There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dell desktop drivers email error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot redirect router screen slow sound speakers spyware startup trojan usb video virus vista vundo webcam windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: computer running slowly and freezing after running firefox and steam games

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 2 of 3 1 2 3
 
Thread Tools
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
27-Jun-2009, 11:01 AM #16
Taintain101 I just look at your Computer Specs and you have 1.00 GB of RAM. That's plendy with XP. When you play WOW does your computer Lag?
Register for free to hide this ad!
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
27-Jun-2009, 11:11 AM #17
my over all speed is noticeably better, but after closing firefox, my computer will still lag.
1.00 GB
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
27-Jun-2009, 12:21 PM #18
We'll look at a GooredFix report. It might find somthing with firefox. This tool is more for redirection of firefox. But lets see?

GooredFix
Download GooredFix (by jpshortstuff) from Here & save it to your Desktop.
  • Double-click Goored.exe to run it
  • Select 1. Find Goored (no fix) by typing 1 & pressing Enter
  • A log will open, post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt)
Note: DO NOT run Option #2 unless instructed to by your forum helper.
__________________
Member of the Alliance of Security Analysis Professionals

Malware And Security Tips
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
27-Jun-2009, 12:55 PM #19
GooredFix v1.92 by jpshortstuff
Log created at 11:53 on 27/06/2009 running Option #1 (Premo House)
Firefox version 3.0.11 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
27-Jun-2009, 01:35 PM #20
Nothing shows with GooredFix. You can remove it from your desktop. Lets do this. We'll run Kaspersky WebScanner. It take a long time to run, but does a very good job at finding infections if, you have any. Lets see.....


Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.


CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
  • In the Windows Tab:
  • Clean all entries in the Internet Explorer section except Cookies
  • Clean all the entries in the Windows Explorer section
  • Clean all entries in the System section
  • Clean all entries in the Advanced section
  • Clean any others that you choose
  • In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it
  • Clean all in the Opera section if you use it
  • Clean Sun Java in the Internet Section
  • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO

Next

Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
__________________
Member of the Alliance of Security Analysis Professionals

Malware And Security Tips
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
28-Jun-2009, 10:11 AM #21
during the kaspersky webscan, my computer restarted saying it recovered from a serious error. i am restarting the scan now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:14 AM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tain.freehostia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9f7c7125b8e74) (gupdate1c9f7c7125b8e74) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7646 bytes
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
28-Jun-2009, 01:22 PM #22
Sounds good....
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
29-Jun-2009, 11:45 PM #23
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 29, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 29, 2009 10:29:38
Records in database: 2400486
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 1588336
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 18:51:19

No malware has been detected. The scan area is clean.

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:04 PM, on 6/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tain.freehostia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9f7c7125b8e74) (gupdate1c9f7c7125b8e74) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7651 bytes
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
30-Jun-2009, 09:05 AM #24
Hi Taintain101

All your logs look good!

Quote:
but after closing firefox, my computer will still lag
Is this still going on? If so, I would remove Firefox and installed it again. It's not malware.
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
30-Jun-2009, 12:33 PM #25
reinstalling made it run faster because of fewer addons, but the same thing happens when i close out of firefox, the cpu for the process, firefox.exe, shoots up to 99 and my computer will lag and sometimes freeze
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
30-Jun-2009, 07:35 PM #26
Have HijackThis fix these:

O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)

Lets run one more scan. To rule out malware.


1) Download and run the a-squared Free setup from http://www.download.com/A-squared-Fr...-10262215.html
2) Follow the installation steps, the default settings are fine here
3) a-squared Free will now start automatically. At the update dialog click "Yes"
4) Click "Yes"to restart a-squared Free followed by "Scan PC" on the left side of the program window
5) Choose "Smart Scan" and start it with the "Scan" button
6) When the scan is done save the report with the "Save Report" button in the bottom right corner
7) Open the saved report and post it here in the forum. Please quarantine verified malware by using the quarantine function afterwards.
__________________
Member of the Alliance of Security Analysis Professionals

Malware And Security Tips
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
01-Jul-2009, 11:10 AM #27
a-squared Free - Version 4.5
Last update: 7/1/2009 3:13:50 AM

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 7/1/2009 3:15:45 AM

Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Smart Keystroke Recorder --> Order detected: Trace.Registry.Smart Keystroke Recorder 2.0!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\Elcom\Advanced ZIP Password Recovery --> Installer Language detected: Trace.Registry.Advanced ZIP Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced ZIP Password Recovery --> InstallDir detected: Trace.Registry.Advanced ZIP Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced ZIP Password Recovery --> Stat param #1 detected: Trace.Registry.Advanced ZIP Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced ZIP Password Recovery --> Stat param #2 detected: Trace.Registry.Advanced ZIP Password Recovery!A2
Key: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\software\kazaa detected: Trace.Registry.KaZaA!A2
Value: HKEY_CLASSES_ROOT\.xnpd --> Content Type detected: Trace.Registry.NetPumper!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\NetPumper --> Order detected: Trace.Registry.NetPumper!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xnpd --> Content Type detected: Trace.Registry.NetPumper!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2F9718C7-3DBD-4ef2-BBC1-E4F91F38E51A} --> Changed detected: Trace.Registry.Smart Keystoke Recorder!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2F9718C7-3DBD-4ef2-BBC1-E4F91F38E51A} --> SlowInfoCache detected: Trace.Registry.Smart Keystoke Recorder!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU --> Order detected: Trace.Registry.WhenU.SaveNow!A2
Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel detected: Trace.Registry.SpyPc 8.0!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> AutoPortSelect detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> BlankScreen detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> DontSetHooks detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> DontUseDriver detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> EnableFileTransfers detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> IdleTimeout detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> InputsEnabled detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> LocalInputsDisabled detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> LocalInputsPriority detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> LocalInputsPriorityTime detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> LockSetting detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> OnlyPollConsole detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> OnlyPollOnEvent detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> Password detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> PasswordViewOnly detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> PollForeground detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> PollFullScreen detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> PollingCycle detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> PollUnderCursor detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> QueryAccept detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> QueryAllowNoPass detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> QuerySetting detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> QueryTimeout detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> RemoveWallpaper detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> SocketConnect detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> AllowLoopback detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> AuthRequired detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> ConnectPriority detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> DebugLevel detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> DebugMode detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> EnableHTTPDaemon detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> EnableURLParams detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 --> LoopbackOnly detected: Trace.Registry.Remote Administration Tool 1.1!A2
Value: HKEY_USERS\S-1-5-21-2052111302-1085031214-725345543-1004\Software\ORL\WinVNC3 --> DriverDirectAccess detected: Trace.Registry.TightVNC 1.3!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:51 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:52 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:53 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:54 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:55 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:56 detected: Trace.TrackingCookie.myspace.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:66 detected: Trace.TrackingCookie.ads.revsci.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:72 detected: Trace.TrackingCookie.aol.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:81 detected: Trace.TrackingCookie.cdn.atwola.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:83 detected: Trace.TrackingCookie.anad.tacoda.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:164 detected: Trace.TrackingCookie.ads.adsonar.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:267 detected: Trace.TrackingCookie.publishers.clickbooth.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:296 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:297 detected: Trace.TrackingCookie.tag.contextweb.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:319 detected: Trace.TrackingCookie.ad1.clickhype.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:336 detected: Trace.TrackingCookie.count!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:337 detected: Trace.TrackingCookie.cnt.tyxo.bg!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:359 detected: Trace.TrackingCookie.ads.bridgetrack.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:360 detected: Trace.TrackingCookie.ads.bridgetrack.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:366 detected: Trace.TrackingCookie.www.burstnet.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:367 detected: Trace.TrackingCookie.ads.realtechnetwork.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:369 detected: Trace.TrackingCookie.ads.realtechnetwork.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:370 detected: Trace.TrackingCookie.ads.realtechnetwork.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:401 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:402 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:403 detected: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:408 detected: Trace.TrackingCookie.www.3dstats.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:409 detected: Trace.TrackingCookie.pub.softonic.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:410 detected: Trace.TrackingCookie.pub.softonic.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:411 detected: Trace.TrackingCookie.pub.softonic.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:412 detected: Trace.TrackingCookie.pub.softonic.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:419 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:420 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:421 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:422 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:423 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:424 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:425 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:426 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:427 detected: Trace.TrackingCookie.clicktorrent.info!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:452 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:453 detected: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:454 detected: Trace.TrackingCookie.m.rmbclick.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:569 detected: Trace.TrackingCookie.e.nvero.net!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:589 detected: Trace.TrackingCookie.lycos.com!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:597 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\mbcv803t.default\cookies.txt:598 detected: Trace.TrackingCookie.roia.biz!A2
C:\Documents and Settings\Premo House\Application Data\Mozilla\Firefox\Profiles\n56rw3il.default\cookies.sqlite:1246381338687 503 detected: Trace.TrackingCookie.cms!A2
C:\WINDOWS\system32\drivers\scdemu.sys detected: Trojan.Win32.Monder!IK
C:\Program Files\Cheat Engine\Systemcallretriever.exe detected: Virus.Win32.Sality!IK

