PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page Slow PC Prpblems, advise needed please!!
[Fixed] Hijackthis! Logs - Slow PC Prpblems, advise needed please!! posted in the Spyware / AdWare forums; Whoops missed that part. i'll return later with the results!! Also I noticed the PC only has 512mb of RAM. Would increasing it to 1GB improve it dramatically? Thanks, ...

REGISTER NOW to remove these Ads

Reply
Page 2 of 2 < 1 2
 
LinkBack Thread Tools Display Modes Language
  #16  
Old 4 Weeks Ago
nikmondo's Avatar
Bronze Member
  
Posts: 12
PC Experience: Some Experience
nikmondo - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Whoops missed that part. i'll return later with the results!! Also I noticed the PC only has 512mb of RAM. Would increasing it to 1GB improve it dramatically?

Thanks,
Nikmondo
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #17  
Old 4 Weeks Ago
nikmondo's Avatar
Bronze Member
  
Posts: 12
PC Experience: Some Experience
nikmondo - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Originally Posted by Pancake View Post
And the Combofix ???.
And here's the results:


ComboFix 08-04-14.2 - Compaq_Owner 2008-04-14 18:55:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Owner\My Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\im ages\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConf ig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConf ig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.x ml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.x ml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.x ml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.x ml.backup
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.
2008-04-13 21:10 . 2008-04-13 21:10 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-04-13 21:08 . 2008-04-13 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-13 21:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:07 . 2008-04-13 21:07 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2008-04-13 21:03 . 2008-04-13 21:03 <DIR> d-------- C:\Program Files\CCleaner
2008-04-13 21:02 . 2008-04-13 21:02 2,751,368 --a------ C:\ccsetup206.exe
2008-04-13 20:09 . 2008-04-13 20:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:01 . 2008-04-13 20:44 <DIR> d-------- C:\SDFix
2008-04-13 20:00 . 2008-04-13 20:01 1,419,174 --a------ C:\SDFix.exe
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 15:29 . 2008-04-13 19:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-12 15:29 . 2008-04-12 15:29 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-04-12 15:29 . 2008-04-12 15:29 6,342,680 --a------ C:\SUPERAntiSpyware.exe
2008-04-12 15:24 . 2008-04-12 15:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 15:24 . 2008-04-12 15:24 812,344 --a------ C:\HJTInstall.exe
2008-04-04 15:33 . 2008-04-07 20:53 <DIR> d-------- C:\Program Files\STOPzilla!
2008-04-04 15:33 . 2008-04-04 15:33 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\STOPzilla!
2008-04-04 15:32 . 2003-12-28 21:51 <DIR> d-------- C:\Program Files\STOPzilla! v3.1.0.7 + Crack
2008-04-04 15:28 . 2008-04-04 15:29 6,078,295 --a------ C:\Program Files\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip
2008-04-04 15:25 . 2008-04-04 15:25 614 --a------ C:\[isoHunt]_STOPzilla__v3[1].1.0.7___Crack_(pop_up_blocker_and_the_code_works_ _.3581060.TPB_[mininova].torrent
2008-04-04 15:13 . 2008-04-12 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 15:09 . 2008-04-04 15:13 <DIR> d-------- C:\Program Files\Ad-Aware 2007 PROFESSIONAL EDITION 7.0.2.7(NEW- 04.04)
2008-04-04 15:07 . 2008-04-04 15:07 6,502 --a------ C:\Ad-Aware_2007_PROFESSIONAL_EDITION__7.0.2.7(NEW-_04.04)_[mininova].torrent
2008-04-04 15:01 . 2008-04-04 15:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 15:01 . 2008-04-04 15:01 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-01 13:23 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-01 13:23 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-01 13:22 . 2008-04-01 13:22 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook
2008-03-27 21:51 . 2008-03-27 21:51 108,918 --a------ C:\ff.bmp
2008-03-27 21:37 . 2007-04-18 18:29 156,870,022 --a------ C:\2006Mod_Trackpack.tup
2008-03-27 21:21 . 2008-03-27 21:23 156,877,627 --a------ C:\2006 Trackpack (2006Mod).rar
2008-03-27 21:11 . 2007-04-24 01:40 153,346,300 --a------ C:\2006.cuh
2008-03-27 21:03 . 2008-03-27 21:04 153,353,892 --a------ C:\2006 Mod (GP4Italia and Tony).rar
2008-03-27 20:06 . 2008-03-27 21:37 <DIR> d-------- C:\Program Files\ZaZ Gp4 tools
2008-03-27 20:06 . 2008-03-27 20:06 <DIR> d-------- C:\GP4_patch v9.6
2008-03-27 20:06 . 2007-11-26 00:26 4,353,350 --a------ C:\ZAZ TOOLS.exe
2008-03-27 20:05 . 2008-03-27 20:05 5,228,785 --a------ C:\GP4_patch.rar
2008-03-27 20:05 . 2008-03-27 20:05 4,317,327 --a------ C:\ZAZ TOOLS PUBLIC RC.zip
2008-03-25 13:12 . 2008-04-08 14:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 13:12 . 2008-03-25 13:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 14:31 . 2006-04-15 00:05 9,952 --a------ C:\regxpcom.exe
2008-03-23 14:30 . 2008-03-23 14:31 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-23 14:30 . 2008-03-23 14:31 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-15 18:53 . 2008-03-15 22:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-15 16:36 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 20:57 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-04-13 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\extra dupe shim 16
2008-04-13 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 14:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-04-04 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 13:52 --------- d-----w C:\Program Files\LimeWire
2008-04-04 13:33 --------- d-----w C:\Program Files\CleanMyPC Popup Blocker
2008-04-04 12:24 --------- d-----w C:\Program Files\SOFT LimeWire ProfessionalEdition v4.17.11
2008-04-01 12:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-22 14:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 13:06 --------- d-----w C:\Program Files\Norton 360
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 21:50 --------- d-----w C:\Program Files\Windows Live
2008-03-15 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 15:36 --------- d-----w C:\Program Files\Java
2008-03-09 23:31 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-09 23:31 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-09 23:31 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-09 23:31 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-09 23:31 --------- d-----w C:\Program Files\Symantec
2008-03-09 20:28 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2008-03-07 21:11 --------- d---a-w C:\Program Files\Grand Prix Manager 2
2008-03-07 21:10 --------- d-----w C:\Program Files\uTorrent
2008-03-07 21:10 --------- d-----w C:\Program Files\RegCure+patch
2008-03-07 21:10 --------- d-----w C:\Program Files\RegCure
2008-03-07 21:07 --------- d-----w C:\Program Files\SmartPopupBlocker
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-07 21:06 --------- d-----w C:\Program Files\Lavasoft
2008-03-07 20:48 --------- d-----w C:\Program Files\Norton.360[jakemetcalfe22] iso
2008-03-07 15:17 --------- d-----w C:\Program Files\Norton Ghost 14.0 + Recovery Disk
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-09 11:07 1,559,360 ----a-w C:\ytb_7.1.0.0d_1.4.1_pub_us_setup_.exe
2008-02-09 10:50 21,364,592 ----a-w C:\aaw2007.exe
2007-02-10 14:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-26 17:32 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-10-08 21:06 262 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-28 15:07 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-28 15:07 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-28 15:07 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49 4670968]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 18:29 249856]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Shim 16 New Tool"="C:\Documents and Settings\All Users\Application Data\extra dupe shim 16\grid peak.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 02:34 5419008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-13 23:39 262401 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Heck Okay]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsMa nager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-30 02:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #18  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,622
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Shim 16 New Tool] C:\Documents and Settings\All Users\Application Data\extra dupe shim 16\grid peak.exe
O4 - HKLM\..\Run: [Windows LoL Layer] iktinhnd.exe
O4 - HKLM\..\RunServices: [Windows LoL Layer] iktinhnd.exe
O4 - HKCU\..\Run: [Windows LoL Layer] iktinhnd.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
Reboot.......
====================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\Program Files\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip
C:\[isoHunt]_STOPzilla__v3[1].1.0.7___Crack_(pop_up_blocker_and_the_code_works_ _.3581060.TPB_[mininova].torrent
Folder::
C:\Program Files\STOPzilla! v3.1.0.7 + Crack
C:\Documents and Settings\All Users\Application Data\extra dupe shim 16
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Shim 16 New Tool"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your compter*

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #19  
Old 4 Weeks Ago
nikmondo's Avatar
Bronze Member
  
Posts: 12
PC Experience: Some Experience
nikmondo - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Right here are some more results from SFScript, also I only found 2 files the same on your hijack this list above pancake??

Here's the results:

ComboFix 08-04-15.8 - Compaq_Owner 2008-04-15 20:04:58.2 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\[isoHunt]_STOPzilla__v3[1].1.0.7___Crack_(pop_up_blocker_and_the_code_works_ _.3581060.TPB_[mininova].torrent
C:\Program Files\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\extra dupe shim 16
C:\Program Files\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip
C:\Program Files\STOPzilla! v3.1.0.7 + Crack
C:\Program Files\STOPzilla! v3.1.0.7 + Crack\activator.exe
C:\Program Files\STOPzilla! v3.1.0.7 + Crack\harvest.nfo
C:\Program Files\STOPzilla! v3.1.0.7 + Crack\STOPzilla_Setup.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-13 21:10 . 2008-04-13 21:10 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-04-13 21:08 . 2008-04-13 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-13 21:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-13 21:07 . 2008-04-13 21:07 12,413,440 --a------ C:\avgas-setup-7.5.1.43.exe
2008-04-13 21:03 . 2008-04-13 21:03 <DIR> d-------- C:\Program Files\CCleaner
2008-04-13 21:02 . 2008-04-13 21:02 2,751,368 --a------ C:\ccsetup206.exe
2008-04-13 20:09 . 2008-04-13 20:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-13 20:01 . 2008-04-13 20:44 <DIR> d-------- C:\SDFix
2008-04-13 20:00 . 2008-04-13 20:01 1,419,174 --a------ C:\SDFix.exe
2008-04-12 15:30 . 2008-04-12 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 15:29 . 2008-04-13 19:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-12 15:29 . 2008-04-12 15:29 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2008-04-12 15:29 . 2008-04-12 15:29 6,342,680 --a------ C:\SUPERAntiSpyware.exe
2008-04-12 15:24 . 2008-04-12 15:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 15:24 . 2008-04-12 15:24 812,344 --a------ C:\HJTInstall.exe
2008-04-04 15:33 . 2008-04-07 20:53 <DIR> d-------- C:\Program Files\STOPzilla!
2008-04-04 15:33 . 2008-04-04 15:33 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\STOPzilla!
2008-04-04 15:25 . 2008-04-04 15:25 614 --a------ C:\[isoHunt]_STOPzilla__v3[1].1.0.7___Crack_(pop_up_blocker_and_the_code_works_ _.3581060.TPB_[mininova].torrent
2008-04-04 15:13 . 2008-04-12 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 15:09 . 2008-04-04 15:13 <DIR> d-------- C:\Program Files\Ad-Aware 2007 PROFESSIONAL EDITION 7.0.2.7(NEW- 04.04)
2008-04-04 15:07 . 2008-04-04 15:07 6,502 --a------ C:\Ad-Aware_2007_PROFESSIONAL_EDITION__7.0.2.7(NEW-_04.04)_[mininova].torrent
2008-04-04 15:01 . 2008-04-04 15:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 15:01 . 2008-04-04 15:01 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-01 13:23 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-01 13:23 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-01 13:22 . 2008-04-01 13:22 <DIR> d-------- C:\Program Files\Windows Mobile Device Handbook
2008-03-27 21:51 . 2008-03-27 21:51 108,918 --a------ C:\ff.bmp
2008-03-27 21:37 . 2007-04-18 18:29 156,870,022 --a------ C:\2006Mod_Trackpack.tup
2008-03-27 21:21 . 2008-03-27 21:23 156,877,627 --a------ C:\2006 Trackpack (2006Mod).rar
2008-03-27 21:11 . 2007-04-24 01:40 153,346,300 --a------ C:\2006.cuh
2008-03-27 21:03 . 2008-03-27 21:04 153,353,892 --a------ C:\2006 Mod (GP4Italia and Tony).rar
2008-03-27 20:06 . 2008-03-27 21:37 <DIR> d-------- C:\Program Files\ZaZ Gp4 tools
2008-03-27 20:06 . 2008-03-27 20:06 <DIR> d-------- C:\GP4_patch v9.6
2008-03-27 20:06 . 2007-11-26 00:26 4,353,350 --a------ C:\ZAZ TOOLS.exe
2008-03-27 20:05 . 2008-03-27 20:05 5,228,785 --a------ C:\GP4_patch.rar
2008-03-27 20:05 . 2008-03-27 20:05 4,317,327 --a------ C:\ZAZ TOOLS PUBLIC RC.zip
2008-03-25 13:12 . 2008-04-08 14:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 13:12 . 2008-03-25 13:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-23 14:31 . 2006-04-15 00:05 9,952 --a------ C:\regxpcom.exe
2008-03-23 14:30 . 2008-03-23 14:31 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-23 14:30 . 2008-03-23 14:31 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-03-15 18:53 . 2008-03-15 22:49 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-15 16:36 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-13 20:57 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-04-13 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 14:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-04-04 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 13:52 --------- d-----w C:\Program Files\LimeWire
2008-04-04 13:33 --------- d-----w C:\Program Files\CleanMyPC Popup Blocker
2008-04-04 12:24 --------- d-----w C:\Program Files\SOFT LimeWire ProfessionalEdition v4.17.11
2008-04-01 12:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-25 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-22 14:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-19 13:06 --------- d-----w C:\Program Files\Norton 360
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 21:50 --------- d-----w C:\Program Files\Windows Live
2008-03-15 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-15 15:36 --------- d-----w C:\Program Files\Java
2008-03-09 23:31 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-09 23:31 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-09 23:31 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-09 23:31 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-09 23:31 --------- d-----w C:\Program Files\Symantec
2008-03-09 20:28 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2008-03-07 21:11 --------- d---a-w C:\Program Files\Grand Prix Manager 2
2008-03-07 21:10 --------- d-----w C:\Program Files\uTorrent
2008-03-07 21:10 --------- d-----w C:\Program Files\RegCure+patch
2008-03-07 21:10 --------- d-----w C:\Program Files\RegCure
2008-03-07 21:07 --------- d-----w C:\Program Files\SmartPopupBlocker
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-03-07 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-07 21:06 --------- d-----w C:\Program Files\Lavasoft
2008-03-07 20:48 --------- d-----w C:\Program Files\Norton.360[jakemetcalfe22] iso
2008-03-07 15:17 --------- d-----w C:\Program Files\Norton Ghost 14.0 + Recovery Disk
2008-03-06 21:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 21:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 21:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-09 11:07 1,559,360 ----a-w C:\ytb_7.1.0.0d_1.4.1_pub_us_setup_.exe
2008-02-09 10:50 21,364,592 ----a-w C:\aaw2007.exe
2007-02-10 14:43 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-26 17:32 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-10-08 21:06 262 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_19.05.02.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 09:11:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 19:10:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-28 15:07 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2007-12-28 15:07 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-28 15:07 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49 4670968]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 18:29 249856]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-30 02:34 5419008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-10-12 03:03 439568]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-13 23:39 262401 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Heck Okay]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsMa nager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-30 02:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 19:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Infogrames\\Grand Prix 4\\GP4.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 19:00:00 C:\WINDOWS\Tasks\A3C1BCAB918A36C3.job"
- c:\docume~1\compaq~1\applic~1\axiskeep\Noun Body Flag.exe
"2008-04-03 11:22:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 19:10:40 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-07 14:00:04 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 20:11:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 5
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\ CLMLServer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
************************************************** ************************
.
Completion time: 2008-04-15 20:30:05 - machine was rebooted [Compaq_Owner]
ComboFix-quarantined-files.txt 2008-04-15 19:29:56
ComboFix2.txt 2008-04-14 18:06:39
Pre-Run: 50,405,158,912 bytes free
Post-Run: 50,631,798,784 bytes free
.
2008-04-08 14:21:26 --- E O F ---

Many thanks,
Nik
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #20  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,622
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
I dont see much more to remove.How is it running now.?

Comments on this post
nikmondo agrees: The guy knows his stuff, many thanks!
__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #21  
Old 3 Weeks Ago
nikmondo's Avatar
Bronze Member
  
Posts: 12
PC Experience: Some Experience
nikmondo - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Yes much better now guys.

Many thanks for all your advise.

All the best.
Nik
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #22  
Old 3 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,622
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Slow PC Prpblems, advise needed please!!
Ok.You should be fine now...

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u
Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.
Download and scan with CCleaner from CCleaner - Download
1. Starting with v1.27.260, CCleaner - Download installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
__________________

=========================================
Is your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version if required.
Before installing go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then install the newest version.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u5 (Download Java software from Sun Microsystems).

==============================================
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (Microsoft Windows Update) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


================================================== ======
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (What is ActiveX control? - A Word Definition From the Webopedia Computer Dictionary)
You can download SpywareBlaster here here (MajorGeeks.Com - Contacting Download Site)
SpywareBlaster tutorial (Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware)
Download iespyad
It puts many bad webpages on your restricted zones list. This means that you can still view the bad webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
Download it here (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe)
Hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (Blocking Unwanted Parasites with a Hosts File). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (The Hosts File and what it can do for you)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok

Keep Anti Virus Software updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. See here (Freeware downloads Security-Privacy - Anti-Virus Tools at SnapFiles.com) to choose one.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked a