Help wanted, slow probably infected computer

View previous topic View next topic Go down

Help wanted, slow probably infected computer

Post by ronsonol on 28th July 2009, 8:05 am

Hi guys, help wanted.
My gf's laptop is setting a new world record in slowness, and Im afraid its infected and bugged out of this world.
There are 80 processes running at all times, several I havent heard of, fex. are there two instances of iexploere.exe even though there are only one window open. (if we hve two there are 4 processes)
She is using f-secure as antivirus, which is sucking up huge resources, and I intend to uninstall it and get avast instead. But i wont uninstall it before having herad with you guys, just in case of some bug creating havoc if i do.
I've also downloaded ad-aware, glarysoft utilities, ccleaner and spybot, but havent run them yet as i want to hear with you guys.
Running trend micro housecall now as I write this.

Below is a hjt log, would be great if you could check it. Thanks in advance.

ronsonol
Novice
Novice

Posts Posts : 32
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Win XP SP3
Points Points : 28887
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help wanted, slow probably infected computer

Post by ronsonol on 28th July 2009, 8:09 am

Logfile of HijackThis v1.99.1
Scan saved at 10:06:43, on 28.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programfiler\F-Secure\Common\FSM32.EXE
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programfiler\Logitech\QuickCam\Quickcam.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programfiler\F-Secure\Common\FSMA32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\F-Secure\Common\FSMB32.EXE
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programfiler\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programfiler\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\F-Secure\Common\FAMEH32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe
C:\Programfiler\F-Secure\Anti-Virus\fsrw.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\NETCOM~1\Modem.exe
C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe
C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\F-Secure\Common\FNRB32.EXE
C:\Programfiler\F-Secure\Common\FIH32.EXE
C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Programfiler\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Java\jre6\bin\java.exe
C:\Documents and Settings\Compaq\Skrivebord\HijackThis.exe

ronsonol
Novice
Novice

Posts Posts : 32
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Win XP SP3
Points Points : 28887
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help wanted, slow probably infected computer

Post by ronsonol on 28th July 2009, 8:10 am

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programfiler\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Programfiler\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programfiler\f-secure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D3B3CA-A989-4D7C-82E7-614951D8497B}: NameServer = 212.169.123.67 212.45.188.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D3B3CA-A989-4D7C-82E7-614951D8497B}: NameServer = 212.169.123.67 212.45.188.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programfiler\Java\jre6\bin\jqs.exe" -service -config "C:\Programfiler\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

ronsonol
Novice
Novice

Posts Posts : 32
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Win XP SP3
Points Points : 28887
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help wanted, slow probably infected computer

Post by Origin on 28th July 2009, 5:22 pm

Hello, I see you have an out-dated version of HijackThis, please download this version and post a new log:

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

new hjt log file from new version

Post by ronsonol on 28th July 2009, 5:54 pm

Righto mate, thanks for replying ;)
Here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:05, on 28.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programfiler\F-Secure\Common\FSM32.EXE
C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programfiler\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CSHelper.exe
C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Programfiler\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programfiler\F-Secure\Common\FSMA32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\F-Secure\Common\FSMB32.EXE
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
C:\Programfiler\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Programfiler\F-Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\F-Secure\Common\FAMEH32.EXE
C:\Programfiler\F-Secure\Anti-Virus\fsqh.exe
C:\Programfiler\F-Secure\Anti-Virus\fsrw.exe
C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programfiler\F-Secure\Anti-Virus\fsav32.exe
C:\Programfiler\F-Secure\Common\FNRB32.EXE
C:\Programfiler\F-Secure\Common\FIH32.EXE
C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Programfiler\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\NETCOM~1\Modem.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

ronsonol
Novice
Novice

Posts Posts : 32
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Win XP SP3
Points Points : 28887
# Likes # Likes : 0

View user profile

Back to top Go down

part two (pheew, the macine is so screwed the logfile is as long as a novel..)

Post by ronsonol on 28th July 2009, 5:55 pm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programfiler\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programfiler\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA2005] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9007] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKLM\..\RunOnce: [SpybotDeletingA659] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5967] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1047] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1709] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8384] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingC732] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1656] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8134] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4067] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4355] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1577] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4714] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5341] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9966] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8388] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\V2RSSMNU.DLL"
O4 - HKLM\..\RunOnce: [SpybotDeletingC304] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\V2RSSMNU.DLL"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3513] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8630] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2HIGHIN.EXE"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1032] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3386] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1498] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingD600] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.JAR"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6426] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8529] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6580] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6928] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7358] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8262] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\A2PLUGIN.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4572] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6319] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7543] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5368] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\NPASKSBR.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingB267] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\V2RSSMNU.DLL"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4412] cmd.exe /c del "C:\Programfiler\AskSBar\bar\1.bin\V2RSSMNU.DLL"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programfiler\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O8 - Extra context menu item: &Block this popup - C:\Programfiler\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programfiler\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart valgmetode - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programfiler\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D3B3CA-A989-4D7C-82E7-614951D8497B}: NameServer = 212.169.123.67 212.45.188.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D3B3CA-A989-4D7C-82E7-614951D8497B}: NameServer = 212.169.123.67 212.45.188.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programfiler\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programfiler\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programfiler\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programfiler\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 17302 bytes

ronsonol
Novice
Novice

Posts Posts : 32
Joined Joined : 2009-01-13
Gender Gender : Male
OS OS : Win XP SP3
Points Points : 28887
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help wanted, slow probably infected computer

Post by Belahzur on 29th July 2009, 6:05 pm

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\RunOnce: [SpybotDeletingA2005] command.com /c del "C:\Programfiler\AskSBar\bar\1.bin\A2HIGHIN.EXE" << fix ALL these "Spybot Deleting"


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum