1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Possible computer slowing down from malware or spyware.

Discussion in 'Malware and Virus Removal Archive' started by Chaosmachine420, 2009/10/18.

  1. 2009/10/18
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    [Inactive] Possible computer slowing down from malware or spyware.

    I have another computer that is slowing down maybe from malware or spyware. This computer I have restored it several times and its good at the beginning and slows down. I dont think anyone has been on any infectious websites but could be from before.
     
    Chaosmachine420,
    #1
  2. 2009/10/18
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2009/10/18
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-10-13.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/27/2009 12:53:47 PM
    System Uptime: 10/16/2009 3:24:46 AM (59 hours ago)

    Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
    Processor: AMD Athlon(tm) XP 2600+ | CPU 1 | 2079/166mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 107 GiB total, 52.617 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 0.677 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet J6400 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet J6400 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description: Officejet J6400 series
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet J6400 series
    PNP Device ID: ROOT\PRINTER\0000
    Service:

    ==== System Restore Points ===================

    RP155: 7/21/2009 9:28:05 AM - System Checkpoint
    RP156: 7/22/2009 3:00:16 AM - Software Distribution Service 3.0
    RP157: 7/23/2009 3:21:38 AM - System Checkpoint
    RP158: 7/24/2009 12:42:05 PM - System Checkpoint
    RP159: 7/25/2009 1:45:41 PM - System Checkpoint
    RP160: 7/26/2009 2:23:30 PM - System Checkpoint
    RP161: 7/27/2009 2:59:37 PM - System Checkpoint
    RP162: 7/28/2009 3:34:22 PM - System Checkpoint
    RP163: 7/29/2009 3:00:14 AM - Software Distribution Service 3.0
    RP164: 7/30/2009 3:49:37 AM - System Checkpoint
    RP165: 7/31/2009 4:48:26 AM - System Checkpoint
    RP166: 8/1/2009 3:00:15 AM - Software Distribution Service 3.0
    RP167: 8/2/2009 3:44:40 AM - System Checkpoint
    RP168: 8/3/2009 3:54:14 AM - System Checkpoint
    RP169: 8/4/2009 4:36:29 AM - System Checkpoint
    RP170: 8/5/2009 4:37:16 AM - System Checkpoint
    RP171: 8/6/2009 5:10:17 AM - System Checkpoint
    RP172: 8/7/2009 5:55:20 AM - System Checkpoint
    RP173: 8/8/2009 6:53:06 AM - System Checkpoint
    RP174: 8/9/2009 7:51:06 AM - System Checkpoint
    RP175: 8/15/2009 7:17:40 PM - System Checkpoint
    RP176: 8/16/2009 3:00:16 AM - Software Distribution Service 3.0
    RP177: 8/17/2009 3:21:30 AM - System Checkpoint
    RP178: 8/18/2009 4:14:39 AM - System Checkpoint
    RP179: 8/19/2009 5:07:35 AM - System Checkpoint
    RP180: 8/20/2009 6:01:56 AM - System Checkpoint
    RP181: 8/20/2009 9:06:06 AM - Software Distribution Service 3.0
    RP182: 8/20/2009 9:57:23 AM - Avg8 Update
    RP183: 8/20/2009 9:58:38 AM - Avg8 Update
    RP184: 8/21/2009 3:00:17 AM - Software Distribution Service 3.0
    RP185: 8/22/2009 3:10:09 AM - System Checkpoint
    RP186: 8/23/2009 3:20:47 AM - System Checkpoint
    RP187: 8/24/2009 3:59:42 AM - System Checkpoint
    RP188: 8/25/2009 4:55:34 AM - System Checkpoint
    RP189: 8/26/2009 3:00:15 AM - Software Distribution Service 3.0
    RP190: 8/27/2009 6:57:31 PM - System Checkpoint
    RP191: 8/28/2009 7:12:51 PM - System Checkpoint
    RP192: 8/29/2009 11:12:46 PM - System Checkpoint
    RP193: 8/31/2009 12:06:15 AM - System Checkpoint
    RP194: 9/1/2009 12:53:42 AM - System Checkpoint
    RP195: 9/2/2009 1:50:27 AM - System Checkpoint
    RP196: 9/3/2009 2:48:14 AM - System Checkpoint
    RP197: 9/4/2009 3:44:59 AM - System Checkpoint
    RP198: 9/5/2009 4:42:49 AM - System Checkpoint
    RP199: 9/6/2009 6:19:13 AM - System Checkpoint
    RP200: 9/7/2009 6:40:41 AM - System Checkpoint
    RP201: 9/8/2009 7:37:18 AM - System Checkpoint
    RP202: 9/9/2009 3:34:13 PM - System Checkpoint
    RP203: 9/10/2009 3:00:14 AM - Software Distribution Service 3.0
    RP204: 9/11/2009 7:30:01 AM - System Checkpoint
    RP205: 9/12/2009 8:01:28 AM - System Checkpoint
    RP206: 9/13/2009 9:13:24 AM - System Checkpoint
    RP207: 9/14/2009 10:09:50 AM - System Checkpoint
    RP208: 9/15/2009 11:06:35 AM - System Checkpoint
    RP209: 9/16/2009 12:03:32 PM - System Checkpoint
    RP210: 9/17/2009 12:59:12 PM - System Checkpoint
    RP211: 9/18/2009 5:51:53 PM - System Checkpoint
    RP212: 9/19/2009 8:39:13 PM - System Checkpoint
    RP213: 9/20/2009 9:22:19 PM - System Checkpoint
    RP214: 9/21/2009 9:40:34 PM - System Checkpoint
    RP215: 9/22/2009 10:14:49 PM - System Checkpoint
    RP216: 9/24/2009 2:40:43 AM - System Checkpoint
    RP217: 9/25/2009 3:38:04 AM - System Checkpoint
    RP218: 9/26/2009 4:34:54 AM - System Checkpoint
    RP219: 9/27/2009 5:09:16 AM - System Checkpoint
    RP220: 9/28/2009 5:32:48 AM - System Checkpoint
    RP221: 9/29/2009 6:29:39 AM - System Checkpoint
    RP222: 9/30/2009 7:26:23 AM - System Checkpoint
    RP223: 10/1/2009 7:29:28 AM - System Checkpoint
    RP224: 10/2/2009 8:18:56 AM - System Checkpoint
    RP225: 10/2/2009 8:35:15 AM - Avg8 Update
    RP226: 10/2/2009 8:36:26 AM - Avg8 Update
    RP227: 10/3/2009 9:15:29 AM - System Checkpoint
    RP228: 10/4/2009 12:02:32 PM - System Checkpoint
    RP229: 10/5/2009 12:15:27 PM - System Checkpoint
    RP230: 10/6/2009 1:12:13 PM - System Checkpoint
    RP231: 10/7/2009 9:23:09 AM - Avg8 Update
    RP232: 10/8/2009 9:37:58 AM - System Checkpoint
    RP233: 10/9/2009 10:05:06 AM - System Checkpoint
    RP234: 10/10/2009 11:46:45 AM - System Checkpoint
    RP235: 10/11/2009 11:49:36 AM - System Checkpoint
    RP236: 10/12/2009 12:40:29 PM - System Checkpoint
    RP237: 10/13/2009 1:33:09 PM - System Checkpoint
    RP238: 10/14/2009 2:25:22 PM - System Checkpoint
    RP239: 10/15/2009 4:37:58 PM - System Checkpoint
    RP240: 10/16/2009 3:00:27 AM - Software Distribution Service 3.0
    RP241: 10/17/2009 3:32:26 AM - System Checkpoint
    RP242: 10/17/2009 8:10:07 AM - Avg8 Update
    RP243: 10/18/2009 8:40:01 AM - System Checkpoint

    ==== Installed Programs ======================


    32 Bit HP CIO Components Installer
    6400_Help
    Adobe Acrobat 5.0
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11.5
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Picture Software
    Ask Toolbar
    AVG 8.5
    Blackhawk Striker from Hewlett-Packard Desktops (remove only)
    Blasterball 2 from Hewlett-Packard Desktops (remove only)
    BlasterBall Wild from Hewlett-Packard Desktops (remove only)
    Bonjour
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Choice Guard
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Daniusoft Media Converter Pro(Build 2.2.3.0)
    Dark Orbit from Hewlett-Packard Desktops (remove only)
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)
    DivX Web Player
    DocProc
    DocProcQFolder
    Driver Checker v2.7.3
    E.M. Youtube Video Download Tool 3.02
    easy Internet sign-up
    eSupportQFolder
    Excavation from Hewlett-Packard Desktops (remove only)
    Fax
    Gamevance
    GemMaster 3 from Hewlett-Packard Desktops (remove only)
    Google Toolbar for Internet Explorer
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP Customer Participation Program 10.0
    HP Deskjet printer preloaded drivers
    HP Digital Imaging Album Printing 1.0
    HP Driver Diagnostics
    HP Imaging Device Functions 10.0
    HP Instant Support
    HP Memories Disc
    HP Officejet J6400 Series
    HP Photo and Imaging 1.2 - Photosmart Cameras
    HP Photosmart Essential 2.5
    HP Photosmart printers preloaded drivers
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    Hybrid Downloader 1,0,2,6
    IMVU Avatar Chat Software
    InstallMgr
    Intel(R) Extreme Graphics Driver
    IntelliMover Data Transfer Demo
    InterVideo WinDVD Player
    iTunes
    J6400
    Java(TM) 6 Update 13
    KBD
    Lernout & Hauspie TruVoice American English TTS Engine
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    MarketResearch
    Men In Black II CROSSFIRE from Hewlett-Packard Desktops (remove only)
    Microsoft .NET Framework (English)
    Microsoft .NET Framework (English) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB928367)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    MSN Toolbar
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MUSICMATCH® Jukebox
    NetDeviceManager
    Norton AntiVirus 2003
    NVIDIA Windows 2000/XP Display Drivers
    OCR Software by I.R.I.S. 10.0
    OmniPass
    overland
    PC-Doctor for Windows
    ProductContext
    PS2
    PSSWCORE
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    Quicken 2003 New User Edition
    QuickTime
    RealOne Player
    RecordNow
    RingMaster from Hewlett-Packard Desktops (remove only)
    S3Display
    S3Gamma2
    S3Info2
    S3Overlay
    Scan
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Segoe UI
    Shop for HP Supplies
    ShowBiz DVD
    Simple Backup for My Pictures
    Simple Installer - Multilanguage Version
    Snowboard Extreme from Hewlett-Packard Desktops (remove only)
    SolutionCenter
    Sonic Update Manager
    Space Rocks from Hewlett-Packard Desktops (remove only)
    SpamSubtract
    Status
    Toolbox
    toolkit
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Updates from HP
    VC80CRTRedist - 8.0.50727.762
    VideoToolkit01
    Virtual Warfare from Hewlett-Packard Desktops (remove only)
    Vuze
    WeatherBug
    WebFldrs XP
    Weblink
    WebReg
    WildTangent GameChannel (remove only)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    WordPerfect Productivity Pack
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)

    ==== Event Viewer Messages From Past Week ========

    10/16/2009 8:41:25 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/16/2009 8:41:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
    10/16/2009 5:34:08 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2009 4:16:50 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    10/16/2009 3:32:37 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    10/16/2009 3:31:10 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    10/16/2009 3:06:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    10/16/2009 3:06:17 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/15/2009 7:13:19 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/15/2009 4:03:04 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/15/2009 3:33:56 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/13/2009 7:58:52 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    10/13/2009 7:28:50 PM, error: PlugPlayManager [12] - The device 'CyberDrv CW088D CD-R/RW' (IDE\CdRomCyberDrv_CW088D_CD-R/RW_________________15HF____\5&289d00c9&0&0.1.0) disappeared from the system without first being prepared for removal.
    10/13/2009 7:28:46 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    ==== End Of File ===========================
     
    Chaosmachine420,
    #3
  5. 2009/10/18
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    DDS (Ver_09-10-13.01) - NTFSx86
    Run by Owner at 14:44:55.60 on Sun 10/18/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.646 [GMT -6:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Driver Checker\DriverChecker.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uDefault_Search_URL = hxxp://srch-us8.hpwis.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    uSearchAssistant =
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearchAssistant =
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - HP Print Enhancer
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
    BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    BHO: FBmini Toolbar powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: FBmini Toolbar powered by Ask.com: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [DriversChecker] c:\program files\driver checker\DriverChecker.exe
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [WT GameChannel] c:\program files\wildtangent\apps\GameChannel.exe
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe "
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe "
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
    mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
    mRun: [LTMSG] LTMSG.exe 7
    mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238180702742
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-27 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-27 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-27 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-27 297752]
    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-6-25 16896]
    S2 mrtRate;mrtRate; [x]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-4-4 34064]

    =============== Created Last 30 ================

    2009-10-11 09:51 <DIR> --d----- c:\docume~1\owner\applic~1\AskToolbar
    2009-10-11 09:51 <DIR> --d----- c:\program files\Ask.com

    ==================== Find3M ====================

    2009-09-11 08:18 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-09-04 15:03 58,880 a------- c:\windows\system32\msasn1.dll
    2009-08-26 02:00 247,326 a------- c:\windows\system32\strmdll.dll
    2009-08-20 09:58 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-08-20 09:58 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
    2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
    2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
    2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-08-04 09:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
    2009-08-04 08:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
    2009-07-31 06:47 348,160 a------- c:\windows\system32\msvcr71.dll
    2003-04-10 05:19 32 a--sh--- c:\windows\{FC92DEF6-B98A-462F-BDEC-6F8042F11C76}.dat
    2003-04-10 05:19 32 a--sh--- c:\windows\system32\{9E165BF4-5E4A-49D1-BA74-00B57060829D}.dat
    2009-04-03 23:28 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2009-04-03 23:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032320090330\index.dat
    2009-04-03 23:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040320090404\index.dat

    ============= FINISH: 14:46:28.17 ===============
     
    Chaosmachine420,
    #4
  6. 2009/10/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How much RAM do we have here?

    =================================================================

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #5
  7. 2009/10/19
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    So far everytime i keep downloading malware bytes it keeps saying its a trojan
     
    Chaosmachine420,
    #6
  8. 2009/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What does say so?
     
    broni,
    #7
  9. 2009/10/19
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    Avg but after it keeps poping up a weird message then it says its a trojan
     
    Chaosmachine420,
    #8
  10. 2009/10/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Turn AVG off momentarily. I really dislike this program.
     
    broni,
    #9
  11. 2009/11/05
    Chaosmachine420

    Chaosmachine420 Well-Known Member Thread Starter

    Joined:
    2009/10/02
    Messages:
    177
    Likes Received:
    0
    Ok i dont have to worry about this anymore they bought a new computer and the malware did find 4 things but so i want to make sure wut should i transfer over to make sure this new computer doesnt get infected with wut the old one is infected with.
     
    Chaosmachine420,
    #10
  12. 2009/11/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Whatever data you want to transfer, make sure, you scan every little file with your AV.
     
    broni,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...