slow pc

philspain · 10-Nov-2009, 01:21 AM #1

Hello,
My name is Phil and i'm new here.

My laptop is running slow since a few days

Here is a HJ-log

Thanx
Phil

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:21 AM, on 11/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 6172 bytes

philspain · 17-Nov-2009, 07:33 AM #2

Hello,

It's a pitty that after 10 days there is still no reaction on my post.

Regards,

Phil

muppy03 · 17-Nov-2009, 08:11 AM #3

Hi Phil,

Quote:

It's a pitty that after 10 days there is still no reaction on my post.

Unfortunately, there is a small few who can reply to you in this particular forum and with a great many requests for help it is a sad fact that the waiting time can sometimes be quite long.

1. Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

2. TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

3. Please download Malwarebytes' Anti-Malware and save to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when Malwarebytes' Anti-Malware is started.

4. NEXT Download and Run: RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-

Uninstall list
MBAM log
RSIT logs ( info.txt and log.txt)

philspain · 24-Nov-2009, 11:32 AM #4

Hello,

In attachments the log-files.

Kind regards,
Phil

muppy03 · 24-Nov-2009, 07:45 PM #5

Hi, please copy and past all logs thanks.

1. Can you post the uninstall list asked for.
2. Did you fix the item MBAM found it shows as No action taken. If not please run again and fix.
3. I see you have run Combofix? Please post the log it produced it can be found C:/Combofix.txt
4. Please update me on problems you are still having.
5. Also it has been 8 days since I replied to your topic, please try to answers within 3 as mentioned in my signature.

philspain · 24-Nov-2009, 08:17 PM #6

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2
Atheros WLAN Client
AVG Free 9.0
BitTorrent
CCleaner (remove only)
Easy Display Manager
Easy Network Manager
Escritorio movistar
FLV Player 2.0 (build 25)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0
Java(TM) 6 Update 16
KaraFun 1.18
LimeWire 5.3.6
Magic Keyboard
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Choice Guard
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Namuga 1.3M Webcam
Play Camera
Realtek High Definition Audio Driver
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Segoe UI
Skype web features
Skype™ 4.1
Spotify
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
User Guide
vanBasco's Karaoke Player
WIDCOMM Bluetooth Software
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger

MBAM deleted a trojan.BHO

ComboFix 09-11-19.05 - Grumpy007 11/20/2009 5:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.659 [GMT 1:00]
Running from: c:\documents and settings\Grumpy007\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Muziekteksten\Against The Wind Bob Seger And The .doc
c:\documents and settings\Muziekteksten\Baby one more time britney spears .docx
c:\documents and settings\Muziekteksten\That's what friends are for Stevie Wonder .docx
c:\documents and settings\Muziekteksten\uit mn bol andre hazes .docx
c:\recycler\S-1-5-21-3470794798-1988047598-1454287376-500
c:\recycler\S-1-5-21-789336058-1532298954-527237240-1003
c:\windows\msetup
c:\windows\msetup\MSetup.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-19 17:49 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-11-19 17:49 . 2008-03-17 09:56 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-11-19 17:49 . 2008-03-17 09:03 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-11-19 17:49 . 2008-01-22 13:09 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-11-19 17:49 . 2007-08-09 02:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-11-19 17:48 . 2009-11-19 17:48 -------- d-----w- c:\program files\Movistar
2009-11-19 16:03 . 2009-11-19 16:03 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Magentic
2009-11-19 15:31 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 15:31 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 10:04 . 2009-11-19 10:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-19 09:58 . 2009-11-19 09:59 -------- d--h--w- c:\documents and settings\Grumpy007\Recent(2)
2009-11-19 09:54 . 2009-11-19 09:54 -------- d-----w- c:\windows\Sun
2009-11-19 09:54 . 2009-11-19 09:54 -------- d-----w- c:\program files\Microsoft
2009-11-19 09:54 . 2009-11-19 09:54 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-19 09:54 . 2009-11-19 09:54 -------- d-----w- c:\program files\Common Files\Skype
2009-11-16 20:52 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-16 19:41 . 2009-11-19 19:14 0 ----a-w- c:\documents and settings\Grumpy007\Local Settings\Application Data\prvlcl.dat
2009-11-16 19:01 . 2009-11-16 19:01 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\com.mlb.onbase.9875703EBEDC426F7A563069BF0300F254DE4324.1
2009-11-16 19:00 . 2009-11-19 09:49 -------- d-----w- c:\program files\MLB.com OnBase
2009-11-16 19:00 . 2009-11-16 19:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-16 18:18 . 2009-11-16 18:20 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\AskToolbar
2009-11-16 17:31 . 2009-11-19 09:49 -------- d-----w- c:\program files\Ask.com
2009-11-15 16:29 . 2009-11-19 09:49 -------- d-----w- c:\program files\AC3Filter
2009-11-15 16:15 . 2009-11-19 09:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-15 16:13 . 2009-11-19 09:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-14 10:02 . 2009-11-14 10:02 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\AVG Security Toolbar
2009-11-14 09:59 . 2009-11-17 07:52 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-11-14 09:56 . 2009-11-19 09:51 -------- d-----w- c:\program files\Xvid
2009-11-14 08:29 . 2009-11-14 08:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-11-14 08:22 . 2009-11-14 08:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-14 08:22 . 2009-11-19 09:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-11-14 08:22 . 2009-04-02 02:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-11-14 08:22 . 2009-11-19 09:52 -------- d-s---w- c:\documents and settings\Administrator
2009-11-13 14:49 . 2009-11-19 09:52 -------- d-----w- c:\program files\Adobe(2)
2009-11-12 17:44 . 2009-11-19 09:53 -------- d-----w- c:\program files\Movistar(3)
2009-11-10 18:16 . 2009-11-19 09:58 -------- d-----w- c:\program files\Movistar(2)
2009-11-10 05:06 . 2009-11-10 05:06 -------- d-----w- c:\program files\Trend Micro
2009-11-10 04:22 . 2009-11-19 10:01 -------- d-----w- c:\program files\UnHackMe
2009-11-09 07:32 . 2009-11-19 10:02 -------- d-----w- c:\program files\hpHosts
2009-11-09 05:49 . 2009-11-09 05:49 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\Malwarebytes
2009-11-09 05:49 . 2009-11-09 05:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-09 05:49 . 2009-11-19 15:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 05:16 . 2009-11-19 09:58 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\SUPERAntiSpyware.com
2009-11-08 07:37 . 2009-11-08 07:37 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Yahoo
2009-11-06 15:07 . 2009-11-19 10:03 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\LimeWire
2009-11-06 15:07 . 2009-11-19 10:03 -------- d-----w- c:\program files\LimeWire
2009-11-02 08:16 . 2009-11-02 08:16 -------- d-----w- c:\program files\CodeStuff
2009-11-01 18:24 . 2009-11-19 10:03 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\BitTorrent
2009-10-29 05:24 . 2009-10-29 05:24 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Cooliris
2009-10-29 05:24 . 2009-10-20 12:33 103424 ----a-w- c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\extensions\piclens@cooliris. com\libs\pixomatic.dll
2009-10-29 05:24 . 2009-10-20 12:33 545280 ----a-w- c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\extensions\piclens@cooliris. com\libs\PicLensHelper.exe
2009-10-29 05:24 . 2009-10-20 12:33 4716544 ----a-w- c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\extensions\piclens@cooliris. com\components\cooliris.dll
2009-10-29 05:24 . 2009-10-20 12:33 344064 ----a-w- c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\extensions\piclens@cooliris. com\libs\LaunchCooliris.exe
2009-10-29 05:24 . 2009-10-20 12:33 153600 ----a-w- c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
2009-10-26 21:26 . 2009-11-19 09:54 -------- d-----w- c:\program files\FLV Player
2009-10-26 20:36 . 2009-11-19 09:54 -------- d-----w- c:\documents and settings\Grumpy007\dwhelper
2009-10-26 16:45 . 2009-11-19 09:54 -------- d-s---w- c:\documents and settings\Grumpy007\UserData
2009-10-26 11:29 . 2009-10-26 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2009-10-26 11:22 . 2009-10-26 20:50 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\IM
