Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Young guy/Old computer/MALWARE-ASCENTIVE PERFORMANCE CTR..

This is a discussion on Young guy/Old computer/MALWARE-ASCENTIVE PERFORMANCE CTR.. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hey first time posting, let me start by saying ive favorited this site so i can get back lol. but


Closed Thread
 
Thread Tools Search this Thread
Old 06-06-2010, 03:32 PM   #1
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



Hey first time posting, let me start by saying ive favorited this site so i can get back lol. but heres basically my issue, im just gonna start talkin hopefully it ends well lol.

anyway, running windows xp, pretty old computer, 256 ram or somethin like that its bad.

a few days ago the computer was running fine, until people decided they wanted to add internet protection, so 3 or 4 programs later ((they installed all of them))
they happened to install ascentive performance center

DO NOT INSTALL ASCENTIVE ANYTHING!!!!!!!!!!!!!!!!!!!!!!!!!!!
cant get rid of it. its not in add/remove programs... looked in the registry, was nothing under start up dont know if i already did that, dont think deleting the shortcuts from program files would do anything... but even if i can find one or two things in program files or the registry, i want to be sure its GONE.

if i can get it started i have faith in malwarebytes and ccleaner... clean up after myself not sure though.

ran across a forum and a posting wanted me to download a removal tool, but not sure i wanted to do that lol.

as a side note when i was cleaning the computer out i managed to make windows not start up normally, found out it shut down while something was going on and all the memory got saved up somewhere or something wierd... safe mode with networking, malwarebytes and ccleaner work wonders though LOL !

anyway hope i didnt ramble to much, could really use some sound advice lol. this site seems really really good for everybody lol. Ill be back periodically.
DDnottech is offline  
Sponsored Links
Advertisement
 
Old 06-06-2010, 09:52 PM   #2
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



just checking the forum before i go to sleep. nothing yoytm but hopes are high. like i said before could really use some sound advice so i dont do any damage lol
DDnottech is offline  
Old 06-07-2010, 12:00 AM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello DDnottech,

We need more to go on than a description.

We'll need a comprehensive set of logs to determine the presence of malware and how to remove it, if present. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 06-08-2010, 11:42 AM   #4
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



ok so heres an update, found some other stuff slowing the computer down, still stuck with ascentive on here....
DDnottech is offline  
Old 06-08-2010, 01:33 PM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Please just do as I asked. It will only take you 10 minutes and we can get this taken care of quickly.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-10-2010, 03:27 PM   #6
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



lol ok ill do that, it just looks a little complicated and above my pay grade
($$00.00)
lol. but ill do that and be posting
((also page file usage is rediculously high if im not in safe mode, probably need to defrag to))
DDnottech is offline  
Old 06-10-2010, 04:10 PM   #7
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



ok theres one scan, heres one more, the gmer scan didnt go so well, started going in circles... ill just keep my mouth shut and let you ask the questions though lol..

ok got the other one attached... so, ill be stopping by and thanks for this site being here this is amazing

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by sarah garcia at 14:32:06.79 on Thu 06/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.82 [GMT -7:00]

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SARAHG~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\sarah garcia\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319576
uWindow Title = Windows Internet Explorer provided by MySpace
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {A8906106-AC29-4150-81BF-492CF57E65F6} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [cdloader] "c:\documents and settings\sarah garcia\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,[email protected]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-system: Wallpaper =
IE: &AOL Toolbar search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\sarah garcia\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {aed6f6a3-183c-488d-9f90-23db99f56e7f} - No File

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-06-08 18:53:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-08 17:13:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 03:54:37 0 ----a-w- c:\windows\win.ini
2010-06-06 02:42:07 0 d-----w- c:\windows\pss
2010-06-06 01:31:56 0 d-----w- c:\docume~1\sarahg~1\applic~1\Malwarebytes
2010-06-06 01:31:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 01:31:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 01:31:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 01:31:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-05 23:57:27 0 d-----w- c:\program files\CCleaner
2010-06-05 21:54:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-02 10:53:26 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-02 10:53:25 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-06-01 20:31:43 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-06-01 20:29:21 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-01 20:27:46 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-01 17:56:56 0 d-----w- c:\windows\system32\scripting
2010-06-01 17:56:51 0 d-----w- c:\windows\l2schemas
2010-06-01 17:56:48 0 d-----w- c:\windows\system32\en
2010-06-01 17:56:45 0 d-----w- c:\windows\system32\bits
2010-06-01 17:41:13 0 d-----w- c:\windows\network diagnostic
2010-06-01 17:28:09 0 d-----w- c:\windows\EHome
2010-05-24 04:18:20 0 d-----w- c:\program files\iPod
2010-05-24 04:17:39 0 d-----w- c:\program files\iTunes
2010-05-24 04:17:39 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-24 03:13:49 0 d-----w- c:\program files\Bonjour
2010-05-20 21:07:11 0 d-----w- c:\docume~1\alluse~1\applic~1\CA

==================== Find3M ====================

2010-05-23 21:59:49 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-06-12 03:32:08 1992 --sha-w- c:\windows\system32\beegQqru.ini2
2006-03-30 02:13:39 307119 --sha-w- c:\windows\system32\ihhkj.bak1
2006-04-03 16:33:54 287729 --sha-w- c:\windows\system32\ihhkj.bak2

============= FINISH: 14:32:48.92 ===============
Attached Files
File Type: zip Attach.zip (4.0 KB, 25 views)
DDnottech is offline  
Old 06-10-2010, 10:28 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

Note - if you must run ComboFix from Safe Mode, please boot into Safe Mode with Networking. ComboFix will need to access the internet briefly.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-16-2010, 01:41 PM   #9
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



ComboFix 10-06-15.04 - sarah garcia 06/16/2010 12:15:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.128 [GMT -7:00]
Running from: c:\documents and settings\sarah garcia\Desktop\ComboFix.exe
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sarah garcia\Application Data\Install.dat
c:\documents and settings\sarah garcia\hybridizer.dll
c:\program files\Fast Browser Search
c:\program files\SGPSA
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\avhoraro.ini
c:\windows\system32\beegQqru.ini
c:\windows\system32\beegQqru.ini2
c:\windows\system32\ckyrtadn.ini
c:\windows\system32\eraqmoqt.ini
c:\windows\system32\fvivflob.ini
c:\windows\system32\hjcwodiu.ini
c:\windows\system32\ihhkj.bak1
c:\windows\system32\ihhkj.bak2
c:\windows\system32\ihhkj.ini
c:\windows\system32\jcqoqack.ini
c:\windows\system32\ofsrymys.ini
c:\windows\system32\oveprxxe.ini
c:\windows\system32\pnoqjplq.ini
c:\windows\system32\qkxllyjo.ini
c:\windows\system32\raoconom.ini

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-13 04:45 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 00:40 . 2010-06-09 00:40 503808 ----a-w- c:\documents and settings\sarah garcia\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4af1550d-n\msvcp71.dll
2010-06-09 00:40 . 2010-06-09 00:40 499712 ----a-w- c:\documents and settings\sarah garcia\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4af1550d-n\jmc.dll
2010-06-09 00:40 . 2010-06-09 00:40 348160 ----a-w- c:\documents and settings\sarah garcia\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4af1550d-n\msvcr71.dll
2010-06-08 18:53 . 2010-06-10 21:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-08 17:13 . 2010-06-08 19:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-06 01:31 . 2010-06-06 01:31 -------- d-----w- c:\documents and settings\sarah garcia\Application Data\Malwarebytes
2010-06-06 01:31 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 01:31 . 2010-06-06 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 01:31 . 2010-06-06 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 01:31 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-05 23:57 . 2010-06-05 23:57 -------- d-----w- c:\documents and settings\sarah garcia\Application Data\Yahoo!
2010-06-05 23:57 . 2010-06-05 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-05 23:57 . 2010-06-05 23:57 -------- d-----w- c:\program files\CCleaner
2010-06-05 21:54 . 2010-06-10 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-02 10:53 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-02 10:53 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-06-01 20:31 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-06-01 20:29 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-01 20:27 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-01 17:56 . 2010-06-01 17:56 -------- d-----w- c:\windows\system32\scripting
2010-06-01 17:56 . 2010-06-01 17:56 -------- d-----w- c:\windows\l2schemas
2010-06-01 17:56 . 2010-06-01 17:56 -------- d-----w- c:\windows\system32\en
2010-06-01 17:56 . 2010-06-01 17:56 -------- d-----w- c:\windows\system32\bits
2010-06-01 17:28 . 2010-06-01 17:28 -------- d-----w- c:\windows\EHome
2010-05-24 04:18 . 2010-05-24 04:18 -------- d-----w- c:\program files\iPod
2010-05-24 04:17 . 2010-05-24 04:20 -------- d-----w- c:\program files\iTunes
2010-05-24 04:17 . 2010-05-24 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-24 03:13 . 2010-05-24 03:13 -------- d-----w- c:\program files\Bonjour
2010-05-24 02:52 . 2010-05-24 02:52 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-24 02:30 . 2010-05-24 02:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-22 05:15 . 2010-05-22 05:15 143976 ----a-w- c:\documents and settings\sarah garcia\Application Data\Move Networks\uninstall.exe
2010-05-22 05:14 . 2010-05-22 05:14 1794456 ----a-w- c:\documents and settings\sarah garcia\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-05-20 21:07 . 2010-06-08 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-08 18:35 . 2006-06-08 22:11 -------- d-----w- c:\program files\LimeWire
2010-06-08 17:19 . 2009-09-01 14:47 -------- d-----w- c:\documents and settings\sarah garcia\Application Data\FrostWire
2010-06-06 18:50 . 2010-03-12 13:15 -------- d-----w- c:\program files\Viva Media
2010-06-06 03:02 . 2006-02-27 13:37 -------- d-----w- c:\program files\Google
2010-06-06 02:43 . 2009-06-22 03:46 -------- d-----w- c:\program files\eGames
2010-06-06 01:14 . 2006-03-09 01:45 36016 -c--a-w- c:\documents and settings\sarah garcia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 00:09 . 2006-03-10 17:42 -------- d-----w- c:\program files\Dl_cats
2010-06-05 23:57 . 2006-11-09 07:29 -------- d-----w- c:\program files\Yahoo!
2010-06-05 23:06 . 2009-11-09 20:02 -------- d-----w- c:\program files\Easy SystemCleaner
2010-06-01 18:07 . 2004-08-10 19:03 77915 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-24 04:18 . 2007-07-12 06:53 -------- d-----w- c:\program files\Common Files\Apple
2010-05-24 03:32 . 2007-07-12 06:54 -------- d-----w- c:\program files\QuickTime
2010-05-24 02:50 . 2008-09-07 00:29 -------- d-----w- c:\program files\Safari
2010-05-23 21:59 . 2006-03-09 01:44 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-23 21:59 . 2006-03-09 01:44 56 -csh--r- c:\windows\system32\FBEB2B8FD9.sys
2010-05-22 06:03 . 2008-03-01 00:50 -------- d-----w- c:\documents and settings\sarah garcia\Application Data\Move Networks
2010-05-22 05:15 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\sarah garcia\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-05-07 22:00 . 2006-12-15 23:42 -------- d-----w- c:\program files\Maxis
2010-05-07 21:51 . 2006-02-27 13:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-07 20:45 . 2009-05-27 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-07 18:38 . 2010-05-07 18:38 2177056 ----a-w- c:\documents and settings\sarah garcia\Application Data\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.72.0.exe
2010-05-06 10:41 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 18:51 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 19:10 . 2010-03-12 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-20 05:30 . 2004-08-10 18:50 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-24 22:17 . 2010-03-24 22:17 0 ----a-w- c:\windows\PowerReg.dat
2007-08-10 17:18 . 2007-08-10 17:18 135680 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"cdloader"="c:\documents and settings\sarah garcia\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\sarah garcia\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-16 c:\windows\Tasks\User_Feed_Synchronization-{F6A0FA12-E418-4DC3-A7C7-41E2BDF7D00F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319576
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\sarah garcia\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
BHO-{A8906106-AC29-4150-81BF-492CF57E65F6} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-jkhhi - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-06-16 12:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-16 12:36:46
ComboFix-quarantined-files.txt 2010-06-16 19:36

Pre-Run: 21,508,145,152 bytes free
Post-Run: 21,739,622,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 45D44FCD968ACD58CF17F576B5284B6B

ok so thats the log, sorry it took me soooo long to get back here, lets just say ive had alot going on in the real world lol. but i will be back and im endlessly gratefull to you Ried, and the entire team and this site in general.... seriously. lol. anyway, ill be back, back to real world stuff. i still cant believe this site even exists, i mean what your doing for people its incredible.
DDnottech is offline  
Old 06-16-2010, 01:51 PM   #10
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



as a side note and something ive been wondering since ive been here and something that i should have considered more ((sort of with the ammount of knowledge i have)) is.....
] Is any of this information in these logs dangerous in the wrong hands? could someone come to these public forums and uhm... ruin my day? lol

] i know you guys know what your doing but still, its on my mind and gotta ask lol.
DDnottech is offline  
Old 06-16-2010, 07:58 PM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No, there is nothing posted here that can give someone access to your system. :)

How is the system behaving now? What issues remain?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-17-2010, 11:33 AM   #12
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



cool cool. man if i had money id donate a nice chunk to you guys, what it would cost to have someone come out to fix it or do it from somewhere else is rediculous, ascentive and, uggg, some people are worse than parasites... lol.
but at this point im looking for problems, ill see what happens when it restarts, if i was looking for anything i pull up task manager, dont know what im looking at to much.

but when you move task manager around the screen the cpu usage jumps, pretty sure that always happened, everythings opening better, the page file usage isnt through the roof and the cpu usage does stay alot lower, soo as far as i know things are great!! :)

BUT. one more question even though this probably isnt the place for it, what should i keep on the computer to stay healthy?
malwarebytes is bueno
ccleaner ???
and i like spybot S&D but before i got here it wouldnt run, not sure if windows, another program, or ascentive was keeping it from opening after loading, but would like it. ((low ram, cant have giant background processes running, norton, or some other crud.... but pretty much im a VERY VERY VERY happy camper
DDnottech is offline  
Old 06-17-2010, 11:57 AM   #13
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



man the computer is running great, there is more cleaning and things i would like to get it nice and prime, clean and manageable, i know you guys arent here to keep fixing things and this and that, i read it somewhere, but if u want me to close this thread and post another one for my other questions, or if this is the end of the road, just let me know :)

((mainly the cleaning is desktop items, few things, dont want them there but i want to delete them not shortcuts, guess it depends on where it was actually saved, but like the scans i downloaded, the gmer and other stuff, i really see no good coming out of keeping it on there, like some of them said, idk false positives, well, its kinda like telling your dog to defuse a bomb, cut the red wire not the blue wire fido. lol. that was dumb but hope u get what i mean lol.
DDnottech is offline  
Old 06-17-2010, 12:23 PM   #14
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



XXXXXXXXXXXXXXXXXXXXXXXXXX
ascentive is still in my start menu, and what was there before since i deleted what i could from ascentive is still in mycomputer program files,

apclangXXX.dll
GUID 1kb file
APCMain <----- i have hate for ascentive to my core
and a wave <--name sound file
DDnottech is offline  
Old 06-17-2010, 12:25 PM   #15
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



dang i leave alot of crud to read....
DDnottech is offline  
Old 06-17-2010, 03:48 PM   #16
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



seems to slow down very slightly after continued use...
DDnottech is offline  
Old 06-17-2010, 10:05 PM   #17
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
Originally Posted by DDnottech View Post
XXXXXXXXXXXXXXXXXXXXXXXXXX
ascentive is still in my start menu, and what was there before since i deleted what i could from ascentive is still in mycomputer program files,

apclangXXX.dll
GUID 1kb file
APCMain <----- i have hate for ascentive to my core
and a wave <--name sound file
What are the locations of those files, and are you planning on deleting them or what?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-17-2010, 10:49 PM   #18
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



theyre in [My computer][Program files][ascentive] and ascentive never showed up in add remove programs so i was kinda iffy about deleting them there because im not sure if there just shortcuts.
DDnottech is offline  
Old 06-17-2010, 11:43 PM   #19
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Go ahead and delete them.

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-13-2010, 06:19 PM   #20
Registered Member
 
Join Date: Jun 2010
Posts: 20
OS: XP, service pack 2?



hey sorry ive been gone for so long, i will run that scan tomorrow, lol. but really you guys are amazing. computers running great, only problem is it still slows down if it stays on so long, my best guess is pagefile usage goes up and up and up until all the ram us used up, the little bit this computer has but what do i know that probably sounds like chinese to a computer person. hopefully ill post tomorrow with the scan results.
DDnottech is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:27 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts