1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved slow computer

Discussion in 'Malware and Virus Removal Archive' started by light, 2010/05/09.

Page 2 of 3
  1. 2010/05/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you still out there?
     
    broni,
    #21
  2. 2010/05/22
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    sry about not being here
    yes im here

    i had alot of work to do
    (doing karspersky scan now)
     
    light,
    #22


  3. to hide this advert.

  4. 2010/05/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)
     
    broni,
    #23
  5. 2010/05/24
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, May 25, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Monday, May 24, 2010 12:55:08
    Records in database: 4168417
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    K:\

    Scan statistics:
    Objects scanned: 161081
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 11:38:35

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
    light,
    #24
  6. 2010/05/24
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 06:11:00, on 2010-05-25
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Microsoft IntelliPoint\ipoint.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Brother\ControlCenter3\brccMCtl.exe
    C:\Program\Java\jre6\bin\jusched.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    C:\Program\Windows Live\Messenger\msnmsgr.exe
    C:\Program\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Hotspot Shield\bin\openvpnas.exe
    C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Canon\CAL\CALMAIN.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program\Hotspot Shield\bin\openvpntray.exe
    C:\Program\Java\jre6\bin\jucheck.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program\ScanSoft\PaperPort\IndexSearch.exe "
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast5] C:\Program\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.sherwooddungeon.com/SherwoodDungeon.htm "
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} (IAHSOCX.HOSTILESPACE) - https://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c98d4dbe9cdb1e) (gupdate1c98d4dbe9cdb1e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    O24 - Desktop Component 0: (no name) - http://gfx1.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 1: (no name) - http://www.sprakservice.nu/bilder/map.jpg
    O24 - Desktop Component 2: (no name) - http://www.natnapa.ac.th/image/O_Icon_n3.gif
    O24 - Desktop Component 3: (no name) - http://www.natnapa.ac.th/image/Apply_Pic1.gif
    O24 - Desktop Component 4: (no name) - http://gfx2.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 5: (no name) - http://marknad.akelius.se/images/historyback.gif
    O24 - Desktop Component 6: (no name) - http://www.granit.com/filearchive/2/2427/Oslo-2.jpg
    O24 - Desktop Component 7: (no name) - http://photos-g.ak.fbcdn.net/hphoto..._378895444060_712559060_3532088_2415681_n.jpg
    O24 - Desktop Component 8: (no name) - http://photos-a.ak.fbcdn.net/hphoto..._378889999060_712559060_3532002_8042006_s.jpg
    O24 - Desktop Component 9: (no name) - https://www3.skatteverket.se/ef/ef_webapp/bilder/global/imgrsvprint.png

    --
    End of file - 12559 bytes
     
    light,
    #25
  7. 2010/05/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    =================================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program\ScanSoft\PaperPort\pptd40nt.exe "
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program\ScanSoft\PaperPort\IndexSearch.exe "
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 - "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" - "http://www.sherwooddungeon.com/SherwoodDungeon.htm "
    O4 - Global Startup: BTTray.lnk = ?

    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #26
  8. 2010/05/26
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:58:49, on 2010-05-26
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program\Microsoft IntelliPoint\ipoint.exe
    C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\ALWILS~1\Avast5\avastUI.exe
    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe
    C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
    C:\Program\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program\Bonjour\mDNSResponder.exe
    C:\Program\Hotspot Shield\bin\openvpnas.exe
    C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program\Java\jre6\bin\jqs.exe
    C:\Program\Delade filer\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\Canon\CAL\CALMAIN.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program\Hotspot Shield\bin\openvpntray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\Google\Chrome\Application\chrome.exe
    C:\Program\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl108w.blu108.mail.live.com/mail/TodayLight.aspx?n=4629124
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast5] C:\Program\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe "
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://kusten.axiscam.net/activex/AMC.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
    O16 - DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} (IAHSOCX.HOSTILESPACE) - https://www.hostilespace.com/Portal/IAHSOCX20019.CAB
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c98d4dbe9cdb1e) (gupdate1c98d4dbe9cdb1e) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
    O24 - Desktop Component 0: (no name) - http://gfx1.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 1: (no name) - http://www.sprakservice.nu/bilder/map.jpg
    O24 - Desktop Component 2: (no name) - http://www.natnapa.ac.th/image/O_Icon_n3.gif
    O24 - Desktop Component 3: (no name) - http://www.natnapa.ac.th/image/Apply_Pic1.gif
    O24 - Desktop Component 4: (no name) - http://gfx2.hotmail.com/mail/w4/pr01/ltr/im/offline16.png
    O24 - Desktop Component 5: (no name) - http://marknad.akelius.se/images/historyback.gif
    O24 - Desktop Component 6: (no name) - http://www.granit.com/filearchive/2/2427/Oslo-2.jpg
    O24 - Desktop Component 7: (no name) - http://photos-g.ak.fbcdn.net/hphoto..._378895444060_712559060_3532088_2415681_n.jpg
    O24 - Desktop Component 8: (no name) - http://photos-a.ak.fbcdn.net/hphoto..._378889999060_712559060_3532002_8042006_s.jpg
    O24 - Desktop Component 9: (no name) - https://www3.skatteverket.se/ef/ef_webapp/bilder/global/imgrsvprint.png

    --
    End of file - 10981 bytes
     
    light,
    #27
  9. 2010/05/26
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    posted same 2 times sry
     
    Last edited: 2010/05/26
    light,
    #28
  10. 2010/05/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #29
  11. 2010/05/30
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    ok its a little better but still rather slow and still sounds much
     
    light,
    #30
  12. 2010/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Say again?
     
    broni,
    #31
  13. 2010/05/30
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    the computer sounds alot all time it never stays quitley
    it is on 100% all time
    when we removed those infected files or what then the cpu got faster but now it has slowed down again, and i tinkit goes even more slower now
     
    light,
    #32
  14. 2010/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Post the content in your next reply.
     
    broni,
    #33
  15. 2010/05/31
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 69.44 0 K 28 K
    DPCs n/a 11.27 0 K 0 K Deferred Procedure Calls
    services.exe 568 5.56 1*848 K 3*620 K Tjänst- och styrenhetsprogram Microsoft Corporation C:\WINDOWS\system32\services.exe
    procexp.exe 1080 5.56 15*984 K 21*900 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\DOCUME~1\Webbook\LOKALA~1\Temp\Rar$EX54.000\procexp.exe"
    System 4 2.78 0 K 240 K
    openvpntray.exe 3328 1.39 1*620 K 6*200 K "C:\Program\Hotspot Shield\bin\openvpntray.exe" -nolaunchurl
    Interrupts n/a 0 K 0 K Hardware Interrupts
    csrss.exe 1264 1.39 1*720 K 4*860 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    VTTimer.exe 1276 504 K 2*084 K S3 Graphics, Inc. "C:\WINDOWS\system32\VTTimer.exe"
    WinRAR.exe 516 8*524 K 10*076 K WinRAR archiver Alexander Roshal "C:\Program\WinRAR 3.51\WinRAR.exe" "C:\Documents and Settings\Webbook\Mina dokument\Downloads\ProcessExplorer.zip "
    winlogon.exe 1720 6*088 K 4*504 K Inloggningsprogram för Windows NT Microsoft Corporation winlogon.exe
    svchost.exe 3664 4*860 K 5*044 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
    svchost.exe 372 2*024 K 4*784 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
    svchost.exe 1268 3*196 K 5*280 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe 1040 14*844 K 23*692 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe 388 1*672 K 3*964 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe 704 1*508 K 3*932 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    svchost.exe 1228 2*164 K 3*356 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k bthsvcs
    spoolsv.exe 1904 5*144 K 7*000 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
    smss.exe 168 172 K 416 K Sessionshanteraren i Windows NT Microsoft Corporation \SystemRoot\System32\smss.exe
    scardsvr.exe 364 900 K 2*692 K Resurshanteringsserver för smartkort Microsoft Corporation C:\WINDOWS\System32\SCardSvr.exe
    rundll32.exe 288 2*300 K 3*652 K Kör en DLL-fil som ett program Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    RTHDCPL.exe 1308 18*336 K 22*024 K Realtek HD Audio Control Panel Realtek Semiconductor Corp. "C:\WINDOWS\RTHDCPL.EXE"
    openvpnas.exe 2304 1*064 K 3*240 K "C:\Program\Hotspot Shield\bin\openvpnas.exe "
    NMIndexStoreSvr.exe 3440 12*808 K 16*712 K Nero Home Nero AG "C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
    NMIndexingService.exe 2572 6*244 K 9*724 K Nero Home Nero AG "C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe "
    NMBgMonitor.exe 716 6*028 K 10*112 K Nero Home Nero AG "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
    msnmsgr.exe 932 12*388 K 4*496 K Windows Live Messenger Microsoft Corporation "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
    mDNSResponder.exe 840 1*256 K 3*760 K Bonjour Service Apple Inc. C:\Program\Bonjour\mDNSResponder.exe
    LSSrvc.exe 3608 700 K 2*716 K LightScribe Service Hewlett-Packard Company "C:\Program\Delade filer\LightScribe\LSSrvc.exe "
    lsass.exe 740 4*000 K 1*632 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
    LightScribeControlPanel.exe 440 1*512 K 7*624 K Hewlett-Packard Company "C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe" -hidden
    jusched.exe 1592 824 K 2*792 K Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program\Java\jre6\bin\jusched.exe"
    jqs.exe 3412 2*472 K 1*388 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program\Java\jre6\bin\jqs.exe" -service -config "C:\Program\Java\jre6\lib\deploy\jqs\jqs.conf "
    ipoint.exe 1572 5*176 K 10*144 K IPoint.exe Microsoft Corporation "C:\Program\Microsoft IntelliPoint\ipoint.exe"
    iexplore.exe 2040 51*296 K 61*756 K Internet Explorer Microsoft Corporation "C:\Program\internet explorer\iexplore.exe" SCODEF:2968 CREDAT:14337
    iexplore.exe 2968 6*908 K 3*608 K Internet Explorer Microsoft Corporation "C:\Program\internet explorer\iexplore.exe "
    hsssrv.exe 3280 1*788 K 5*800 K Hotspot Shield Helper Service AnchorFree Inc. "C:\Program\Hotspot Shield\HssWPR\hsssrv.exe "
    GoogleToolbarNotifier.exe 1652 3*284 K 392 K GoogleToolbarNotifier Google Inc. "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    GoogleCrashHandler.exe 1888 1*928 K 784 K Google Installer Google Inc. "C:\Program\Google\Update\1.2.183.23\GoogleCrashHandler.exe" /crashhandler
    explorer.exe 2008 24*092 K 32*488 K Utforskaren Microsoft Corporation C:\WINDOWS\Explorer.EXE
    dpupdchk.exe 672 1*920 K 2*964 K dpupdchk.exe Microsoft Corporation "C:\Program\Microsoft IntelliPoint\dpupdchk.exe"
    chrome.exe 752 27*192 K 22*464 K Google Chrome Google Inc. "C:\Program\Google\Chrome\Application\chrome.exe"
    chrome.exe 1340 15*952 K 22*844 K Google Chrome Google Inc. "C:\Program\Google\Chrome\Application\chrome.exe" --channel=752.4570500.1906975520 --type=renderer --lang=sv --force-fieldtest=AsyncSlowStart/_AsyncSlowStart_off/CacheSize/CacheSizeGroup_0/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/SocketLateBinding/_enable_late_binding/
    chrome.exe 2284 14*872 K 21*124 K Google Chrome Google Inc. "C:\Program\Google\Chrome\Application\chrome.exe" --channel=752.4570a00.75871784 --type=renderer --lang=sv --force-fieldtest=AsyncSlowStart/_AsyncSlowStart_off/CacheSize/CacheSizeGroup_0/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/SocketLateBinding/_enable_late_binding/
    CALMAIN.exe 2296 1*044 K 2*944 K Canon Camera Access Library 8 Canon Inc. C:\Program\Canon\CAL\CALMAIN.exe
    btwdins.exe 1212 1*892 K 2*516 K Bluetooth Support Server Broadcom Corporation. "C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe "
    AvastUI.exe 668 4*204 K 2*244 K avast! Antivirus ALWIL Software "C:\Program\ALWILS~1\Avast5\avastUI.exe" /nogui
    AvastSvc.exe 1488 9*104 K 24*884 K avast! Service ALWIL Software "C:\Program\Alwil Software\Avast5\AvastSvc.exe "
    AppleMobileDeviceService.exe 780 1*752 K 2*428 K Apple Mobile Device Service Apple Inc. "C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
    apdproxy.exe 1580 1*580 K 5*784 K Adobe Photoshop Album Starter Edition 3.0 component Adobe Systems Incorporated "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    alg.exe 3128 1*208 K 3*632 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
    AdobeARM.exe 1984 5*384 K 12*648 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
     
    light,
    #34
  16. 2010/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Post fresh PE log.
     
    broni,
    #35
  17. 2010/06/01
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    its a laptop
    what is the keybord, touchpad name?
    i dont find it in list
     
    light,
    #36
  18. 2010/06/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I looked at your startups and you can safely disable all non-MS entries.
     
    broni,
    #37
  19. 2010/06/03
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    and how do i now wich is ms and non - ms...
     
    light,
    #38
  20. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
    broni,
    #39
  21. 2010/06/04
    light

    light Inactive Thread Starter

    Joined:
    2010/04/09
    Messages:
    106
    Likes Received:
    0
    even anti virus ?
     
    light,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...