WiredWX Hobby Weather ToolsLog in

 


sluggish,what would be safe to remove?javascript:emoticonp(':think:')

3 posters

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') Emptysluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:47:51 PM, on 4/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
Hi,
You didn't gave me whole HijackThis Log. Try post it again in your next reply.

Regards

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
I tried to copy and past the other half and it just won't work. It only sent one line!?

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
carl thompsonLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:37 AM, on 4/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
bump

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
I couldn't give you fix, because you didn't post whole log file. When Notepad opens, please go to Format > Uncheck Word Wrap and than Select all any Copy here.

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:14:33 PM, on 5/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\carl.NETVISTA1\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
word wrap is uncheckedLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:14:33 PM, on 5/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\carl.NETVISTA1\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
ComboFix 11-05-06.05 - carl 05/07/2011 8:44.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1013 [GMT -4:00]
Running from: c:\documents and settings\carl.NETVISTA1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-04-29 20:48 . 2011-04-29 20:49 -------- dc----w- c:\program files\Microsoft SQL Server
2011-04-29 16:44 . 2011-04-29 16:44 -------- d-----w- c:\documents and settings\john\Application Data\vlc
2011-04-28 12:39 . 2011-04-28 12:39 -------- d-----w- c:\documents and settings\carl.NETVISTA1\Application Data\E-centives
2011-04-26 16:30 . 2011-04-26 16:30 -------- d-----w- c:\documents and settings\carl.NETVISTA1\Local Settings\Application Data\PCHealth
2011-04-26 16:12 . 2011-04-26 16:12 -------- dc----w- C:\Intel
2011-04-26 13:41 . 2011-04-26 13:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-26 13:14 . 2011-04-26 13:25 -------- dc----w- c:\program files\Intel
2011-04-26 00:26 . 2011-04-26 00:26 -------- dc----w- C:\DVRA04
2011-04-26 00:04 . 2011-04-26 00:04 -------- dc----w- C:\SYSCHK
2011-04-25 23:56 . 2000-02-23 11:24 3888 ----a-w- c:\windows\system32\drivers\DMICall.sys
2011-04-25 23:56 . 2011-04-25 23:56 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-04-23 15:01 . 2011-04-23 15:01 -------- d-----w- c:\documents and settings\Administrator
2011-04-21 23:51 . 2011-04-21 23:51 -------- dc----w- c:\program files\SearchPredict
2011-04-21 23:51 . 2011-04-21 23:52 -------- dc----w- c:\program files\SpeedBit Video Downloader
2011-04-21 15:55 . 2011-04-21 15:55 -------- d-----w- c:\windows\LastGood(4)
2011-04-21 15:55 . 2011-04-21 15:55 -------- d-----w- c:\windows\LastGood(3)
2011-04-21 15:51 . 2011-04-21 15:51 -------- d-----w- c:\windows\LastGood(2)
2011-04-21 14:37 . 2011-04-21 23:51 -------- d-----w- c:\documents and settings\carl.NETVISTA1\Application Data\Toolbar4
2011-04-21 14:37 . 2011-04-21 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2011-04-21 14:37 . 1998-12-05 17:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-04-20 02:01 . 2011-02-23 20:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-04-20 02:01 . 2011-02-23 21:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-04-19 01:45 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-04-19 01:44 . 2011-04-19 01:44 -------- dc----w- c:\program files\Microsoft Sync Framework
2011-04-18 22:50 . 2011-04-30 23:23 142296 -c--a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-18 22:50 . 2011-04-30 23:23 781272 -c--a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-18 22:50 . 2011-04-30 23:23 1874904 -c--a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-04-18 22:50 . 2011-04-30 23:23 89048 -c--a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-04-18 22:50 . 2011-04-30 23:23 465880 -c--a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-18 22:50 . 2011-04-30 23:23 15832 -c--a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-18 22:50 . 2011-04-30 23:23 1892184 -c--a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-18 22:50 . 2011-04-30 23:23 1974616 -c--a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-18 22:12 . 2011-04-18 22:37 -------- dc----w- c:\program files\Mozilla Firefox 4.0 Beta 12
2011-04-16 19:56 . 2011-04-16 19:56 -------- d-----w- c:\documents and settings\carl.NETVISTA1\Application Data\DDMSettings
2011-04-16 19:47 . 2011-04-16 19:54 -------- dc----w- c:\program files\DivX
2011-04-16 19:40 . 2011-04-17 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-04-15 22:07 . 2011-04-15 22:13 -------- d-----w- c:\documents and settings\carl.NETVISTA1\.VirtualBox
2011-04-15 22:04 . 2011-02-17 22:06 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-04-15 22:04 . 2011-02-17 22:06 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-04-14 23:47 . 2011-04-14 23:47 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-14 15:32 . 2011-04-14 15:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DivX
2011-04-13 22:40 . 2011-04-13 22:40 4284416 -c--a-w- c:\windows\system32\GPhotos.scr
2011-04-13 21:42 . 2011-04-13 21:42 -------- d-----w- c:\documents and settings\carl.NETVISTA1\Application Data\AnvSoft
2011-04-13 21:42 . 2011-04-15 00:55 -------- dc----w- c:\program files\AnvSoft
2011-04-12 02:19 . 2011-04-12 02:19 -------- dc----w- c:\program files\Belarc
2011-04-12 02:19 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-12 01:38 . 2011-04-12 01:38 -------- dc----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-11 05:51 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-11 05:51 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-11 05:51 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-11 05:51 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-11 05:51 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-11 05:51 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-04-11 05:51 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-04-11 05:51 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-04-11 05:49 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-04-11 05:49 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-11 05:49 . 2011-04-11 05:49 -------- dc----w- c:\program files\AVAST Software
2011-04-11 05:49 . 2011-04-11 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-09 22:32 . 2011-04-09 22:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-09 20:53 . 2011-04-09 20:53 -------- dc----w- C:\VritualRoot
2011-04-09 20:47 . 2011-04-09 21:13 -------- dc----w- c:\program files\COMODO
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 01:45 . 2010-06-05 18:13 388096 ----a-r- c:\documents and settings\carl.NETVISTA1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-26 13:40 . 2010-04-24 23:34 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-04-23 18:44 . 2010-07-31 15:21 25992 -c--a-w- c:\windows\system32\pgdfgsvc.exe
2011-04-14 23:45 . 2009-06-13 14:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-14 23:45 . 2009-06-13 14:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-13 22:02 . 2011-03-13 22:03 737280 ----a-w- c:\windows\iun6002.exe
2011-03-08 21:05 . 2011-03-08 21:05 32132 ----a-w- c:\windows\system32\tcpipbak.reg
2011-03-07 05:33 . 2008-10-27 18:18 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 09:42 420864 ------w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-04-14 05:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-27 18:33 . 2009-12-28 15:28 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-22 23:06 . 2008-10-16 18:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2008-10-16 18:01 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2008-10-16 18:01 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2008-10-16 18:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 22:06 . 2011-02-17 22:06 111152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-02-17 13:18 . 2008-04-14 04:47 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-14 04:45 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 21:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2008-04-14 09:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 09:42 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 09:41 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 09:41 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-04-03 12:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-30 23:23 . 2011-04-18 22:50 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-14 273544]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\carl.NETVISTA1\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
"NoWinKeys"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mwfvbvmr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/11/2011 1:51 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/11/2011 1:51 AM 307288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/11/2011 1:51 AM 19544]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 cpuz130;cpuz130; [x]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [5/28/2010 10:30 AM 15271]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 -c----w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-05-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-18 23:19]
.
2011-05-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
.
2011-05-02 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.
2011-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-299502267-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-299502267-1606980848-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-842925246-299502267-1606980848-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-299502267-1606980848-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-299502267-1606980848-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-842925246-299502267-1606980848-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\carl.NETVISTA1\Application Data\Mozilla\Firefox\Profiles\w24cfcly.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-UpdateMyDrivers - e:\smarttweak software\UpdateMyDrivers\UpdateMyDrivers.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 08:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,22,d5,ad,1c,69,1a,4d,a9,37,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,22,d5,ad,1c,69,1a,4d,a9,37,cb,\
.
[HKEY_USERS\S-1-5-21-842925246-299502267-1606980848-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10j_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-07 09:05:59
ComboFix-quarantined-files.txt 2011-05-07 13:05
.
Pre-Run: 3,062,325,248 bytes free
Post-Run: 3,179,302,912 bytes free
.
Current=1 Default=1 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 7E4C5F8E9AE8414F4B44437C00B8FD24

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
how about this?

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:55 PM, on 5/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\carl.NETVISTA1\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc500.mail.yahoo.com/mc/welcome?.gx=1&.tm=1277855676&.rand=av6e9uno1nir8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
ormance and video formats for your HTML5

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
I tried to send in two parts and this is what happens???

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
You have an active thread here
This is not a good idea since this is a situation in which you have 2 helpers involved in the posting process and can cause problems with your computer getting fixed.

descriptionsluggish,what would be safe to remove?javascript:emoticonp(':think:') EmptyRe: sluggish,what would be safe to remove?javascript:emoticonp(':think:')

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum