1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer extremely slow; constant error messages

Discussion in 'Malware and Virus Removal Archive' started by larryblau, 2009/12/14.

Page 2 of 2
  1. 2009/12/28
    larryblau

    larryblau Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    15
    Likes Received:
    0
    2 HJT logs you requested

    ============================================

    Hope you had a good holiday.

    I noticed a couple of things:

    1. I didn't worry to shut down all anti-viral and anti-spyware, except as instructed by HJT. That is, it found AVG and asked I disable it. I did so.
    (PLUS, of course, disabled Tea Timer.)

    2. Your instructions (Step 3) said "Put checkmarks next to the following HijackThis entries:

    "nothing malicious to remove "

    [then went on to say:]

    "you should also put checkmarks at the following entries... "


    I noted there was nothing anywhere on that page that said specificlly "nothing malicious to remove." But, I was of course able to find the 2nd quote above, i.e., I was able to checkmark "the following entries. [located all]." The exception I did not check was Malwarebytes. You said NOT to checkmark that if I have the paid version. I DO NOT know if I have the pd. version - I think I might have.

    3. I think I might have made an error in Step 6. You said
    Type: sc stop "Symantec RemoteAssist "

    It came back "[SC] ControlService FAILED 1062:
    The Service has not been started. "

    (However, in the next command:
    sc delete "Symantec RemoteAssist "

    it came back:
    [SC] DeleteService SUCCESS

    --------------------------------------


    Here, then are the 2 logs, the "before" HJT and the "after ":

    HijackThis.txt log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:08:13 AM, on 12/28/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", " "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe "
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SMSTray] "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF28811.cfxxe" /c "C:\ComboFix\C.bat "
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180493843828
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://india2.webex.com/client/T25L/support/ieatgpc.cab
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca012f494549ae) (gupdate1ca012f494549ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9250 bytes


    And the "after" HJT log:

    hijackthis - after clean.txt:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:35:04 AM, on 12/28/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", " "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe "
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF28811.cfxxe" /c "C:\ComboFix\C.bat "
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180493843828
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://india2.webex.com/client/T25L/support/ieatgpc.cab
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca012f494549ae) (gupdate1ca012f494549ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 8606 bytes
     
    larryblau,
    #21
  2. 2009/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Almost there....
    Re-run HJT and checkmark:
    - O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF28811.cfxxe" /c "C:\ComboFix\C.bat "
    Click "Fix checked" button.

    Delete Combofix folder from C drive.

    Restart computer.

    Post fresh HJT log.
     
    broni,
    #22


  3. to hide this advert.

  4. 2009/12/29
    larryblau

    larryblau Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    15
    Likes Received:
    0
    Here we go

    =============================================

    One quick note:

    Before I did any of the above today, I checked, and there is NO Combofix folder (at the root, "c:\Combofix ", or elsewhere). I find this a puzzlement. Do you? Anyway, I did everything else you asked, just naturally could not delete Combofix folder because I couldn't find it anywhere in C: drive

    Thanks.

    Now posting the logs for HJT before and after this final fix.


    hijackthis BEFORE:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:32:17 AM, on 12/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", " "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe "
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF28811.cfxxe" /c "C:\ComboFix\C.bat "
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180493843828
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://india2.webex.com/client/T25L/support/ieatgpc.cab
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca012f494549ae) (gupdate1ca012f494549ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 8596 bytes


    And, hijackthis - after clean:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:02:27 AM, on 12/29/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070423
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://www.yahoo.com "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", " "); (C:\Documents and Settings\LARRY\Application Data\Mozilla\Profiles\default\wdzbciy4.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe "
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SMSTray] "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180493843828
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://india2.webex.com/client/T25L/support/ieatgpc.cab
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1ca012f494549ae) (gupdate1ca012f494549ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 8569 bytes
     
    larryblau,
    #23
  5. 2009/12/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's fine. It looks, like it was just registry entry.


    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Please, let me know, how is your computer doing.
     
    broni,
    #24
  6. 2009/12/30
    larryblau

    larryblau Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    15
    Likes Received:
    0
    I'll do all that...

    ================================================

    Thanks so much.

    Before I do all that, I thought to ask:

    1. Do you have any idea what was the matter with my computer - Spyware problem, or A Virus, or A Worm...? Your diagnosis?

    2. Your instructions say, "If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!" Now, how can I find out if a "Trojan" was listed among my infections?

    Thank you so much!

    Larry
     
    larryblau,
    #25
  7. 2009/12/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Malwarebytes removed one rootkit, so regarding passwords, I'd change them, just to be on a safe side.
    Other than that, nothing serious was found.
    The main issue were Kaspersky's leftovers, which caused some unnecessary services running constantly in the background, slowing your computer down.

    I'll mark this case as resolved then...

    Happy New Year :)
     
    broni,
    #26
  8. 2010/01/06
    larryblau

    larryblau Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    15
    Likes Received:
    0
    OK. Done! Some thoughts:

    ===============================================

    Happy New Year to you!

    I think I'm good! I have a couple of quick questions:

    1. You mentioned I should get my Windows Updates. I remember my IT guy originally set "Automatic Updates" to off. And when I tried to go get updates manually just now, I was told I would have to go get ActiveX. I don't remember why, but originally my IT guy did not wish me to get ActiveX on my computer. Can you help me solve the riddle? Basically, two fold question: A) I'm reticent to get ActiveX, do you agree there might be a downside to ActiveX? B) I remember he also felt strongly about keeping Automatic Updates Off, for some important reason. Can you share perhaps what downside there might be for Automatic Updates on? Also, currently, I have NOT gotten any Windows Updates, for the above reasons.

    2. The standard form letter email I get in my email inbox each time you post a reply contains the following message, which is now relevant:
    "If you receive an answer/solution to your question/problem, don’t forget to mark your "˜thread’ as "˜Solved’. "

    Can you tell me how to do this?

    3. In the small probability that I have a question or comment (including if my computer acts up anytime soon), may I send out an S.O.S. to you?

    God Bless you. I can't thank you enough for you many kindnesses. What you've done to help me will not be forgotten.

    Larry Blau
     
    larryblau,
    #27
  9. 2010/01/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. You can set Windows updates to "Notify me..." instead of "Automatic ", so you'll know, updates are there, but you can decide, what and when to install.
    Yes, you have to be careful with ActiveX. Allow installation only from 100% trusted sites. You don't have to worry about any danger coming from MS site :)
    2. In malware section, only malware people, like myself can do this. In all other forums, you have that option.
    3. Sure thing :)
     
    broni,
    #28
  10. 2010/01/22
    larryblau

    larryblau Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    15
    Likes Received:
    0
    Hi, It's me, Larry Blau again asking for help

    =================================================

    Hi.

    Hope your New Year is going great. Hard to believe it's already moving along.

    I have a couple of concerns:

    1. The computer is back to moving at a snail's pace once again. I did absolutely nothing that would have caused it to act this way, unlike before you helped me. I'm at a complete loss. Can you help?

    2. One more question: In your last correspondence, you indicated that there would be nothing wrong with selectively getting my updates from Windows, instead of automatic. But I'm wondering: Do you see any upside at all for selectively choosing updates (since I really wouldn't know what to choose, anyway)? In other words, advising me personally, there wouldn't be any advantage to my selectively choosing every time, would there? For someone like me, who doesn't know, and doesn't really care, isn't it just as easy to set Get Windows Update to Automatic? (And if that's so, can you easily guide me on how?)

    Thanks. I especially hope you can help me with my resuming hopelessly slow computer again.

    Best as Ever,
    Larry Blau
     
    larryblau,
    #29
  11. 2010/01/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I suggest, you start a new thread and we can run some scans again.

    Automatic updates are perfectly fine.
     
    broni,
    #30
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...