2009-10-26 11:22 . 2009-10-26 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2009-10-26 08:54 . 2001-08-17 12:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2009-10-26 08:54 . 2001-08-17 12:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-10-26 08:54 . 2001-08-17 21:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2009-10-26 08:54 . 2001-08-17 21:36 324608 ----a-w- c:\windows\system32\hpojwia.dll
2009-10-26 08:53 . 2001-08-17 12:47 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2009-10-26 08:53 . 2001-08-17 12:47 8704 ----a-w- c:\windows\system32\drivers\Dot4scan.sys
2009-10-26 08:53 . 2001-08-17 12:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2009-10-26 08:53 . 2001-08-17 12:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2009-10-26 08:53 . 2008-04-13 23:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2009-10-26 08:53 . 2008-04-13 23:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-10-25 12:12 . 2009-11-20 03:36 -------- d-----w- c:\documents and settings\Grumpy007\Tracing
2009-10-25 12:05 . 2009-11-15 10:10 -------- d-----w- c:\program files\Windows Live
2009-10-25 11:58 . 2009-10-25 11:58 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-24 18:25 . 2009-11-15 10:36 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\skypePM
2009-10-24 18:25 . 2009-10-24 18:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-24 18:20 . 2009-11-19 09:54 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\Skype
2009-10-24 18:19 . 2009-11-19 09:54 -------- d-----r- c:\program files\Skype
2009-10-24 18:19 . 2009-11-19 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-23 19:09 . 2009-10-23 19:09 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Identities
2009-10-23 18:10 . 2009-11-19 14:39 12912 ----a-w- c:\documents and settings\Grumpy007\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 16:06 . 2009-11-19 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-23 16:06 . 2009-11-19 10:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-22 18:01 . 2009-10-22 18:01 -------- d-----w- c:\documents and settings\Muziekteksten\Engelse muziekteksten
2009-10-22 18:01 . 2009-11-20 04:33 -------- d-----w- c:\documents and settings\Muziekteksten
2009-10-21 15:16 . 2009-10-21 15:17 -------- d-----w- c:\program files\CCleaner
2009-10-21 15:11 . 2009-11-19 20:52 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\Spotify
2009-10-21 15:11 . 2009-10-22 17:12 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Spotify
2009-10-21 15:11 . 2009-10-21 15:11 -------- d-----w- c:\program files\Spotify
2009-10-21 14:53 . 2009-10-21 14:54 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-10-21 14:46 . 1999-03-23 07:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-21 14:46 . 2009-10-21 14:46 -------- d-----w- c:\documents and settings\Grumpy007\WINDOWS
2009-10-21 14:22 . 2009-10-21 14:22 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\Telefónica Móviles
2009-10-21 14:19 . 2008-04-13 22:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2009-10-21 14:19 . 2008-04-13 22:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-10-21 10:40 . 2009-10-21 10:40 0 ----a-w- c:\windows\nsreg.dat
2009-10-21 10:39 . 2009-10-21 10:39 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\Mozilla
2009-10-21 05:58 . 2009-10-21 05:58 -------- d-----w- c:\documents and settings\Grumpy007\Bluetooth Software
2009-10-21 05:45 . 2008-07-29 15:59 879832 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2009-10-21 05:43 . 2009-04-02 02:03 -------- d-----w- c:\documents and settings\Grumpy007\Application Data\InstallShield
2009-10-21 05:43 . 2009-04-02 01:58 -------- d-----w- c:\documents and settings\Grumpy007\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2009-10-21 05:43 . 2009-11-20 04:08 -------- d-----w- c:\documents and settings\Grumpy007
2009-10-21 05:43 . 2009-04-02 02:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 03:34 . 2009-10-20 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-19 10:02 . 2009-04-02 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Partner
2009-11-19 09:52 . 2009-04-02 02:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 17:21 . 2009-04-02 02:05 -------- d-----w- c:\program files\Google
2009-11-05 12:39 . 2009-04-02 01:59 -------- d-----w- c:\program files\Java
2009-10-25 15:07 . 2009-04-02 01:54 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-21 05:46 . 2009-04-02 02:01 -------- d-----w- c:\program files\Samsung
2009-10-21 05:44 . 2009-10-21 05:44 -------- d-----w- c:\program files\WIDCOMM
2009-10-21 05:44 . 2009-10-21 05:44 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_NC10_07CA.mrk
2009-10-20 15:38 . 2009-10-20 15:37 -------- d-----w- c:\program files\KaraFun
2009-10-20 15:37 . 2009-10-20 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Recisio
2009-10-20 15:35 . 2009-10-20 15:35 12464 ----a-w- c:\windows\system32\avgrsstx(2)(2).dll
2009-10-20 15:34 . 2009-10-20 15:34 -------- d-----w- c:\program files\AVG
2009-10-20 15:12 . 2009-04-02 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 05:37 . 2009-04-02 00:34 667136 ----a-w- c:\windows\system32\wininet(3)(2).dll
2009-09-25 05:37 . 2009-04-02 00:34 627712 ----a-w- c:\windows\system32\urlmon(3)(2).dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-04-02 36972]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Movistar\\Escritorio movistar\\EMMSN.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Grumpy007\\Application Data\\Mozilla\\Firefox\\Profiles\\bcak5sxr.default\\extensions\\piclens@coo liris.com\\libs\\LaunchCooliris.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [8/16/2007 9:19 AM 19200]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [4/2/2009 2:59 AM 4300]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/15/2008 4:01 AM 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [4/2/2009 3:03 AM 238464]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [11/19/2009 6:49 PM 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/19/2009 4:31 PM 38224]
S3 Partner Service;Partner Service;c:\documents and settings\All Users\Application Data\Partner\partner.exe [4/2/2009 3:05 AM 110576]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hln.be/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Grumpy007\Application Data\Mozilla\Firefox\Profiles\bcak5sxr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hln.be
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 05:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-20 05:35
ComboFix-quarantined-files.txt 2009-11-20 04:35

Pre-Run: 52,819,030,016 bytes free
Post-Run: 52,969,787,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BD3FF8091B39467B628B312914BF789A

muppy03 · 24-Nov-2009, 09:20 PM #7

4. Please update me on problems you are still having.

muppy03 · 24-Nov-2009, 09:44 PM #8

Do you know what this is?

c:\documents and settings\All Users\Application Data\Partner\partner.exe

If not let’s check it out.

Please go to Virus Total <http://www.virustotal.com/> or Jotti
and upload c:\documents and settings\All Users\Application Data\Partner\partner.exe for scanning.

For Virus Total
1. Please copy and paste c:\documents and settings\All Users\Application Data\Partner\partner.exe in the text box next to the Browse button.
2. Click on Send File.

For Jotti
1. Please copy and paste c:\documents and settings\All Users\Application Data\Partner\partner.exe in the text box next to the Browse button.
2. Click on Submit.

Please post back the results of the scan in your next post.

Please reply with:-

Jotti/virus total results
New HJT log
Update on symptoms

philspain · 25-Nov-2009, 12:12 AM #9

hello i can't post anymore because i used already 23 images they say

muppy03 · 25-Nov-2009, 03:24 AM **#10**

Quote:

Originally Posted by philspain

hello i can't post anymore because i used already 23 images they say

I am sorry I have no idea what you mean? what 23 images and who said?

philspain · 25-Nov-2009, 08:53 AM **#11**

Hello,
When i want to post the next logs you ask me for the site says that i already post 23 images an i can only post 20

Greetings,

Phil

muppy03 · 25-Nov-2009, 06:29 PM **#12**

Still unsure exactly what you mean since your are replying as it is. Copy and paste the logs do not try to load them as attachments.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!