943,541 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Computer behave strange and working slow
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Apr 4th, 2009
0

Computer behave strange and working slow

Expand Post »
Hi,

My comp start to behave strange. Almost on every task poping windows to say: "encountered problem and need to close".

I have 4 scans:

1. ESET Smart Security

2. MBAM

3. Spybot

4. HijackThis

and posting them here. Hope someone can help. I am using Windows XP Pro Sp1 3.6 Gb, 1Gb RAM, 80Gb HD

ESET Scan Log
Version of virus signature database: 3986 (20090403)
Date: 4/04/2009 Time: 9:54:52 AM
Scanned disks, folders and files: C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\WINDOWS:AstInfo - error opening [4]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BankerFAT.zip » ZIP » ps.dat - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BankerFAT.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart.zip » ZIP » ErrorSmart Scheduled Scan.job - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart1.zip » ZIP » DataBase.ref - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart10.zip » ZIP » 2008 Feb 26 - 02_28_51 PM_156.log - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart10.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart11.zip » ZIP » ErrorSmart.url - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart11.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart12.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart13.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart13.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart14.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart14.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart15.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart15.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart16.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart16.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart2.zip » ZIP » ErrorSmart.exe - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart3.zip » ZIP » zlib.dll - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart4.zip » ZIP » TCL.dll - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart5.zip » ZIP » ErrorSmart.lnk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart6.zip » ZIP » ErrorSmart on the Web.lnk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart7.zip » ZIP » 2008 Feb 26 - 04_52_08 PM_750.log - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart8.zip » ZIP » 2008 Feb 26 - 04_51_33 PM_578.log - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart8.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart9.zip » ZIP » 2008 Feb 26 - 02_29_25 PM_093.log - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSmart9.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsAppFirewallBypass.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/1.bin/F3BKGERR.JPG - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/1.bin/F3BROVLY.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/1.bin/F3CJPEG.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/1.bin/F3DTACTL.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/1.bin/F3HISTSW.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3BKGERR.JPG - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3BROVLY.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3CJPEG.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3DTACTL.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3HISTSW.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » bar/2.bin/F3HTMLMU.DLL - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PremiumSearch.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PremiumSearch.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PremiumSearch1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PremiumSearch1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyBlocs.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyBlocs.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyBlocs1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyBlocs1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TelekomBillFake.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TelekomBillFake.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TelekomBillFake1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TelekomBillFake1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip » ZIP » ljbgugtb.job - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip » ZIP » brieudtr.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip » ZIP » wmoqyyko.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip » ZIP » fnykpoar.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip » ZIP » lgmlnhnb.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip » ZIP » vukunott.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip » ZIP » vuatcgvd.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip » ZIP » rscwngkb.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLageraq.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLageraq.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLageraq1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLageraq1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk10.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk10.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk11.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk11.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk12.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk12.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk13.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk13.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk14.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk14.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk15.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk15.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk16.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk16.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk17.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk17.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk18.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk18.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk19.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk19.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk20.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk20.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk21.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk21.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk22.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk22.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk23.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk23.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk24.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk24.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk25.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk25.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk26.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk26.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk27.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk27.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk28.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk28.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk29.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk29.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk30.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk30.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk31.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk31.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk32.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk32.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk33.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk33.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk34.zip » ZIP » StarCodec_ver1.5897.0.exe - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk34.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk5.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk6.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk7.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk8.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk8.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk9.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinTDSSrtk9.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZipTmp04.a10 » ZIP » bar/1.bin/F3BKGERR.JPG - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZipTmp04.a10 » ZIP » - archive damaged
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZipTmp08.710 » ZIP » bar/1.bin/F3BKGERR.JPG - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZipTmp08.710 » ZIP » - archive damaged
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVcodec.zip » ZIP » svchost.exe - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVcodec.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\LocalService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\user\ntuser.dat - error opening [4]
C:\Documents and Settings\user\ntuser.dat.LOG - error opening [4]
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hp0g1fjv.default\extensions\searchrecs@veoh.com\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hp0g1fjv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe » NSIS - bad archive
C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\Sun\Java\jre1.6.0_10\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-16-2008 - 17-31-20.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 06-21-2008 - 11-23-17.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\user\Application Data\Uniblue\SpyEraser\Quarantine\Rootkit.agent.agw_27_12_2008_21_14_39.asq26299 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{EEEE9068-6AA9-4B74-A4B5-C4ED236F21C2}\Microsoft\Outlook Express\Deleted Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{EEEE9068-6AA9-4B74-A4B5-C4ED236F21C2}\Microsoft\Outlook Express\Drafts.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{EEEE9068-6AA9-4B74-A4B5-C4ED236F21C2}\Microsoft\Outlook Express\Eset Antispam (1).dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{EEEE9068-6AA9-4B74-A4B5-C4ED236F21C2}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{EEEE9068-6AA9-4B74-A4B5-C4ED236F21C2}\Microsoft\Outlook Express\Sent Items.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\IM\Identities\{39AE679A-6CD9-49EB-ADB8-8882A2E7E435}\Message Store\Inbox.imm » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\IM\Identities\{39AE679A-6CD9-49EB-ADB8-8882A2E7E435}\Message Store\Attachments\Attention_ Gospodin Djordje Marinkovic.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening [4]
C:\Documents and Settings\user\My Documents\Demons take on Saints in Twenty20 clash TONIGHT.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\My Documents\MCC Cricket News_ Sunday February 4, 2007.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\My Documents\Azureus Downloads\13B.2009.DVDRip.XviD-CoWRY\CD1\cowry-13b-cd1.rar » RAR » cowry-13b-cd1.avi - next archive volume not found
C:\Documents and Settings\user\My Documents\Azureus Downloads\13B.2009.DVDRip.XviD-CoWRY\CD2\cowry-13b-cd2.rar » RAR » cowry-13b-cd2.avi - next archive volume not found
C:\Documents and Settings\user\My Documents\POSTA\3D-Album Forums.eml » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\user\My Documents\POSTA\Olivera 9. Janyary 2007..eml » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\LimeWire\lib\additional_resources.jar » ZIP » xulrunner-win32.zip » ZIP » xulrunner/chrome/limewire.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\MediaCoder\xulapp\chrome\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Motorola Phone Tools\olregist.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\reporter.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Real\RealPlayer\browserrecord\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Winamp\UninstWA.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\WMR11\Recordings\RMR Extras\rts1[2].rm.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\WMR11\Recordings\RMR Extras\rts1[3].rm.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\WMR11\Recordings\RMR Extras\rts1[4].rm.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\WMR11\Recordings\RMR Extras\rts1[5].rm.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\config\default - error opening [4]
C:\WINDOWS\system32\config\default.LOG - error opening [4]
C:\WINDOWS\system32\config\SAM - error opening [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening [4]
C:\WINDOWS\system32\config\SECURITY - error opening [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening [4]
C:\WINDOWS\system32\config\software - error opening [4]
C:\WINDOWS\system32\config\software.LOG - error opening [4]
C:\WINDOWS\system32\config\system - error opening [4]
C:\WINDOWS\system32\config\system.LOG - error opening [4]
Number of scanned objects: 279748
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 10:37:58 AM Total scanning time: 2586 sec (00:43:06)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

MBAM Scan
Malwarebytes' Anti-Malware 1.34
Database version: 1782
Windows 5.1.2600 Service Pack 2

4/04/2009 9:35:10 AM
mbam-log-2009-04-04 (09-35-10).txt

Scan type: Quick Scan
Objects scanned: 68331
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Spybot Scan
DoubleClick: Tracking cookie (Internet Explorer: user) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-07-21 unins000.exe (51.41.0.0)
2009-03-28 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-01-22 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-25 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-11 Includes\Hijackers.sbi (*)
2009-03-04 Includes\HijackersC.sbi (*)
2009-03-18 Includes\Keyloggers.sbi (*)
2009-03-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-03-25 Includes\Malware.sbi (*)
2009-03-25 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-25 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-14 Includes\Security.sbi (*)
2009-03-24 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2009-03-25 Includes\Tracks.uti
2009-03-25 Includes\Trojans.sbi (*)
2009-03-25 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:36 AM, on 4/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iPrimus.com.au;iprimushomehub.*;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67053930-C51F-4B5F-8FC5-44A6A3701775} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B24536DB-8C84-4E0D-8D66-7D97366B0C11} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 9625 bytes
Reputation Points: 10
Solved Threads: 0
Light Poster
SerbOz is offline Offline
29 posts
since Sep 2008
Permalink
Apr 4th, 2009
0

Re: Computer behave strange and working slow

It sounds like you might be infected with a virus. You gotta be very careful, recommend the following:
http://gabriel.cleverinnovative.com/?p=46
Reputation Points: 8
Solved Threads: 6
Posting Whiz in Training
extofer is offline Offline
239 posts
since Aug 2005
Permalink
Apr 5th, 2009
0

Re: Computer behave strange and working slow

Update MBA-M as it is woefully out-of-date. When done, scan and remove all that it finds. Save it's log, reboot and rescan with hijackthis.

Post both logs.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,162 posts
since Feb 2004
Permalink
Apr 10th, 2009
0

Re: Computer behave strange and working slow

Hi Crunchie,

Here's my scans:

Malwarebytes' Anti-Malware 1.35
Database version: 1944
Windows 5.1.2600 Service Pack 2

7/04/2009 6:11:12 AM
mbam-log-2009-04-07 (06-11-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 199465
Time elapsed: 1 hour(s), 50 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:38 AM, on 11/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iPrimus.com.au;iprimushomehub.*;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67053930-C51F-4B5F-8FC5-44A6A3701775} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B24536DB-8C84-4E0D-8D66-7D97366B0C11} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 9744 bytes
Reputation Points: 10
Solved Threads: 0
Light Poster
SerbOz is offline Offline
29 posts
since Sep 2008
Permalink
Apr 11th, 2009
0

Re: Computer behave strange and working slow

Your MBA-M is STILL out of date. Newest version is 1.36 and the scan you posted is 3 days old.

Also Disable Spybot's TeaTimer, it will interfere with attempted fixes.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Last edited by jholland1964; Apr 11th, 2009 at 1:17 am.
Moderator
Featured Poster
Reputation Points: 725
Solved Threads: 339
Posting Expert
jholland1964 is offline Offline
5,497 posts
since Jul 2008
Permalink
Apr 12th, 2009
0

Re: Computer behave strange and working slow

Malwarebytes' Anti-Malware 1.36
Database version: 1971
Windows 5.1.2600 Service Pack 2

13/04/2009 11:38:11 AM
mbam-log-2009-04-13 (11-38-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 209185
Time elapsed: 2 hour(s), 19 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:14 AM, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Quark\QuarkXPress 8\QuarkXPress.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iPrimus.com.au;iprimushomehub.*;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67053930-C51F-4B5F-8FC5-44A6A3701775} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B24536DB-8C84-4E0D-8D66-7D97366B0C11} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 9820 bytes
Reputation Points: 10
Solved Threads: 0
Light Poster
SerbOz is offline Offline
29 posts
since Sep 2008
Permalink
Apr 13th, 2009
0

Re: Computer behave strange and working slow

You never restarted your pc after running MBA-M, as requested.

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {67053930-C51F-4B5F-8FC5-44A6A3701775} - (no file)
O2 - BHO: (no name) - {96372AB6-15EB-4316-B497-71C741BC548C} - (no file)
O2 - BHO: (no name) - {B24536DB-8C84-4E0D-8D66-7D97366B0C11} - (no file)

O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
...(Unless you've set these with an anti-spyware program like SpyBot's Immunize feature, have HiJackThis fix this.)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,162 posts
since Feb 2004
Permalink
Apr 16th, 2009
0

Re: Computer behave strange and working slow

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:31 PM, on 16/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iPrimus.com.au;iprimushomehub.*;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 8969 bytes
Reputation Points: 10
Solved Threads: 0
Light Poster
SerbOz is offline Offline
29 posts
since Sep 2008
Permalink
Apr 16th, 2009
0

Re: Computer behave strange and working slow

Fix the following line with hijackthis and then reboot;

O24 - Desktop Component 1: Privacy Protection - (no file)

How is your pc?
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,162 posts
since Feb 2004
Permalink
Apr 21st, 2009
0

Re: Computer behave strange and working slow

Hi Crunchie,

Thanks to tried to help me. I scan with HJT and press option to fix 024 (no file) but when rescan that is still there.

Also, I have snapshot od my task manager where is lots of svchost.exe files but not sure which is safe to delete. Can you look at attachment I include with this post.

Also, here's my latest HJT scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:22 PM, on 21/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\regx32.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.iPrimus.com.au;iprimushomehub.*;10.*;172.16.*;172.17.*;172.18.*;172.19.*;172.20.*;172.21.*;172.22.*;172.23.*;172.24.*;172.25.*;172.26.*;172.27.*;172.28.*;172.29.*;172.30.*;172.31.*;198.18.1.*;192.168.*
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O20 - AppInit_DLLs: c:\windows\system32\satukivu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 0: Item created by Ulead GIF Animator - C:\WINDOWS\system32\gaadi001.gif
O24 - Desktop Component 1: Privacy Protection - (no file)

--
End of file - 10240 bytes
Attached Thumbnails
Click image for larger version Name: 2009-04-21_180734.png Views: 13 Size: 26.5 KB ID: 9896  
Reputation Points: 10
Solved Threads: 0
Light Poster
SerbOz is offline Offline
29 posts
since Sep 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: RUNDLL error on module/loading
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Can Someone Help Me?





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC