Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Slow and extreme lag issues

This is a discussion on Slow and extreme lag issues within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello, i'm not sure what my trouble is, all I know is Kasp found 5 'very dangerous' files and AVG


Closed Thread
 
Thread Tools Search this Thread
Old 02-05-2009, 05:35 PM   #1
Guest
 
Join Date: Feb 2009
Posts: 12
OS:



Hello, i'm not sure what my trouble is, all I know is Kasp found 5 'very dangerous' files and AVG found 4 'Tracking cookie' files, DDS and GMER will not work on my System, I'm using Vista (Sigh), I would really appreciate some help.

Edit: I've tried everything in the 'slow running comp' thread to, helped somewhat, but I think I still may have a virus.
Ehanoro is offline  
Sponsored Links
Advertisement
 
Old 02-08-2009, 12:10 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

See if RSIT will run:
  • Download RSIT by random/random and Save it to your Desktop.
  • Double-click RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Please copy/paste the contents of log.txt in your next reply.
  • Please attach info.txt to your reply.
To attach a file to a reply, simply
  • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  • Copy and Paste the following into the Upload File from your Computer box:
    C:\rsit\info.txt
  • Click Upload
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-09-2009, 01:07 PM   #3
Guest
 
Join Date: Feb 2009
Posts: 12
OS:



Thank you for your response, here are the logs


Logfile of random's system information tool 1.05 (written by random/random)
Run by Smith at 2009-02-09 14:54:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 206 GB (71%) free of 290 GB
Total RAM: 3966 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:17 PM, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\IOI\ButtonMonitor.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Ventrilo\Ventrilo.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\IOI\saveflash.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Smith\Downloads\RSIT.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\trend micro\Smith.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.h...s=DTP&M=GT5676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.gateway.com/g/startpage.h...s=DTP&M=GT5676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gateway.com/g/startpage.h...s=DTP&M=GT5676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.gateway.com/g/sidepanel.h...s=DTP&M=GT5676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files (x86)\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] "C:\Program Files (x86)\Napster\napster.exe" /systray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 7068 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2009-02-04 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-01-21 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL [2009-02-04 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-01-21 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL [2009-02-04 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ButtonMonitor"=C:\Program Files (x86)\IOI\ButtonMonitor.exe [2007-05-11 53248]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-01-21 136600]
"NapsterShell"=C:\Program Files (x86)\Napster\napster.exe /systray []
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2009-02-04 1601304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2008-01-18 40072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4c92dfb-eeb0-11dc-b48a-806e6f6e6963}]
shell\AutoRun\command - J:\Installer.exe


======List of files/folders created in the last 3 months======

2009-02-09 14:54:03 ----D---- C:\Program Files (x86)\trend micro
2009-02-09 14:54:02 ----D---- C:\rsit
2009-02-05 16:14:11 ----SHD---- C:\Config.Msi
2009-02-05 15:33:00 ----A---- C:\Windows\gmer_uninstall.cmd
2009-02-05 15:33:00 ----A---- C:\Windows\gmer.ini
2009-02-05 15:33:00 ----A---- C:\Windows\gmer.exe
2009-02-05 15:33:00 ----A---- C:\Windows\gmer.dll
2009-02-04 23:10:51 ----HD---- C:\$AVG8.VAULT$
2009-02-04 22:50:05 ----D---- C:\ProgramData\avg8
2009-02-04 22:46:55 ----D---- C:\ProgramData\TEMP
2009-02-04 22:46:51 ----D---- C:\Program Files (x86)\SpywareBlaster
2009-02-04 21:45:40 ----A---- C:\Windows\system32\mshtml.dll
2009-02-04 21:34:12 ----A---- C:\Windows\system32\tzres.dll
2009-02-04 20:57:20 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-04 20:48:20 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-04 16:58:23 ----A---- C:\Windows\system32\EncDec.dll
2009-02-04 16:58:21 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-04 16:57:01 ----A---- C:\Windows\system32\connect.dll
2009-02-04 16:56:51 ----A---- C:\Windows\system32\msxml3.dll
2009-02-04 16:56:35 ----A---- C:\Windows\system32\win32spl.dll
2009-02-04 16:56:27 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-02-04 16:56:26 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-02-04 16:55:51 ----A---- C:\Windows\system32\gdi32.dll
2009-02-04 16:55:44 ----A---- C:\Windows\system32\msxml6.dll
2009-02-04 16:55:24 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-02-04 16:55:15 ----A---- C:\Windows\system32\explorer.exe
2009-02-04 16:55:15 ----A---- C:\Windows\explorer.exe
2009-02-04 16:55:09 ----A---- C:\Windows\system32\mf.dll
2009-02-04 16:55:07 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-02-04 16:55:07 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-02-04 16:55:07 ----A---- C:\Windows\system32\logagent.exe
2009-02-04 16:54:02 ----A---- C:\Windows\system32\shell32.dll
2009-02-04 16:53:47 ----A---- C:\Windows\system32\Faultrep.dll
2009-02-04 16:53:39 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-02-04 16:53:39 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-02-04 16:53:39 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-02-04 16:53:30 ----A---- C:\Windows\system32\urlmon.dll
2009-02-04 16:53:30 ----A---- C:\Windows\system32\ieframe.dll
2009-02-04 16:53:29 ----A---- C:\Windows\system32\wininet.dll
2009-02-04 16:53:28 ----A---- C:\Windows\system32\mstime.dll
2009-02-04 16:53:27 ----A---- C:\Windows\system32\iertutil.dll
2009-02-04 16:53:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-04 16:40:04 ----A---- C:\Windows\system32\wups.dll
2009-02-04 16:40:04 ----A---- C:\Windows\system32\wudriver.dll
2009-02-04 16:40:04 ----A---- C:\Windows\system32\wuapi.dll
2009-02-04 16:39:51 ----A---- C:\Windows\system32\wuwebv.dll
2009-02-04 16:39:51 ----A---- C:\Windows\system32\wuapp.exe
2009-01-28 18:03:31 ----D---- C:\Program Files (x86)\AVG
2009-01-23 14:18:38 ----D---- C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-21 15:45:25 ----A---- C:\Windows\system32\javaws.exe
2009-01-21 15:45:25 ----A---- C:\Windows\system32\javaw.exe
2009-01-21 15:45:25 ----A---- C:\Windows\system32\java.exe
2009-01-21 15:45:25 ----A---- C:\Windows\system32\deploytk.dll
2009-01-13 16:16:47 ----D---- C:\Program Files (x86)\Conduit

======List of files/folders modified in the last 3 months======

2009-02-09 14:54:17 ----D---- C:\Windows\Prefetch
2009-02-09 14:54:10 ----D---- C:\Windows\Temp
2009-02-09 14:54:03 ----D---- C:\Program Files (x86)
2009-02-09 14:45:34 ----HD---- C:\Windows\inf
2009-02-09 14:45:34 ----D---- C:\Windows\System32
2009-02-09 13:36:16 ----D---- C:\Windows\tracing
2009-02-09 12:52:36 ----SHD---- C:\System Volume Information
2009-02-07 13:27:33 ----D---- C:\Windows\system32\Macromed
2009-02-06 16:12:13 ----SD---- C:\Windows\Downloaded Program Files
2009-02-06 09:52:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-02-05 16:28:15 ----SD---- C:\Users\Smith\AppData\Roaming\Microsoft
2009-02-05 16:18:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-02-05 16:18:32 ----D---- C:\Program Files (x86)\CyberLink
2009-02-05 16:17:47 ----SHD---- C:\Windows\Installer
2009-02-05 16:17:39 ----D---- C:\Program Files (x86)\Microsoft Works
2009-02-05 16:17:39 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-02-05 16:14:47 ----RSD---- C:\Windows\assembly
2009-02-05 16:14:47 ----D---- C:\ProgramData\Microsoft Help
2009-02-05 16:14:44 ----D---- C:\Windows\SysWOW64
2009-02-05 16:14:44 ----D---- C:\Windows
2009-02-05 16:14:44 ----D---- C:\Program Files (x86)\Microsoft Office
2009-02-05 16:14:43 ----D---- C:\Program Files (x86)\Common Files
2009-02-05 16:14:37 ----RSD---- C:\Windows\Fonts
2009-02-05 16:13:23 ----D---- C:\Windows\ShellNew
2009-02-05 16:13:10 ----RD---- C:\Program Files
2009-02-05 16:10:29 ----D---- C:\ProgramData\WildTangent
2009-02-05 15:33:00 ----D---- C:\Windows\system32\drivers
2009-02-05 02:29:45 ----D---- C:\Windows\Microsoft.NET
2009-02-04 22:59:40 ----D---- C:\Windows\rescache
2009-02-04 22:51:29 ----D---- C:\Windows\winsxs
2009-02-04 22:50:05 ----HD---- C:\ProgramData
2009-02-04 22:37:47 ----D---- C:\Windows\AppPatch
2009-02-04 22:37:46 ----D---- C:\Windows\system32\en-US
2009-02-04 22:37:46 ----D---- C:\Windows\ehome
2009-02-04 22:37:46 ----D---- C:\Program Files (x86)\Windows Mail
2009-01-23 14:19:46 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2009-01-23 14:18:34 ----D---- C:\ProgramData\Symantec
2009-01-23 14:11:52 ----D---- C:\ProgramData\Napster
2009-01-21 15:45:08 ----D---- C:\Program Files (x86)\Java
2008-12-25 06:04:22 ----D---- C:\Documents
2008-12-16 11:29:32 ----D---- C:\Windows\Tasks
2008-12-16 11:29:32 ----D---- C:\Windows\SMINST
2008-12-16 11:29:32 ----D---- C:\Users\Smith\AppData\Roaming\Ventrilo
2008-12-16 11:29:31 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 AvgTdiA;AVG Free8 Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-02-04 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 LiveUpdate;LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------
Attached Files
File Type: txt info.txt (14.2 KB, 26 views)
Ehanoro is offline  
Sponsored Links
Advertisement
 
Old 02-09-2009, 03:03 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello, Ehanoro. I see no signs of malware on your machine.

Can you post the dangerous files found by Kaspersky?

Unfortunately, I would not be able to help you much as our tools don't work on 64 bit machines.

Best advice I can give you is to scan the machine with a 64 bit compatible antivirus program in Safe Mode.

If you still have slowness issues, you can seek expert advice in our Windows Vista Support Forum

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:04 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts