Tech Support Forum banner
Cancel

PC Running Slow + Virtumonde

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
M

· Registered
Joined
·
1 Posts
Discussion Starter · #1 · (Edited)
I'm having this problem where my PC runs slow whenever I install Kaspersky which is the antivirus I have..
Click to expand...


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-22 18:36:20 0 d-------- C:\kav
2008-05-20 21:18:45 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-20 21:16:19 58880 --a------ C:\Windows\system32\wvUkICsT.dll
2008-05-06 15:00:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-29 16:08:09 0 d-------- C:\Program Files\Veoh Networks
2008-04-28 20:45:49 0 d-------- C:\Program Files\MegauploadToolbar
2008-04-25 14:19:08 506368 --a------ C:\Windows\system32\msxml.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-04-25 13:50:09 0 d--hs---- C:\Windows\TW9tbw
2008-04-25 13:50:01 0 d-------- C:\Windows\system32\sNT
2008-04-25 13:50:01 0 d-------- C:\Windows\system32\cin1
2008-04-25 13:49:57 0 d-------- C:\Windows\system32\pnVes03
2008-04-25 13:49:57 0 d-------- C:\Temp
2008-04-25 13:47:37 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-04-25 13:30:33 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-25 12:36:57 0 d-------- C:\Program Files\Panda Security
2008-04-25 12:12:22 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-05-15 00:27:52 0 d-------- C:\Program Files\Windows Mail
2008-05-06 15:00:46 0 d-------- C:\Program Files\Common Files
2008-04-29 16:09:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-28 20:46:25 0 d-------- C:\Users\Momo\AppData\Roaming\Megaupload
2008-04-28 20:45:49 0 d-------- C:\Users\Momo\AppData\Roaming\MegauploadToolbar
2008-04-24 21:59:33 0 d-------- C:\Users\Momo\AppData\Roaming\Media Player Classic
2008-04-24 19:53:35 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-04-24 17:55:22 0 d-------- C:\Users\Momo\AppData\Roaming\Apple Computer
2008-04-24 17:55:05 0 d-------- C:\Program Files\iTunes
2008-04-24 17:54:44 0 d-------- C:\Program Files\iPod
2008-04-24 17:52:12 0 d-------- C:\Program Files\Bonjour
2008-04-24 17:51:48 0 d-------- C:\Program Files\QuickTime
2008-04-24 17:48:40 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 17:46:44 0 d-------- C:\Program Files\Common Files\Apple
2008-04-24 16:12:52 0 d-------- C:\Users\Momo\AppData\Roaming\Adobe
2008-04-23 11:05:33 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-22 13:59:58 0 d-------- C:\Program Files\MSBuild
2008-04-22 13:55:01 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-22 11:52:06 174 --ahs---- C:\Program Files\desktop.ini
2008-04-22 01:08:23 0 d-------- C:\Program Files\Windows Calendar
2008-04-22 01:08:17 0 d-------- C:\Program Files\Windows Defender
2008-04-22 01:08:07 0 d-------- C:\Program Files\Windows Sidebar
2008-04-21 21:53:24 0 d-------- C:\Program Files\Windows Live
2008-04-21 21:53:08 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 20:14:11 0 d-------- C:\Program Files\InterVideo
2008-04-21 20:13:56 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-21 20:13:44 0 d-------- C:\Program Files\Windows Media Components
2008-04-21 20:10:54 0 d-------- C:\Program Files\Ulead Systems
2008-04-21 20:06:44 0 d-------- C:\Program Files\Camera Assistant Software for Toshiba
2008-04-21 19:53:10 0 d-------- C:\Users\Momo\AppData\Roaming\WinRAR
2008-04-21 19:44:36 0 d-------- C:\Program Files\Lavasoft
2008-04-21 19:43:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 19:01:44 0 d-------- C:\Program Files\Alwil Software
2008-04-21 18:46:51 0 d-------- C:\Users\Momo\AppData\Roaming\.BitTornado
2008-04-21 18:45:36 0 d-------- C:\Users\Momo\AppData\Roaming\Macromedia
2008-04-21 18:41:13 0 d-------- C:\Program Files\BitTornado
2008-04-21 18:37:03 0 --a------ C:\Windows\nsreg.dat
2008-04-21 18:37:01 0 d-------- C:\Users\Momo\AppData\Roaming\Mozilla
2008-04-21 18:14:32 0 d-------- C:\Users\Momo\AppData\Roaming\Intel
2008-04-21 17:33:23 0 d-------- C:\Users\Momo\AppData\Roaming\Identities
2008-04-21 17:32:35 0 d-------- C:\Program Files\OnlinePlay
2008-04-21 17:32:27 0 d-------- C:\Program Files\Toshiba Registration
2008-04-21 17:32:20 0 d-------- C:\Program Files\TOSHIBA
2008-04-21 17:32:04 0 d-------- C:\Program Files\Common Files\Toshiba Shared
2008-04-21 17:31:16 0 d-------- C:\Program Files\ltmoh
2008-04-21 17:26:35 56 --a------ C:\Windows\system32\IHV_Install.bat
2008-04-21 17:26:09 0 d-------- C:\Program Files\Intel
2008-04-21 17:24:03 0 d-------- C:\Program Files\Apoint2K


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2008 11:12 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [25/05/2007 01:03 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [25/05/2007 01:03 AM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [25/05/2007 01:03 AM]
"RtHDVCpl"="RtHDVCpl.exe" [10/05/2007 04:10 AM C:\Windows\RtHDVCpl.exe]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [06/11/2006 08:14 PM]
"HWSetup"="\HWSetup.exe" []
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [23/03/2006 12:42 AM]
"NDSTray.exe"="NDSTray.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [31/05/2007 12:18 AM]
"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [13/03/2007 04:49 AM]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [10/04/2007 07:40 PM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [29/03/2007 01:39 PM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [07/12/2006 07:49 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [22/03/2007 02:46 PM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [22/05/2007 07:32 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11/09/2006 02:21 AM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [09/01/2007 01:23 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/04/2008 10:53 PM]
"TOSCDSPD"="TOSCDSPD.EXE" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [18/04/2008 02:30 PM]
"@"="" []
"3620540e"="C:\Users\Momo\AppData\Local\Temp\atgotbnc.dll,b" []
"BM35136792"="C:\Users\Momo\AppData\Local\Temp\vcupaaal.dll,s" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-25 18:36:08 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:02 AM, on 24/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [3620540e] rundll32.exe "C:\Users\Momo\AppData\Local\Temp\atgotbnc.dll",b
O4 - HKCU\..\Run: [BM35136792] Rundll32.exe "C:\Users\Momo\AppData\Local\Temp\vcupaaal.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9283 bytes

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-24 17:48:14
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.fastclick.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.burstnet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\r62ho5ao.default\cookies.txt[.atwola.com/]
02983889 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Momo\AppData\Local\Temp\ysxbwskr.dll
02990087 Spyware/Virtumonde Spyware Yes 2 Yes No C:\USERS\MOMO\APPDATA\LOCAL\TEMP\VCUPAAAL.DLL
02990088 Spyware/Virtumonde Spyware Yes 2 Yes No C:\USERS\MOMO\APPDATA\LOCAL\TEMP\ATGOTBNC.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location �*[���_
3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description �*[���_
3
;===================================================================================================================================================================================
184379 MEDIUM MS08-001 �*[���_
3
182048 HIGH MS07-069 �*[���_
3
176382 HIGH MS07-057 �*[���_
3
170906 HIGH MS07-045 �*[���_
3
164913 HIGH MS07-033 �*[���_
3
160623 HIGH MS07-027 �*[���_
3
;===================================================================================================================================================================================
 
amateur

· TSF-Emeritus
Joined
·
15,457 Posts
#2 ·
Hello and welcome to TSF.:smile:

Sorry for the delayed response. The forum has been very busy. If you still need help, please post a fresh DSS main.txt as it has been a while since you posted.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
amateur
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top