652]
S1 1d1615c3;1d1615c3;c:\windows\system32\drivers\1d1615c3.sys []
.
- - - - ORPHANS REMOVED - - - -

BHO-{2BF8B4D3-5ED9-4979-AE5D-F7CECAA7997E} - c:\windows\system32\pmkhf.dll
BHO-{9142EAD4-C950-42A4-8287-2DA9AD69CF67} - c:\program files\Messenger\laguri81.dll
BHO-{9FB07BE0-2CBC-4C92-99C8-D6886BBC5DD6} - c:\program files\Windows Plus\hote83122.dll
BHO-{c31b845d-5734-467b-8219-01a1828db0eb} - c:\windows\system32\iqvvrilm.dll
HKCU-Run-Ealb - c:\docume~1\OWNER~1.JEZ\APPLIC~1\FNTS~1\chkdsk.exe
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)
Notify-opnooon - opnooon.dll
SafeBoot-ati0jkxx.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner.Jezebelle\Application Data\Mozilla\Firefox\Profiles\ie8eqf4u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:51:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehSched.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\java.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-15 22:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 03:01:40
ComboFix2.txt 2007-11-18 15:38:10

Pre-Run: 161,236,717,568 bytes free
Post-Run: 161,232,158,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

8262 --- E O F --- 2008-11-13 04:28:40
Attached Files
File Type: txt ComboFix.txt (676.6 KB, 2 views)
File Type: txt hijackthis.txt (9.2 KB, 1 views)
Last edited by cadriemir; 11-15-2008 at 07:17 PM.
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 07:24 PM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Hi, that's just fine. I've edited out some of the information so I can view the main log in the post.

I need a bit of information, please.

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following:

    c:\windows\system32\mkrnl.exe


  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.
  • Please repeat for the following files:

    • c:\windows\Qzifijolo.dll
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 07:50 PM   #8 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Ok, here are the results.

c:\windows\system32\mkrnl.exe

Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.3 2008.11.15 -
AntiVir 7.9.0.31 2008.11.14 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.15 -
BitDefender 7.2 2008.11.16 -
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.15 -
F-Prot 4.4.4.56 2008.11.15 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.16 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 -
NOD32 3615 2008.11.15 a variant of Win32/Adware.XPAntivirus.AD
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.15 -
PCTools 4.4.2.0 2008.11.15 -
Prevx1 V2 2008.11.16 Cloaked Malware
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 Trojan.Crypt.XPACK.Gen
Sophos 4.35.0 2008.11.15 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.16 AntiVirus2009
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.15 -
Additional information
File size: 144896 bytes
MD5...: 6b15838d185a7eca5ecfa2e7ebac3c6b
SHA1..: fb6b02bbdafdd1a842856b63c4a4fe1fbfb14eb7
SHA256: 94806b58b17a062b1ef8e8aa809a8b5d51dd9910482e37cdaab7a26fc76aeaa6
SHA512: efffab86325952adf704aea0417d5c7e4e56880a605e7a0e1d38d17099268da7
33def54612312aa70195e09f605163e7360dde70c1ad34fd89aa424360bc9f2a
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4010dc
timedatestamp.....: 0x45f64af1 (Tue Mar 13 06:55:45 2007)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5002 0x5200 0.51 7e19fe3e4dce5f2e868366255492c746
.rdata 0x7000 0x6e5 0x800 0.00 c99a74c555371a433d121f551d6c6398
.data 0x8000 0x3ce851 0x1aa00 6.46 d8d91c2ee16350ad5edbd11ae519a4e9
.tls 0x3d7000 0x6e 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rdata 0x3d8000 0x18 0x200 0.23 78d5e22a168cf6ed9c526f0b6b67633d
.idata 0x3d9000 0x1375 0x1400 4.36 8e0eb260407d3b14f6de7273b16bc2b1
.reloc 0x3db000 0x337 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x3dc000 0xff4 0x1000 5.97 5a12f3eb2c83b8849a17cd40bfe58bc6

( 10 imports )
> GDI32.DLL: BeginPath, CopyMetaFileA, CloseMetaFile, CreateSolidBrush, GetBrushOrgEx, BitBlt, GetPixel, AddFontMemResourceEx, ClearBrushAttributes, GetClipBox, GetBitmapBits
> COMCTL32.DLL: ImageList_LoadImageA, ImageList_Remove, ImageList_Read, ImageList_ReplaceIcon, ImageList_Replace, ImageList_AddMasked, ImageList_DragShowNolock, ImageList_GetIcon, ImageList_GetImageRect, ImageList_Destroy, ImageList_LoadImage, ImageList_GetImageCount, ImageList_DragLeave, ImageList_Create, ImageList_GetImageInfo
> COMCTL32.DLL: ImageList_LoadImage, ImageList_GetImageInfo, ImageList_BeginDrag, ImageList_LoadImageW, ImageList_DrawIndirect, ImageList_EndDrag, ImageList_DragLeave, ImageList_Copy, ImageList_AddMasked, ImageList_DragMove, ImageList_Merge, ImageList_AddIcon, ImageList_Destroy, InitCommonControls, ImageList_Remove
> USER32.DLL: CopyImage, IsMenu, EndDialog, CreateIcon, CalcMenuBar, GetDlgItem, GetWindowTextLengthA, InsertMenuA, BlockInput, CopyRect, AlignRects
> GDI32.DLL: CopyMetaFileA, DeleteDC, ClearBitmapAttributes, RestoreDC, GetDCOrgEx, AddFontResourceTracking, BitBlt, CreateSolidBrush, ExtTextOutA, AbortPath, GetPixel, ExcludeClipRect, GetBitmapBits, AddFontResourceExW, AddFontResourceExA, AddFontResourceA
> ADVAPI32.DLL: RegCreateKeyExA, RegEnumValueA, RegCreateKeyExW, RegQueryValueW, RegReplaceKeyA, RegGetKeySecurity, RegDeleteValueA, RegEnumKeyExW, RegFlushKey, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, RegLoadKeyA, RegOpenKeyW, RegCreateKeyW, RegEnumKeyExA, RegQueryValueExW, RegEnumValueW
> COMCTL32.DLL: ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, ImageList_LoadImageA, ImageList_Remove, ImageList_GetIcon, ImageList_Destroy, InitCommonControls, ImageList_AddIcon, ImageList_GetImageCount, ImageList_Create, ImageList_Replace, ImageList_BeginDrag
> USER32.DLL: GetWindowTextLengthA, CopyImage, CopyIcon, AppendMenuA, InsertMenuA, CreateIcon, GetWindowTextA, GetDC, EndDialog, AppendMenuW, CalcMenuBar, AlignRects, LoadCursorA, DialogBoxParamW, DrawTextA, LoadMenuA, DrawIconEx, DialogBoxParamA
> ADVAPI32.DLL: RegQueryValueA, RegFlushKey, RegQueryValueExW, RegDeleteKeyW, RegEnumKeyExW, RegEnumKeyW, RegQueryValueExA, RegGetKeySecurity, RegEnumValueA, RegOpenKeyExA
> USER32.DLL: IsMenu, CopyIcon, DrawIconEx, CreateIcon, DialogBoxParamW, LoadCursorA, CopyImage, DialogBoxParamA, DrawTextA, AppendMenuW, GetDC, CloseWindow, CopyRect, CalcMenuBar

( 0 exports )


c:\windows\Qzifijolo.dll

File Qzifijolo.dll received on 11.16.2008 04:46:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/36 (11.12%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.11.14.3 2008.11.15 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 -
AVG 8.0.0.199 2008.11.15 -
BitDefender 7.2 2008.11.16 -
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.15 -
F-Prot 4.4.4.56 2008.11.15 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 -
Ikarus T3.1.1.45.0 2008.11.16 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 -
NOD32 3615 2008.11.15 -
Norman 5.80.02 2008.11.14 W32/DLoader.KSWL
Panda 9.0.0.4 2008.11.15 Generic Trojan
PCTools 4.4.2.0 2008.11.15 -
Prevx1 V2 2008.11.16 Malware Downloader
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.15 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.16 Downloader
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.15 -
Additional information
File size: 24576 bytes
MD5...: 99378be4b316a485550f4cc9e1fd4052
SHA1..: a5fa120a4e285d1e9aa717f476d643c50c92c6da
SHA256: 7f4e9701061b5cb8b06f434fc0c11573246f440c71e8e5c2739907583339e5ae
SHA512: 06b16f1cb20d540921659009de0c9a20eec18438c2fb0d68848b02b64c5b15a0
664af639b8b07ec29c1d2b6c037064ea3bbd41beb4b168465e7215cd21f21438
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000255b
timedatestamp.....: 0x490f0096 (Mon Nov 03 13:45:58 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38bd 0x4000 5.71 466dba97f880dc5e06991778084bc20c
.data 0x5000 0xe18 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.reloc 0x6000 0x404 0x1000 2.13 ea9d41c571270840f67129b0994c231f

( 6 imports )
> SHLWAPI.dll: StrRStrIW, StrStrIW
> KERNEL32.dll: lstrlenW, lstrcatW, GetProcAddress, LoadLibraryW, WaitForSingleObject, CreateThread, lstrcpyW, GetVolumeInformationW, GetSystemWindowsDirectoryW, lstrcpynW, CreateProcessW, Sleep, VirtualAlloc, CreateFileW, GetTickCount, CreateEventW, CreateMutexW, DisableThreadLibraryCalls, GetModuleFileNameW, ResetEvent, SetEvent, GetLastError, FreeLibraryAndExitThread, SetFilePointer, CreateWaitableTimerW, WaitForMultipleObjects, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetVersionExW, WriteFile, SetEndOfFile, FreeLibrary, CloseHandle, VirtualFree, SetWaitableTimer
> USER32.dll: SetWindowsHookExW, PostMessageW, CallNextHookEx, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, wsprintfW
> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExW, RegDeleteValueW, RegFlushKey, RegSetValueExW, RegNotifyChangeKeyValue, RegCloseKey, RegCreateKeyExW
> SHELL32.dll: SHGetFolderPathW, -
> ole32.dll: StringFromCLSID, CoCreateGuid, CoTaskMemFree

( 2 exports )
e, r
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 08:07 PM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Great...thanks.

Next steps...

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  2. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    http://www.techsupportforum.com/security-center/hijackthis-log-help/311396-computer-running-slow-glitchy.html

    File::
    c:\windows\system32\winwp.bmp
    C:\-925240183

    DirLook::
    c:\windows\system32\QI19
    c:\temp\NT32

    Driver::
    1d1615c3

    Collect::
    c:\windows\system32\mkrnl.exe
    c:\windows\Qzifijolo.dll
    c:\windows\system32\drivers\1d1615c3.sys
    Save this as CFScript.txt




    Referring to the picture above, drag CFScript.txt into ComboFix.exe


  3. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  4. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
  5. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-15-2008, 10:30 PM   #10 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Ok I did this. I did see a window and clicked ok but nothing happened. =(
I have attached combowfix2.txt.

I tried to run combofix again to try and get the box thing to work but the second time I ran it it didn't really do anything but post a log. Sorry if I shouldn't have ran it again. I saved it as combofix3.txt.

Please let me know what to do next.

ComboFix 08-11-14.01 - Owner 2008-11-16 0:54:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1308 [GMT -5:00]
Running from: c:\documents and settings\Owner.Jezebelle\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.Jezebelle\Desktop\CFScript..txt
* Created a new restore point

FILE ::
C:\-925240183
c:\windows\system32\winwp.bmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-925240183
c:\windows\Qzifijolo.dll
c:\windows\system32\mkrnl.exe
c:\windows\system32\winwp.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_1d1615c3


((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 22:07 . 2008-11-15 22:07 7,680 --ahs---- c:\windows\Thumbs.db
2008-11-11 15:46 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 15:46 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 11:42 . 2008-11-10 11:42 <DIR> d-------- C:\rsit
2008-11-10 11:42 . 2008-11-10 12:27 <DIR> d-------- c:\program files\trend micro
2008-11-10 09:39 . 2008-11-10 13:49 250 --a------ c:\windows\gmer.ini
2008-11-08 18:37 . 2008-11-13 17:36 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 16:19 . 2008-11-08 16:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 16:19 . 2008-11-08 16:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-08 16:18 . 2008-11-15 21:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\program files\AVG
2008-11-08 16:18 . 2008-11-08 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 16:18 . 2008-11-08 16:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 07:46 . 2008-11-08 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-08 07:31 . 2008-11-08 07:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-08 07:20 . 2008-11-08 07:20 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-08 01:23 . 2008-11-08 01:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Talkback
2008-11-08 01:08 . 2008-11-08 01:08 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\AVGTOOLBAR
2008-11-06 05:19 . 2008-11-06 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 05:10 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 03:50 . 2008-11-06 03:50 141 --a------ c:\windows\wininit.ini
2008-11-06 02:25 . 2008-11-06 02:33 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 02:25 . 2008-11-06 02:25 <DIR> d-------- c:\temp\NT32
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ\LOCALS~1
2008-11-03 11:34 . 2008-11-03 11:34 <DIR> d-------- c:\documents and settings\OWNER~1_JEZ
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner_Jezebelle
2008-10-20 10:17 . 2008-10-20 10:17 <DIR> d-------- c:\documents and settings\Owner.Jezebelle\Application Data\pdf995
2008-10-20 10:17 . 2008-10-20 10:17 28 --a------ c:\windows\pdf995.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 06:08 --------- d-----w c:\program files\Steam
2008-11-14 03:05 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\OpenOffice.org2
2008-11-10 14:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-09 13:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 04:27 --------- d-----w c:\program files\CyberLink
2008-11-09 04:19 --------- d-----w c:\program files\Winamp
2008-11-06 10:19 --------- d-----w c:\program files\Lavasoft
2008-11-03 16:46 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\TaxCut
2008-11-03 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Printer Info Cache
2008-10-11 16:00 --------- d-----w c:\documents and settings\Owner.Jezebelle\Application Data\Image Zone Express
2008-10-09 07:37 --------- d-----w c:\program files\LimeWire
2008-10-09 07:00 --------- d-----w c:\program files\Java
2008-09-16 00:33 --------- d--h--w c:\documents and settings\Owner.Jezebelle\Application Data\Move Networks
2008-02-28 13:30 274 ----a-w c:\documents and settings\Owner.Jezebelle\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\temp\NT32 ----


---- Directory of c:\windows\system32\QI19 ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-08-17 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-17 185896]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-08 648504]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\desolece\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\WOWoW\\Repair.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R2 LinksysUpdater;Linksys Updater;"c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "c:\program files\Linksys\Linksys Updater\conf\wrapper.conf" [2008-04-18 204800]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-03-01 24652]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 0158
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\java.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-16 1:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 06:16:25
ComboFix2.txt 2007-11-18 15:38:10

Pre-Run: 161,179,136,000 bytes free
Post-Run: 161,156,911,104 bytes free

174 --- E O F --- 2008-11-13 04:28:40
Attached Files
File Type: txt combofix2.txt (11.0 KB, 2 views)
File Type: txt combofix3.txt (10.9 KB, 2 views)
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-16-2008, 07:35 AM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Hi -

No, you should not have run it a second time. Please do not assume, if something does not go according to plan.

I'll need a bit more information so we can upload the file.

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-16-2008, 11:46 PM   #12 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
2007-04-25 23:30:16 A------- 29,184 C:\Qoobox\Quarantine\C\WINDOWS\system32\MSINET.oca.vir
2007-09-23 19:05:16 A------- 279,600 C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2007-11-03 18:25:42 A------- 0 C:\Qoobox\Quarantine\C\z.dat.vir
2007-11-05 01:53:27 A------- 143 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2007-11-18 10:41:32 A------- 448,950 C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.ini2.vir
2007-11-18 10:41:32 A------- 449,028 C:\Qoobox\Quarantine\C\WINDOWS\system32\fhkmp.ini.vir
2008-11-06 02:25:15 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Owner.Jezebelle\Local Settings\Temporary Internet Files\fbk.sts.vir
2008-11-06 02:25:42 A------- 22,461 C:\Qoobox\Quarantine\C\WINDOWS\system32\kaxs.dat.vir
2008-11-06 02:25:51 A------- 2 C:\Qoobox\Quarantine\C\-925240183.vir
2008-11-06 02:26:03 A------- 144,896 C:\Qoobox\Quarantine\C\WINDOWS\system32\mkrnl.exe.vir
2008-11-06 02:26:07 A------- 24,576 C:\Qoobox\Quarantine\C\WINDOWS\Qzifijolo.dll.vir
2008-11-06 02:26:21 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tb.dr.vir
2008-11-06 02:31:12 A------- 58 C:\Qoobox\Quarantine\C\WINDOWS\system32\winwp.bmp.vir
2008-11-06 02:36:25 A------- 812 C:\Qoobox\Quarantine\C\WINDOWS\system32\alog.txt.vir
2008-11-15 21:44:35 A------- 232 C:\Qoobox\Quarantine\catchme.log
2008-11-15 21:48:06 A------- 7,017 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-15 21:48:13 A------- 2,210 C:\Qoobox\Quarantine\Registry_backups\Service_restore.reg.dat
2008-11-15 22:01:20 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-15 22:01:20 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-15 22:01:20 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-15 22:01:21 A------- 371 C:\Qoobox\Quarantine\Registry_backups\BHO-{2BF8B4D3-5ED9-4979-AE5D-F7CECAA7997E}.reg.dat
2008-11-15 22:01:21 A------- 393 C:\Qoobox\Quarantine\Registry_backups\BHO-{9142EAD4-C950-42A4-8287-2DA9AD69CF67}.reg.dat
2008-11-15 22:01:22 A------- 402 C:\Qoobox\Quarantine\Registry_backups\BHO-{9FB07BE0-2CBC-4C92-99C8-D6886BBC5DD6}.reg.dat
2008-11-15 22:01:22 A------- 418 C:\Qoobox\Quarantine\Registry_backups\BHO-{c31b845d-5734-467b-8219-01a1828db0eb}.reg.dat
2008-11-15 22:01:23 A------- 90 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Aim6.reg.dat
2008-11-15 22:01:23 A------- 137 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-BitTorrent DNA.reg.dat
2008-11-15 22:01:23 A------- 158 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Ealb.reg.dat
2008-11-15 22:01:23 A------- 175 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-updateMgr.reg.dat
2008-11-15 22:01:27 A------- 512 C:\Qoobox\Quarantine\Registry_backups\Notify-opnooon.reg.dat
2008-11-15 22:01:29 A------- 558 C:\Qoobox\Quarantine\Registry_backups\SafeBoot-ati0jkxx.sys.reg.dat
2008-11-16 00:54:09 A------- 94,161 C:\Qoobox\Quarantine\[4]-Submit_2008-11-16@0.53.zip
2008-11-16 00:57:39 A------- 580 C:\Qoobox\Quarantine\Registry_backups\Service_1d1615c3.reg.dat
2008-11-16 01:21:14 A------- 393 C:\Qoobox\Quarantine\catchme.txt
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-17-2008, 07:35 AM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
  • Please visit this site:


    http://www.bleepingcomputer.com/subm....php?channel=4

  • In the Link to topic where this file was requested: area, copy and paste this



    http://www.techsupportforum.com/security-center/hijackthis-log-help/311396-computer-running-slow-glitchy.html#post1807803


  • In the Browse to the file you want to submit: area, copy and paste this



    C:\Qoobox\Quarantine\[4]-Submit_2008-11-16@0.53.zip


  • Then click Send File.
  • Once it shows:
    Quote:
    Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
  • Close the site and continue with the steps below.


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Runtime Environment 6

These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall previous version when you update, nor tell you that you should.

Leave Java(TM) 6 Update 7 alone, as it has the most recent security updates.

---------------------------------------------------------------------------------------------

Please perform this online scan to help look for remnants

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on Settings. Uncheck Mail databases.
  • Next, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------------------------------------------------------------------------------------

How is the machine behaving now?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-17-2008, 02:09 PM   #14 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
tetonbob - the machine seems to be running better. After I post this I am going to restart it and see how fast it comes up and stuff but the internet and everything seems to be doing better. I posted the log below from the website scan and did the other step(i guess you probably get that result directly). Anyway, so far so good. Please let me know if there are any other steps that I need to do or if there is anything in general that I can do to protect myself and help speed up my cpu(any processes that arn't necessary that I could get rid). Thank you so much for your help and I await any further instructions!!
Attached Files
File Type: txt Kaspersdy.txt (1.3 KB, 2 views)
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-17-2008, 02:28 PM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Open NOTEPAD.exe and copy/paste the text in the codebox below into it:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Owner.Jezebelle\Desktop\RSIT.exe"
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"
"C:\Program Files\MSN Messenger\msimg32.dll"
"C:\Program Files\MSN Messenger\riched20.dll"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-18-2008, 01:16 PM   #16 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
It says:

Deleted Successfully !!
Press any key to continue....

I pressed space bar and the window disappeared.
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-18-2008, 01:35 PM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
Good job, that's as it should be.

Have a look at this topic for help in speeding up the machine

http://www.techsupportforum.com/secu...ning-slow.html

Other than that, your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

    I see that you have Mozilla Firefox (2.0.0.17) installed. You may want to consider upgrading to Firefox 3, but some people are finding issue with their old addons not functioning under Firefox 3, and so are holding off. I made the transition with little trouble. Had to find a couple replacement addons.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-18-2008, 09:44 PM   #18 (permalink)
Registered User
 
Join Date: Nov 2008
Posts: 11
OS: XP


Re: Computer Running Slow and Glitchy
Thank you tetonbob - I really appreciate all of your time and knowledge in helping me with this problem!!! And I will be taking some of the recommended steps to help prevent anything like this happening in the future.
cadriemir is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-18-2008, 09:55 PM   #19 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,567
OS: 2000 Pro; XP Pro; XP Home


Re: Computer Running Slow and Glitchy
My pleasure, cadriemir.

Surf Safely, and Think Prevention!

Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:42 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84