Scanned

Files: 352073
Traces: 632556
Cookies: 1107
Processes: 33

Found

Files: 2
Traces: 57
Cookies: 49
Processes: 0
Registry keys: 0

Scan end: 7/1/2009 5:00:06 AM
Scan time: 1:44:21




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:51 AM, on 7/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\PROGRAM FILES\A-SQUARED FREE\A2FREE.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tain.freehostia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3114-W-I32-R SATARAID5\SATARaid5ConfigService.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6595 bytes
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
01-Jul-2009, 11:33 AM #28
oh, i should also mention i am having a problem with web-browsing, this has been going on before and after i reinstalled firefox. i will lose internet only for whatever browser i am using, and as soon as i restart it, it will connect again.
Kenny94's Avatar
Distinguished Member with 2,134 posts.
  
Join Date: Dec 2004
Location: S.C
Experience: Malware Fighter
01-Jul-2009, 12:19 PM #29
Your log is fine. Lets remove the left overs of CA Internet Security Suite. Run the uninstaller at:

http://homeofficekb.ca.com/CIDocumen...47E4BEA49F571B


Have you been using Msconfig or TuneUp Utilities to remove your start ups. It makes it hard to read your log this way.


Close all browsers and go to Start - Run - type cmd and click OK.

Type:

ipconfig /release

Press Enter then type:

ipconfig /renew

Press enter then type:

ipconfig /flushdns

Press enter then type:

ipconfig /registerdns

Press Enter.


Next

Disk Cleanup:

http://www.theeldergeek.com/disk_cleanup_utility.htm

Defrag your HD:

http://artsweb.bham.ac.uk/artsit/Info/Guid...rag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.


And post a new HijackThis Log. And let me know how thing are now?
__________________
Member of the Alliance of Security Analysis Professionals

Malware And Security Tips
Taintain101's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Jun 2009
Experience: Beginner
02-Jul-2009, 07:50 PM #30
when i restarted my computer, not the same time as chkdsk, after logging on, i received a message saying that i could not log onto my account, due to a corrupt file, and then i was put onto a temporary account, which is how i am messaging you.

i am going to restart my computer again, and hope for better results.

EDIT: i restarted my computer, and i can successfully log onto my usual acount
Last edited by Taintain101 : 02-Jul-2009 08:17 PM.
Closed Thread Bookmark and Share
Page 2 of 3 1 2 3

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 02:05 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.