We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
laptop running slow
mark-turner
Posts: 23 Forumite
in Techie Stuff
Hi
My laptop is running very slowly over the last week or so, taking ages to load web pages, I would begrateful for any advice anyone could offer.
My laptop is running very slowly over the last week or so, taking ages to load web pages, I would begrateful for any advice anyone could offer.
0
Comments
-
Download MALWAREBYTES (Make sure you click 'DOWNLOAD NOW')
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
UPDATE and FULL SCAN
Post the log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
thanks will do it now0
-
Malwarebytes' Anti-Malware 1.36
Database version: 2036
Windows 5.1.2600 Service Pack 3
24/04/2009 19:29:26
mbam-log-2009-04-24 (19-29-26).txt
Scan type: Full Scan (C:\|)
Objects scanned: 141450
Time elapsed: 1 hour(s), 32 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Mark?
Thats spooky as hell
I posted at 8:08
Your log is ~
24/04/2009 19:29:26
mbam-log-2009-04-24 (19-29-26).txt
Scan type: Full Scan (C:\|)
Objects scanned: 141450
Time elapsed: 1 hour(s), 32 minute(s), 36 second(s)
Either youd already run a scan. Or youve jumped through time
:idea:0 -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:51, on 24/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1223586317\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google link removed
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1223586317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 4466 bytes
I followed instructions given to other posters , but didnt want to appear impolite when starting the thread0 -
No worries
I cant see anything in the log so my indications are zonealarm might be the problem
Lets look deeper first ~
Please run http://download.bleepingcomputer.com/sUBs/ComboFix.exeCOMBOFIX
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be)
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe'):idea:0 -
cheers, haven't done this so will proceed in normal time lol0
-
ComboFix 09-04-25.01 - mark turner 24/04/2009 20:45.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.274 [GMT 1:00]Running from: c:\documents and settings\mark turner\Desktop\ComboFix.exeAV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)FW: ZoneAlarm Firewall *enabled* * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\INSTALL.LOGc:\windows\system32\drivers\fad.sysc:\windows\system32\regsvr32.dllc:\windows\system32\w32apiw.dll.((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 ))))))))))))))))))))))))))))))).2009-04-24 18:50 . 2009-04-24 18:50
d
w c:\program files\Trend Micro2009-04-24 16:52 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-04-24 16:52 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-04-24 16:52 . 2009-04-24 16:53
d
w c:\program files\Malwarebytes' Anti-Malware2009-04-15 11:56 . 2009-02-09 12:10 401408
w c:\windows\system32\dllcache\rpcss.dll2009-04-15 11:56 . 2009-02-06 11:11 110592
w c:\windows\system32\dllcache\services.exe2009-04-15 11:55 . 2009-02-09 12:10 473600
w c:\windows\system32\dllcache\fastprox.dll2009-04-15 11:55 . 2009-02-09 12:10 453120
w c:\windows\system32\dllcache\wmiprvsd.dll2009-04-15 11:55 . 2009-02-09 12:10 729088
w c:\windows\system32\dllcache\lsasrv.dll2009-04-15 11:55 . 2009-02-09 12:10 617472
w c:\windows\system32\dllcache\advapi32.dll2009-04-15 11:55 . 2009-02-09 12:10 714752
w c:\windows\system32\dllcache\ntdll.dll2009-04-15 11:51 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll2009-04-12 08:36 . 2009-02-13 10:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-24 19:53 . 2009-02-05 18:10 849184 --sha-w c:\windows\system32\drivers\fidbox2.dat2009-04-24 19:53 . 2009-02-05 18:10 28869152 --sha-w c:\windows\system32\drivers\fidbox.dat2009-04-24 18:36 . 2009-02-05 18:10
d
w c:\documents and settings\All Users\Application Data\Kaspersky Lab2009-04-24 18:33 . 2009-02-05 18:10 80084 --sha-w c:\windows\system32\drivers\fidbox2.idx2009-04-24 18:33 . 2009-02-05 18:10 386540 --sha-w c:\windows\system32\drivers\fidbox.idx2009-04-24 10:48 . 2009-03-04 07:28 5775658 ----a-w c:\windows\Internet Logs\tvDebug.Zip2009-04-19 19:19 . 2007-03-17 18:44 56183 ----a-w C:\hpfr3425.log2009-04-19 19:19 . 2004-12-28 18:20 519 ----a-w C:\hpfr3420.xml2009-04-15 12:38 . 2007-10-04 16:42
d
w c:\documents and settings\All Users\Application Data\Microsoft Help2009-04-15 11:55 . 2002-08-29 05:00 227840 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe2009-04-14 16:53 . 2009-04-14 16:55 40448 ----a-w c:\windows\Internet Logs\xDB5.tmp2009-04-06 21:20 . 2009-04-07 05:41 106496 ----a-w c:\windows\Internet Logs\xDB4.tmp2009-03-29 20:42 . 2008-03-09 10:39
d---a-w c:\documents and settings\All Users\Application Data\TEMP2009-03-29 20:41 . 2004-06-05 21:09
d
w c:\program files\SpywareBlaster2009-03-21 14:06 . 2009-03-21 14:06 989696
w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll2009-03-11 20:00 . 2009-03-12 12:06 17920 ----a-w c:\windows\Internet Logs\xDB3.tmp2009-03-10 22:17 . 2009-03-11 17:58 18432 ----a-w c:\windows\Internet Logs\xDB2.tmp2009-03-09 19:55 . 2009-03-10 10:00 139776 ----a-w c:\windows\Internet Logs\xDB1.tmp2009-03-06 15:51 . 2009-03-06 15:51 102 ----a-w C:\VundoFix.txt2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll2009-03-03 20:15 . 2009-03-03 20:15 266240 ----a-w c:\windows\SYSTEM32\CSHelper.exe2009-03-03 20:15 . 2009-03-03 20:15 225280 ----a-w c:\windows\SYSTEM32\CSInstru.DLL2009-03-03 00:18 . 2006-11-07 21:03 826368
w c:\windows\SYSTEM32\DLLCACHE\wininet.dll2009-03-03 00:18 . 2004-02-06 17:05 826368 ----a-w c:\windows\SYSTEM32\wininet.dll2009-02-28 04:54 . 2002-08-29 05:00 636072 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe2009-02-20 10:20 . 2007-05-20 19:07 13824
w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe2009-02-20 10:20 . 2002-08-29 05:00 70656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe2009-02-20 05:14 . 2002-08-29 05:00 161792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll2009-02-09 12:10 . 2004-04-26 18:54 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll2009-02-09 11:13 . 2008-10-15 19:45 1846784
w c:\windows\SYSTEM32\DLLCACHE\win32k.sys2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys2009-02-07 22:05 . 2004-05-02 17:07 4212 -c-ha-w c:\windows\SYSTEM32\zllictbl.dat2009-02-07 18:02 . 2002-08-29 05:00 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe2009-02-07 18:02 . 2002-08-29 05:00 2066048 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\services.exe2009-02-06 11:08 . 2002-08-29 05:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe2009-02-06 11:08 . 2002-08-29 05:00 2189056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe2009-02-06 11:06 . 2008-10-15 19:43 2145280
w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\DLLCACHE\sc.exe2009-02-06 10:32 . 2008-10-15 19:43 2023936
w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe2009-02-05 16:42 . 2007-06-17 09:07 959 ----a-w C:\rollback.ini2009-02-03 19:59 . 2009-02-03 19:59 56832
w c:\windows\SYSTEM32\DLLCACHE\secur32.dll2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll2008-10-03 20:25 . 2004-01-27 21:34 109232 -c--a-w c:\documents and settings\mark turner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2007-03-26 17:10 . 2007-03-26 17:10 69536 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2006-05-27 20:05 . 2006-05-14 11:42 40240 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2005-11-23 11:50 . 2005-04-30 09:30 38264 -c--a-w c:\documents and settings\mark turner\Application Data\GDIPFONTCACHEV1.DAT2008-05-27 20:52 . 2008-05-27 20:53 32768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"HostManager"="c:\program files\Common Files\AOL\1223586317\ee\AOLSoftware.exe" [2006-11-14 50736]"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-14 98304]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 0 (0x0)"NoStartMenuMyMusic"= 0 (0x0)"NoRecentDocsNetHood"= 0 (0x0)"NoSimpleStartMenu"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 0 (0x0)"NoStartMenuMyMusic"= 0 (0x0)"NoRecentDocsNetHood"= 0 (0x0)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]backup=c:\windows\pss\Microsoft Office.lnk.disabledCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^mark turner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^mark turner^Start Menu^Programs^Startup^SpywareGuard.lnk]backup=c:\windows\pss\SpywareGuard.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCDHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed LauncherHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware ProtectionHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadAppHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayerHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitorHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelperHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgrHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTrayHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplicationHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSyncHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefragHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSchedHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"AOLService"=2 (0x2)"iPodService"=3 (0x3)"AOL ACS"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime"GSICONEXE"=gsicon.exe"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Common Files\\AOL\\1173459437\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\Program Files\\Common Files\\AOL\\1173459437\\ee\\AOLServiceHost.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\AOL 9.0 VR\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\1223586317\\ee\\aolsoftware.exe"=R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2002-12-24 39040]R3 MEMSWEEP2;MEMSWEEP2; [x]R3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2002-12-24 54016]R3 USTOR;Verbatim Store 'n' Go;c:\windows\system32\DRIVERS\UStork.sys [2003-04-02 19762]S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94117d80-7c5d-11d9-977f-00038a000015}]\Shell\AutoRun\command - setupSNK.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87294d6-a05d-11dd-8f54-00038a000015}]\Shell\access\command - e:\.\sgportable\SGPortable.exe\Shell\AutoRun\command - e:\.\sgportable\SGPortable.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e53405bd-8b29-11dd-a85a-00038a000015}]\Shell\AutoRun\command - E:\InstallTomTomHOME.exe.Contents of the 'Scheduled Tasks' folder2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{B5C1C72B-289E-42A9-835B-6634B3341A9F}.job- c:\windows\system32\msfeedssync.exe [2006-04-13 11:58].- - - - ORPHANS REMOVED - - - -MSConfigStartUp-CTFMON - (no file).
Supplementary Scan
.uStart Page = hxxp: google link removeduInternet Settings,ProxyOverride = 127.0.0.1IE: &AOL Toolbar searchIE: E&xport to Microsoft ExcelDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Rootkit scan 2009-04-24 20:53Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\65.tmp".
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3369489060-662800114-1466839097-1006\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]"OODEFRAG10.00.00.01WORKSTATION"="CEB59035BAE3BA6EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794BA7FD869164D67949DB7CE019D40AA5CA8A2428A09D4F53E7F5775F3C720A3862044937B62B8997D624CABC010CEC361260F2D17ED2CD9494BFA9FD7A64C0E3AF4F9B335DA89FCCA2D2618AB68E3F050418AB17776C5782A04838BA05B684A8A4F9AAB984442F95F5F872CDDBE807C437CAEA93E839C7C7E72B97E9C1BF47E9C59C04ECA4A7E550CAA7E6577538469CFAE15E1278AF0C548B3EA33BD323188FB9409E3982CA38A839397B8BCFB92EC75015F9A8D1546E8EBB468D6187DA27896D616A6EFBD5445DDF5650E149F12F192F4B08AF13FE52C34BB858C67EF1392BF488CC4E265FDE7967F00418B3A2E176CDAAF597A3CDB0CCC5F1CE9898F8F502CE417622A1FCC080CB08123505D56AF2BDA8924EECFF736C70B8878FE76685DF6FD63969F7AB2ED82DE08F6B82B3D4159EEEBFB3D53CE109B7FA9B7EFD3B31A9FB822EB421A671A21B5B6743BDE5A87EAE68CE6753437319FCFE6182468491C860E0A6235B564BA73B1B34974C2696F3264225CCC744F63936427000B0B482B74CAD3EB3F97E6376826AA13A437E79CE85FE74B1CA8762896F8D74934A61043120FBD6F4B9F7228D3B6C868AE311B6429A19D9360F9CF32301CE8435839C6966D4F8848E7C24DDBEC5DC1CE9B390853F4CA87893A264568C8B2CF2E5055D5887AD47B464805FED34FE9CCC416EA7B26304D6DF6EEFE01E62D748442992069310FBC5EAB44045945FAFC23386EF583D024EE9999E6E8F47D0F6D84285655725EE4F781AFD4EEEB9A518B840F199FF377FB4BDDA1B05CD3AF84FCCEFC4C42288E1BCA337C1A080EEE9C60B21F2DBF637749D18CB3FAE717B407566AD3E6498079344D4B32D7A6D8168519F4376743AE5E7FC4FB6A9C2D7977F2035E33B1DF3C84166E236472372B959D279594A72AF16D773B0BD08CE07C188BDCB7945F135ACD0B6C971877382825D550636DF087929CEC1E96E869CB64EAF31487E5C6FD9FA5C1DC8B4A943CB43488AE32686B05B71602AF04A8F2CBB776B6AD618960D49610CCA964681B6C7AE26F3156A164DECBB8B97FB9770E5144F6C07FDED4CB5D0CC6A30F0B570582E8882A16AB2AC9E4FD16FCF5A433C46319DAE4B71C92C8F190351E1D6CECEB4E32AC3CF61105317BC275974CB22D43998B46D6D33A013F8179FCFC39FB738E324B8D8C3C692A519B4FD13A14D8A85AA2321231A85E51370C6070E09B2FAB4F276E9C67231A0606CF9ED7F92D8E61FE3F6AC66F5DAF29E02A221AD152FEC636379B80FA3D8FF850B9F1EBCDD04F024A4354A6F5EE5CA40D055FB5B83CE86EEC039211DBF137D7538D4B2493879BAD789953A308".
DLLs Loaded Under Running Processes
- - - - - - > 'winlogon.exe'(1652)c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(1756)c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll.Completion time: 2009-04-24 20:57ComboFix-quarantined-files.txt 2009-04-24 19:57Pre-Run: 8,124,506,112 bytes freePost-Run: 8,219,451,392 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn249 --- E O F --- 2009-04-15 12:490 -
Mark ~ thats completely unreadable
Assuming youve used NOTEPAD then open notepad and untick 'word wrap' under 'format':idea:0 -
oops sorry about that, try again
ComboFix 09-04-25.01 - mark turner 24/04/2009 20:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.274 [GMT 1:00]
Running from: c:\documents and settings\mark turner\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\drivers\fad.sys
c:\windows\system32\regsvr32.dll
c:\windows\system32\w32apiw.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.
2009-04-24 18:50 . 2009-04-24 18:50
d
w c:\program files\Trend Micro
2009-04-24 16:52 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 16:52 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 16:52 . 2009-04-24 16:53
d
w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 11:56 . 2009-02-09 12:10 401408
w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:56 . 2009-02-06 11:11 110592
w c:\windows\system32\dllcache\services.exe
2009-04-15 11:55 . 2009-02-09 12:10 473600
w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:55 . 2009-02-09 12:10 453120
w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:55 . 2009-02-09 12:10 729088
w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:55 . 2009-02-09 12:10 617472
w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 11:55 . 2009-02-09 12:10 714752
w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:51 . 2008-05-03 11:55 2560
w c:\windows\system32\xpsp4res.dll
2009-04-12 08:36 . 2009-02-13 10:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 19:53 . 2009-02-05 18:10 849184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-24 19:53 . 2009-02-05 18:10 28869152 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-24 18:36 . 2009-02-05 18:10
d
w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-24 18:33 . 2009-02-05 18:10 80084 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-24 18:33 . 2009-02-05 18:10 386540 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-24 10:48 . 2009-03-04 07:28 5775658 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-19 19:19 . 2007-03-17 18:44 56183 ----a-w C:\hpfr3425.log
2009-04-19 19:19 . 2004-12-28 18:20 519 ----a-w C:\hpfr3420.xml
2009-04-15 12:38 . 2007-10-04 16:42
d
w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 11:55 . 2002-08-29 05:00 227840 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe
2009-04-14 16:53 . 2009-04-14 16:55 40448 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-04-06 21:20 . 2009-04-07 05:41 106496 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-29 20:42 . 2008-03-09 10:39
d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 20:41 . 2004-06-05 21:09
d
w c:\program files\SpywareBlaster
2009-03-21 14:06 . 2009-03-21 14:06 989696
w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-11 20:00 . 2009-03-12 12:06 17920 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-10 22:17 . 2009-03-11 17:58 18432 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-09 19:55 . 2009-03-10 10:00 139776 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-03-06 15:51 . 2009-03-06 15:51 102 ----a-w C:\VundoFix.txt
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 14:22 . 2002-08-29 05:00 284160 ----a-w c:\windows\SYSTEM32\DLLCACHE\pdh.dll
2009-03-03 20:15 . 2009-03-03 20:15 266240 ----a-w c:\windows\SYSTEM32\CSHelper.exe
2009-03-03 20:15 . 2009-03-03 20:15 225280 ----a-w c:\windows\SYSTEM32\CSInstru.DLL
2009-03-03 00:18 . 2006-11-07 21:03 826368
w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-03 00:18 . 2004-02-06 17:05 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-28 04:54 . 2002-08-29 05:00 636072 --s-a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-02-20 10:20 . 2007-05-20 19:07 13824
w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-02-20 10:20 . 2002-08-29 05:00 70656 ----a-w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-02-20 05:14 . 2002-08-29 05:00 161792 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-02-09 12:10 . 2002-08-29 05:00 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-04-26 18:54 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2002-08-29 05:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 12:10 . 2002-08-29 05:00 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 11:13 . 2008-10-15 19:45 1846784
w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2002-08-29 05:00 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 22:05 . 2004-05-02 17:07 4212 -c-ha-w c:\windows\SYSTEM32\zllictbl.dat
2009-02-07 18:02 . 2002-08-29 05:00 2066048 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-07 18:02 . 2002-08-29 05:00 2066048 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 11:11 . 2002-08-29 05:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2002-08-29 05:00 2189056 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 11:08 . 2002-08-29 05:00 2189056 ----a-w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 19:43 2145280
w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2002-08-29 05:00 35328 ----a-w c:\windows\SYSTEM32\DLLCACHE\sc.exe
2009-02-06 10:32 . 2008-10-15 19:43 2023936
w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-05 16:42 . 2007-06-17 09:07 959 ----a-w C:\rollback.ini
2009-02-03 19:59 . 2009-02-03 19:59 56832
w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 19:59 . 2002-08-29 05:00 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2008-10-03 20:25 . 2004-01-27 21:34 109232 -c--a-w c:\documents and settings\mark turner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-03-26 17:10 . 2007-03-26 17:10 69536 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-27 20:05 . 2006-05-14 11:42 40240 -c--a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-23 11:50 . 2005-04-30 09:30 38264 -c--a-w c:\documents and settings\mark turner\Application Data\GDIPFONTCACHEV1.DAT
2008-05-27 20:52 . 2008-05-27 20:53 32768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HostManager"="c:\program files\Common Files\AOL\1223586317\ee\AOLSoftware.exe" [2006-11-14 50736]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-14 98304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
backup=c:\windows\pss\Kodak EasyShare software.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]
backup=c:\windows\pss\Microsoft Office.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^mark turner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^mark turner^Start Menu^Programs^Startup^SpywareGuard.lnk]
backup=c:\windows\pss\SpywareGuard.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DadApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)
"iPodService"=3 (0x3)
"AOL ACS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"GSICONEXE"=gsicon.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\1173459437\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1173459437\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1223586317\\ee\\aolsoftware.exe"=
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2002-12-24 39040]
R3 MEMSWEEP2;MEMSWEEP2; [x]
R3 ousb2hub;OrangeWare USB 2.0 Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2002-12-24 54016]
R3 USTOR;Verbatim Store 'n' Go;c:\windows\system32\DRIVERS\UStork.sys [2003-04-02 19762]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94117d80-7c5d-11d9-977f-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c87294d6-a05d-11dd-8f54-00038a000015}]
\Shell\access\command - e:\.\sgportable\SGPortable.exe
\Shell\AutoRun\command - e:\.\sgportable\SGPortable.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e53405bd-8b29-11dd-a85a-00038a000015}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{B5C1C72B-289E-42A9-835B-6634B3341A9F}.job
- c:\windows\system32\msfeedssync.exe [2006-04-13 11:58]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-CTFMON - (no file)
.
Supplementary Scan
.
uStart Page =
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel
DPF: DirectAnimation Java Classes -
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-24 20:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65.tmp"
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3369489060-662800114-1466839097-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CEB59035BAE3BA6EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794BA7FD869164D67949DB7CE019D40AA5CA8A2428A09D4F53E7F5775F3C720A3862044937B62B8997D624CABC010CEC361260F2D17ED2CD9494BFA9FD7A64C0E3AF4F9B335DA89FCCA2D2618AB68E3F050418AB17776C5782A04838BA05B684A8A4F9AAB984442F95F5F872CDDBE807C437CAEA93E839C7C7E72B97E9C1BF47E9C59C04ECA4A7E550CAA7E6577538469CFAE15E1278AF0C548B3EA33BD323188FB9409E3982CA38A839397B8BCFB92EC75015F9A8D1546E8EBB468D6187DA27896D616A6EFBD5445DDF5650E149F12F192F4B08AF13FE52C34BB858C67EF1392BF488CC4E265FDE7967F00418B3A2E176CDAAF597A3CDB0CCC5F1CE9898F8F502CE417622A1FCC080CB08123505D56AF2BDA8924EECFF736C70B8878FE76685DF6FD63969F7AB2ED82DE08F6B82B3D4159EEEBFB3D53CE109B7FA9B7EFD3B31A9FB822EB421A671A21B5B6743BDE5A87EAE68CE6753437319FCFE6182468491C860E0A6235B564BA73B1B34974C2696F3264225CCC744F63936427000B0B482B74CAD3EB3F97E6376826AA13A437E79CE85FE74B1CA8762896F8D74934A61043120FBD6F4B9F7228D3B6C868AE311B6429A19D9360F9CF32301CE8435839C6966D4F8848E7C24DDBEC5DC1CE9B390853F4CA87893A264568C8B2CF2E5055D5887AD47B464805FED34FE9CCC416EA7B26304D6DF6EEFE01E62D748442992069310FBC5EAB44045945FAFC23386EF583D024EE9999E6E8F47D0F6D84285655725EE4F781AFD4EEEB9A518B840F199FF377FB4BDDA1B05CD3AF84FCCEFC4C42288E1BCA337C1A080EEE9C60B21F2DBF637749D18CB3FAE717B407566AD3E6498079344D4B32D7A6D8168519F4376743AE5E7FC4FB6A9C2D7977F2035E33B1DF3C84166E236472372B959D279594A72AF16D773B0BD08CE07C188BDCB7945F135ACD0B6C971877382825D550636DF087929CEC1E96E869CB64EAF31487E5C6FD9FA5C1DC8B4A943CB43488AE32686B05B71602AF04A8F2CBB776B6AD618960D49610CCA964681B6C7AE26F3156A164DECBB8B97FB9770E5144F6C07FDED4CB5D0CC6A30F0B570582E8882A16AB2AC9E4FD16FCF5A433C46319DAE4B71C92C8F190351E1D6CECEB4E32AC3CF61105317BC275974CB22D43998B46D6D33A013F8179FCFC39FB738E324B8D8C3C692A519B4FD13A14D8A85AA2321231A85E51370C6070E09B2FAB4F276E9C67231A0606CF9ED7F92D8E61FE3F6AC66F5DAF29E02A221AD152FEC636379B80FA3D8FF850B9F1EBCDD04F024A4354A6F5EE5CA40D055FB5B83CE86EEC039211DBF137D7538D4B2493879BAD789953A308"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1652)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1756)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 2009-04-24 20:57
ComboFix-quarantined-files.txt 2009-04-24 19:57
Pre-Run: 8,124,506,112 bytes free
Post-Run: 8,219,451,392 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
249 --- E O F --- 2009-04-15 12:490
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.8K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.2K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards