Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
PC is unhappy
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > PC is unhappy  
Forum Quick Jump
 
New Topic Post reply to : PC is unhappy Printable version of : PC is unhappy
[ << Previous Thread | Next Thread >> ]

crixalis
New Member


Date Joined Sep 2008
Total Posts : 1
  		   Posted 9-28-2008 3:15 (GMT +1)    Quote: PC is unhappyAlert an admin about: PC is unhappy
Hi there, had some problems recently with spyware I think. Had some icons appearing on my desktop that I most definately didnt purposefully download to my knowledge, anything clicked on following a google search has been re-directed to an advert, and on the whole my internet has been sluggish.
 
PC has also been being slow not just on the internet. Programs have been taking forever to load, and its even started freezing completely when trying to do something complicated like playing a game.
 
Ran all of the programs suggested - Ccleaner, spybot s&d, superantispyware, combofix... and although perhaps still seeming a little slow, at least google is no longer re-directing to adverts. I guess time will tell whether my computer decides to freeze again too.
 
So wanted to check here whether theres anything iffy looking with the log files from these various programs:
 
HIJACKTHIS LOG:
 
Logfile of HijackThis v1.99.1
Scan saved at 03:00:22, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00A28A7B-A20A-85A8-76BA-050E90595C21} - C:\WINDOWS\system32\pnleabcb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: Refresh Bar - {6F2DB0CA-D4CA-455B-9F0B-DB135C875345} - C:\Program Files\Refresh Bar\IERefresh.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=078E6988&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=078E6988&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=078E6988&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=078E6988&id=menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=078E6988&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra 'Tools' menuitem: Refresh Bar - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://cam1.east-ayrshire.gov.uk/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2490F57B-EFB1-4DA8-B476-DE53901D9BA8}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2490F57B-EFB1-4DA8-B476-DE53901D9BA8}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccAronL - C:\WINDOWS\
O20 - Winlogon Notify: rqRhFxyy - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwly32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware  (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 
 
SUPERAntiSpyware LOG:
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/28/2008 at 02:51 AM
Application Version : 4.21.1004
Core Rules Database Version : 3581
Trace Rules Database Version: 1569
Scan type       : Complete Scan
Total Scan Time : 00:33:56
Memory items scanned      : 379
Memory threats detected   : 0
Registry items scanned    : 5604
Registry threats detected : 0
File items scanned        : 21552
File threats detected     : 13
Adware.Tracking Cookie
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indextools[3].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[3].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[2].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[1].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[3].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@indextools[2].txt
 C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
 C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[1].txt
 C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[2].txt
 C:\WINDOWS\system32\config\systemprofile\Cookies\system@bs.serving-sys[1].txt
Trojan.Unclassified/CmdUtil
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRCPUDOT.DLL
Rootkit.TDSServ/Fake
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{D8696F73-2D76-412A-A981-4300C43EF86F}\RP730\A0076387.SYS
Trojan.DropGen/SmallLoad
 C:\WINDOWS\SYSTEM32\ABTRTQCD.EXE
 
 
ComboFix LOG:
 
ComboFix 08-09-27.01 - Compaq_Owner 2008-09-28  1:47:51.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.101 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\WINDOWS\BM67cd902c.txt
C:\WINDOWS\BM67cd902c.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Installer\{72bcdda4-afe7-4c7a-8a87-eb60ec931fea}\SysSrv.dll
C:\WINDOWS\Installer\{dc5be75f-63d0-437a-ad72-b4801b83e329}\RomDrive.dll
C:\WINDOWS\Installer\{e530dd2d-ac18-4362-a8f8-95543077c0b8}\AlrtPrx.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\drivers\TDSSjcxe.sys
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\winwly32.dll
C:\WINDOWS\Sysvxd.exe
D:\Autorun.inf
.
(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-28  )))))))))))))))))))))))))))))))
.
2008-09-28 01:34 . 2008-09-28 01:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-28 01:34 . 2008-09-28 01:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-09-28 01:34 . 2008-09-28 01:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-28 01:03 . 2008-09-28 01:03 <DIR> d-------- C:\Program Files\CCleaner
2008-09-20 17:51 . 2008-09-21 12:26 77,824 --a------ C:\WINDOWS\system32\TDSSijnw.dll
2008-09-20 17:50 . 2008-09-21 12:26 36,352 --a------ C:\WINDOWS\system32\TDSSjjsm.dll
2008-09-20 17:07 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-20 17:07 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-20 17:04 . 2008-09-20 17:04 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\teamspeak2
2008-09-20 17:03 . 2008-09-20 17:03 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-20 17:02 . 2008-09-20 17:04 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-31 16:49 . 2008-09-18 11:42 <DIR> d-------- C:\Program Files\Garena
2008-08-31 16:46 . 2008-08-31 16:46 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 00:54 --------- d-----w C:\Program Files\BOINC
2008-09-28 00:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-27 20:38 --------- d-----w C:\Program Files\mIRC
2008-09-27 19:28 --------- d-----w C:\Program Files\Warcraft III
2008-09-20 16:51 16,384 ----a-w C:\WINDOWS\DCEBoot.exe
2008-09-11 05:02 --------- d-----w C:\Program Files\Bonjour
2008-09-10 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 12:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-10 08:33 --------- d-----w C:\Program Files\Championship Manager 01-02
2008-09-09 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 09:09 --------- d-----w C:\Program Files\fraps
2008-08-31 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 03:26 --------- d-----w C:\Program Files\Warkeys
2008-08-08 03:22 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-07-29 11:46 --------- d-----w C:\Program Files\Last.fm
2008-04-28 10:30 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\grcpudot.dll
2008-04-27 17:10 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\vijopkjs.dll
2008-04-26 11:37 383,156 --sha-w C:\WINDOWS\system32\aHiRAcfe.ini2
2008-04-25 02:45 292,988 --sha-w C:\WINDOWS\system32\AHQrCfhk.ini2
2008-04-23 19:06 7,706 --sha-w C:\WINDOWS\system32\DeKkQqss.ini2
2008-04-27 19:42 384,898 --sha-w C:\WINDOWS\system32\gNpoYJlm.ini2
2008-04-25 19:23 280,460 --sha-w C:\WINDOWS\system32\pppAbccf.ini2
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A28A7B-A20A-85A8-76BA-050E90595C21}]
2008-04-27 14:59 110592 --a------ C:\WINDOWS\system32\pnleabcb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-14 482760]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-08 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"GlTvhFZt6F"="C:\WINDOWS\system32\winver.exe" [2004-08-04 5632]
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-03-04 4150016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Belkin Wireless G Desktop Card Client Utility.lnk - C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2008-07-15 1556480]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Ad Muncher\\AdMunch.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade Demo\\DarkCrusade.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\Battlegrounds.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\battlegrounds_x1.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"C:\\Documents and Settings\\Compaq_Owner\\My Documents\\utorrent.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\mIRC Bot\\mIRC.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 303616]
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-09-22 515200]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{023A4CA7-DD6C-431C-8C2D-0BD8CC1A8746} - (no file)
BHO-{20ED36D7-44D8-4961-B940-3B86288EE20E} - C:\WINDOWS\system32\mlJYopNg.dll
BHO-{2D3977E5-530B-4252-9844-819563D2AF84} - (no file)
BHO-{4EEF58A7-57FB-4FA1-B479-A013B54DB542} - (no file)
BHO-{5065bb60-6abe-450e-843c-47df1a0d707f} - C:\WINDOWS\system32\lhnrlsvq.dll
BHO-{546CF6DD-FB1D-463B-B541-23FD3D924CCC} - (no file)
BHO-{595C64A7-5045-D31E-59FB-09CB3E16A2EC} - (no file)
BHO-{A0FF6A61-94C8-4D36-BC45-AE0112DAD938} - (no file)
BHO-{C8B370DE-BE5E-4874-A280-213CF96AB21A} - (no file)
BHO-{DF5E4860-D654-4154-90FB-D43EC00F2BE3} - (no file)
Toolbar-Reg - (no file)
HKLM-Run-PCDrProfiler - (no file)
Notify-fccAronL - fccAronL.dll
Notify-rqRhFxyy - rqRhFxyy.dll
Notify-winwly32 - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\yp5ip06o.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 01:56:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [1744] 0x840A0370
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\BOINC\boinc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
.
**************************************************************************
.
Completion time: 2008-09-28  2:09:27 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-28 01:09:17
Pre-Run: 148,416,569,344 bytes free
Post-Run: 148,342,546,432 bytes free
231 --- E O F --- 2008-09-10 02:01:20
 
 
 
Any help will be much appreciated :)

Post Edited (crixalis) : 28-09-2008 02:17:27 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14307
  		   Posted 9-28-2008 6:50 (GMT +1)    Quote: PC is unhappyAlert an admin about: PC is unhappy
Hello
 
 
Let´s make Your PC happy again smile
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply, along with fresh combofix log.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : PC is unhappy Printable version of : PC is unhappy
 
Forum Information
Currently it is Wednesday, January 07, 2009 10:54 AM (GMT +1)
There are a total of 65.902 posts in 16.171 threads.
In the last 3 days there were 22 new threads and 106 reply posts. View Active Threads
Who's Online
This forum has 27771 registered members. Please welcome our newest member, dfinc.
54 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Slow laptop, odd files and ~60 processes (3)07-01-2009 09:29:14 (Touch)
Slow computer;can't use restore (8)07-01-2009 09:27:32 (Touch)
Some nasty trojan (3)07-01-2009 09:25:26 (Touch)
Virtumundo Virus HELP! (9)07-01-2009 09:10:15 (Touch)
Virus help needed (5)07-01-2009 09:07:58 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard