Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer running slow :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer running slow :(

Unread postby TutMatt3 » September 18th, 2007, 7:39 pm

Been grounded for a while, i doubt its a slow harddisk again, but ill uninstall/reinstall that again
Here are my logs, using zonealarm as firewall/AV, just got comp access agian
TY






Logfile of HijackThis v1.99.1
Scan saved at 3:54:19 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




SmitFraudFix v2.225

Scan done at 15:37:19.62, Sun 09/16/2007
Run from C:\Documents and Settings\Matt\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a4029063-4fe3-422c-ac72-12905c09642a}"="clinker"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Matt\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 2Wire Gateway USB
DNS Server Search Order: 10.33.33.150

Description: 2Wire Gateway USB
DNS Server Search Order: 172.16.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D90064F3-B403-4C7A-99BB-F6EB26A1D71F}: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EAEBAD98-0228-4346-A229-FE154B5040FC}: DhcpNameServer=10.33.33.150
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=172.16.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 07-09-14.2 - "Matt" 2007-09-16 15:39:22.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.324 [GMT -5:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\DOCUME~1\Mark\APPLIC~1\macromedia\Flash Player\#SharedObjects\MVA64TFL\www.broadcaster.com
C:\DOCUME~1\Mark\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Mommy\Desktop\internet.lnk
D:\Autorun.inf
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-16 15:37 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-16 12:33 512 --a------ C:\ScanSectorLog.dat
2007-09-15 20:52 <DIR> d-------- C:\DOCUME~1\Mommy\APPLIC~1\WTablet
2007-09-14 13:52 <DIR> d-------- C:\DOCUME~1\Miky\APPLIC~1\WTablet
2007-09-14 08:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet
2007-09-14 01:09 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\WTablet
2007-09-14 00:25 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\WTablet
2007-09-14 00:24 11,440 --a------ C:\WINDOWS\system32\drivers\WacomVKHid.sys
2007-09-14 00:23 128,296 --a------ C:\WINDOWS\system32\Pen_Tablet.dll
2007-09-14 00:23 12,848 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-09-14 00:23 11,312 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-09-14 00:23 1,373,480 --a------ C:\WINDOWS\system32\Pen_Tablet.exe
2007-09-12 14:58 <DIR> d-------- C:\DOCUME~1\Miky\APPLIC~1\Orbit
2007-09-11 19:58 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-09-11 11:36 <DIR> d-------- C:\Program Files\QuickTime
2007-09-11 11:35 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-11 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-09 22:24 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\Orbit
2007-09-09 20:15 <DIR> d-------- C:\DOCUME~1\Mommy\APPLIC~1\Orbit
2007-09-09 16:21 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-09-09 16:21 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Orbit
2007-09-09 12:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-09 12:35 <DIR> d-------- C:\Program Files\Real
2007-09-08 14:29 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\IDM
2007-09-08 14:29 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\DMCache
2007-09-08 14:28 <DIR> d-------- C:\Program Files\Internet Download Manager
2007-09-08 14:09 <DIR> d-------- C:\Downloads
2007-08-30 00:00 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\DivX
2007-08-26 17:36 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\Pegasys Inc
2007-08-26 12:54 <DIR> d-------- C:\Program Files\Total Video Converter
2007-08-26 08:18 <DIR> d-------- C:\DOCUME~1\Mark\APPLIC~1\MailFrontier
2007-08-26 00:00 <DIR> d-------- C:\DOCUME~1\Matt\APPLIC~1\MailFrontier
2007-08-25 23:57 964,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-25 23:57 12,682,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-25 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 15:35 91484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-16 15:35 170924 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-16 08:43 --------- d-------- C:\Program Files\LogMeIn
2007-09-15 00:09 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\LimeWire
2007-09-14 00:24 --------- d-------- C:\Program Files\Tablet
2007-09-12 15:15 --------- d-------- C:\DOCUME~1\Mark\APPLIC~1\LimeWire
2007-09-12 14:58 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\Real
2007-09-11 11:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-09 12:36 --------- d-------- C:\Program Files\Common Files\Real
2007-09-07 10:55 181544 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-09-05 12:03 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 12:03 --------- d-------- C:\Program Files\Medion Home Cinema XL II
2007-09-05 12:03 --------- d-------- C:\Program Files\CyberLink
2007-09-05 12:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-02 20:23 --------- dr-h----- C:\DOCUME~1\Mommy\APPLIC~1\yahoo!
2007-08-26 17:23 --------- d-------- C:\Program Files\DivX
2007-08-25 22:58 --------- d-------- C:\Program Files\Symantec
2007-08-25 22:58 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-25 22:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-25 22:55 --------- d-------- C:\Program Files\FlashFXP
2007-08-25 22:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-25 22:43 --------- d-------- C:\Program Files\Yahoo!
2007-08-25 07:11 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\BitTorrent
2007-08-22 02:10 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\LimeWire
2007-08-21 19:48 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\Real
2007-08-19 13:39 --------- dr-h----- C:\DOCUME~1\Matt\APPLIC~1\yahoo!
2007-08-15 01:06 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-14 22:10 --------- d-------- C:\Program Files\Lavasoft
2007-08-14 22:09 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-14 16:24 --------- d-------- C:\Program Files\Steam
2007-08-14 15:05 --------- d-------- C:\Program Files\MSN Messenger
2007-08-13 01:06 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-12 00:12 --------- d-------- C:\Program Files\Warcraft III
2007-08-09 15:35 --------- d-------- C:\Program Files\StealthBot Clan Hi2u
2007-08-07 21:59 --------- d-------- C:\Program Files\StealthBot
2007-08-01 15:23 --------- d-------- C:\Program Files\Alien Skin
2007-08-01 11:36 --------- d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-01 00:25 --------- d-------- C:\Program Files\Remote Desktop Control
2007-07-31 22:40 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-31 16:28 --------- d-------- C:\Program Files\Common Files\Logitech
2007-07-31 16:26 --------- d-------- C:\Program Files\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 18:37 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\MSN6
2007-07-28 17:17 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Apple Computer
2007-07-28 00:27 --------- d-------- C:\DOCUME~1\Mark\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-27 22:31 --------- d-------- C:\DOCUME~1\Mommy\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-27 11:27 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\WinRAR
2007-07-26 20:04 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Symantec
2007-07-26 16:20 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\LogMeIn Rescue
2007-07-26 14:09 --------- d-------- C:\DOCUME~1\Matt\APPLIC~1\Real
2007-07-25 22:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-25 21:53 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-25 21:53 43528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-25 21:53 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-25 21:53 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-25 21:53 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-25 21:53 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-25 21:53 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-25 21:53 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-25 21:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-25 21:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-25 21:50 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-25 21:50 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-25 21:50 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-25 21:50 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-25 21:50 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-25 21:50 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-25 21:50 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-25 21:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-25 21:49 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 07:14 --------- d-------- C:\DOCUME~1\Miky\APPLIC~1\MEGAUPLOADTOOLBAR
2007-07-23 11:40 --------- d-------- C:\Program Files\Final Fantasy VII
2007-07-22 22:32 --------- d-------- C:\Program Files\Square Soft, Inc
2007-07-22 11:54 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-07-21 23:38 --------- d-------- C:\Program Files\OO Software
2007-07-21 16:06 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
2007-07-21 00:09 --------- d-------- C:\Program Files\Realtek AC97
2007-07-21 00:07 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-20 22:01 --------- d-------- C:\Program Files\AVIcodec
2007-07-17 01:08 --------- d-------- C:\Program Files\VstPlugIns
2007-07-17 01:07 --------- d-------- C:\Program Files\IK Multimedia
2007-07-17 01:07 --------- d-------- C:\Program Files\Common Files\DigiDesign
2007-07-16 21:50 --------- d-------- C:\Program Files\PCPitstop
2007-07-16 15:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-16 15:24 --------- d-------- C:\Program Files\Bonjour
2007-07-03 23:57 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 19:27 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-19 19:26 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-06-19 19:26 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-06-19 19:26 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-09 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2007-09-09 16:21:17]

C:\DOCUME~1\Mark\STARTM~1\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-06-29 18:40:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^ctfmon.exe]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\ctfmon.exe
backup=C:\WINDOWS\pss\ctfmon.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Disk MD Registration Reminder]
C:\Program Files\PCPitstop\Disk MD\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusProtectPro 3.6]
"C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=2 (0x2)
"aawservice"=2 (0x2)

R3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
S2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
S3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34460279-1d49-11dc-bc00-000d720f2fda}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- L:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4614b526-28e5-11dc-a0f7-000d720f2fda}]
AutoRun\command- L:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 15:40:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-16 15:40:57
C:\ComboFix-quarantined-files.txt ... 2007-09-16 15:40
.
--- E O F ---
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm
Advertisement
Register to Remove

Unread postby TutMatt3 » September 20th, 2007, 7:46 pm

any1??
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » September 30th, 2007, 7:21 am

Sorry there has been a delay in our response.
When you answer your own post, it removes it from the "Unanswered" group where helpers look to provide replies.

If you still need help, please post a fresh HiJackThis log and describe what kinds of symptoms you are having.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby TutMatt3 » October 2nd, 2007, 5:07 pm

Sorry about that, i didnt know
Ummm, so my start up is slower than normal and my computer is running a little slower than normal, would just be awesome to have it back to normal
Find anything in the log, i didnt really see anything myself, but im not a pro like you :)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:17 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5612 bytes
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » October 2nd, 2007, 6:08 pm

Hi tutmatt3,
-----------------------------------------------------------
Peer to Peer File Sharing
Please note that as long as you're using any form of Peer-to-Peer networking (Orbitdownloader, Azureus, Morpheus, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

When you use Peer-to-peer (P2P) programs, you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. It's hardly surprising that many of the available downloads are being used by malware purveyors as a delivery method for their infections. Further, if your P2P program is not configured correctly you may be sharing more files than you realize. See here : http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Even if you have one of the SAFE P2P programs, the practice of file-sharing is very UNSAFE for the health of your PC.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of major PC infections.
Better ask yourself if you and your system CD are REALLY ready to reformat your Hard Drive and Re-install Windows.
Some malware help forums are now refusing to help those who show up with infections from P2P usage.

I think you should stop using and Uninstall OrbitDownloader , but it's your decision.
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the files shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.
C:\Windows\System32\ninjaext.dll
C:\Windows\System32\gzmrotate.dll
In case a file is shown without the location, use Find (F3) or Start, Search, enter the filename, and Delete the file, if present.

If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby TutMatt3 » October 3rd, 2007, 12:46 am

I wasnt able to delete those 2 files at first since they were in use, so i restarted and got em deleted
But its still a little slow on startup and cant run as many programs at once as be4 :(
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:21 PM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.medion.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5009 bytes
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » October 3rd, 2007, 6:53 am

Tutmatt3,
--------------------------------------------------------
Go to My Computer, right click the C: drive and choose Properties.
Please record what it reports for Used space and Free space on the drive and report that back in your next post.
---------------------------------------------------------------
Go to Start, My Computer
Right-click on the hard-drive letter for the system, (usually C: )
Click Properties
Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
If it asks whether to apply to all files and folders, answer Yes.
You may have to wait while it resets the file attributes.
-----------------------------------------------------------
Download Codestuff Starter and Get Startups from here : http://members.lycos.co.uk/codestuff/
Click on Starter at top of page, download and install it.
Doubleclick the Starter Icon to launch.
When program opens, click the Startups tab at the top, (Not Processes).
Click on AllSections at the top of the tree on the left.
Choose File, Save as Text and save to your desktop as Starts.txt,
Open the file with Notepad and Post the contents in your next reply.

Please post the info on Disk Used and Free space, and the contents of Starts.txt
Please do not use the Downloader for anything while we are working on your machine.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby TutMatt3 » October 5th, 2007, 12:36 am

I did this test to hopefully give you a lot of information about my computer, its wierd it had a cpu load of 98% it said during the test but all i had running was WMP, AIM, MSN, which shouldnt be over a couple % total :(

http://www.pcpitstop.com/techexpress.as ... ABM1VS41FV

Any opinions?
Umm, ill do the next 2 steps when i come back in about 10 minutes, need to go pick up my puppy :]
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby TutMatt3 » October 5th, 2007, 12:38 am

Ok so i cant find the edit button but...
The middle task is already done, and the last task the link does not work, but i think the pcpitstop test shows the startup items i belive
So ya, thanks agian, cant wait to hear from you agian
Appriciate it
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby TutMatt3 » October 5th, 2007, 1:23 am

Once again sorry for replying and not finding the edit button but i found the program on the web and here is the list


Name,Value,Section,Enabled,Description,Company
"Aim6",""C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp","Registry - User Run","1","",""
"msnmsgr",""C:\Program Files\MSN Messenger\msnmsgr.exe" /background","Registry - User Run","1","Messenger","Microsoft Corporation"
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » October 5th, 2007, 7:01 am

Tutmatt,
-----------------------------------------------------------
Review Security Center Settings
From Start, Settings, Control Panel or Start, Control Panel, click Security Center
In your next reply, tell me what it says about AntiVirus, Firewall and .Automatic Updates.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------
Got to Start, Run and type cmd and hit <Enter>
When the command window comes up, type :
chkdsk c:
hit <Enter> again.
Maximize the command window, and wait for the scan to finish.
Read the results to see if it says that it found problems with your file system.
------------------------------------------------------------------------
IF it has found any problems with your file system,
Go To Start, Run and type cmd
hit <Enter>
Type this into the command window at the prompt:
chkdsk c: /F <==notice the /F, with one space between c: and /F
hit <Enter>
You will get a message that the volume is locked, and a request to do the repair on Reboot.
Answer Y
Then type exit to close the Command window.
Go to Start, Turn Off Computer and choose Reboot
It will scan again and make the repairs as the first part of the reboot process.

After it reboots, run the first sequence again (without the /F parameter), and see if it still shows an error.
Tell me what it found originally, and if there was a problem, whether the final sequence showed no errors.

So what I'm looking for is the info from Security Center, The contents of install.txt, and the results from the chkdsk scans.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby TutMatt3 » October 5th, 2007, 5:57 pm

Image

Image

Still has the error

Security settings as of now:
Firewall Off
Automatic Updates On
Virus protector Not found

and installed list


2Wire Wireless Client
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AT&T Yahoo! Applications
AutoUpdate
AVI To VCD SVCD DVD MPEG Converter Pro 4.1
Avi2Dvd 0.4.5 beta
AVIcodec (remove only)
AviSynth 2.5
BitTorrent 5.0.7
Canon PIXMA iP3000
CCleaner (remove only)
ConvertXtoDVD 2.2.3.258
Counter-Strike
Counter-Strike: Source
DivX Author 1.5
DivxToDVD 1.99.11
DVDFab HD Decrypter 3.1.8.0
Easy Avi/Divx/Xvid to DVD Burner 2.4.3
FastCodec 1.0 beta
Finale NotePad 2007
FlashFXP v3
GG E-Sports Platform
HijackThis 2.0.2
Informations about your PC
Java(TM) SE Runtime Environment 6 Update 1
LG USB Drivers
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
LogMeIn
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.5.74
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mozilla Firefox (2.0.0.7)
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
Nero - Burning Rom
NVIDIA Windows 2000/XP Display Drivers
Orbit
PC Pitstop Optimize 1.5
PDF Settings
Pen Tablet
PowerProducer
QuickLink Mobile Phonebook
Realtek AC'97 Audio
SampleTank 2.2.2
SBC Yahoo! DSL Home Networking Installer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
Steam
Warcraft III: All Products
WebFldrs XP
Windows Backup Utility
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinRAR archiver
WinZip 11.1
Xteq-dotec X-Setup Pro 6.6.300.Final1
Yahoo! Toolbar
Zune
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » October 5th, 2007, 7:13 pm

If the Hard drive showed errors, and then STILL showed errors after using chkdsk /F, then you are experiencing bad sectors on the Hard Drive, and may be losing it permanently.

The problems created by the defective file system will not stop.

You should move as soon as possible to retrieve your critical files from the hard drive, and plan on replacing it as soon as possible.

It won't do any good to continue looking for maleare here.
I'll be here if you need help.

When you install a new hard drive, make sure an ANTIVIRUS is installed first thing, or the infections may overwhelm you..
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby TutMatt3 » October 6th, 2007, 12:30 am

Hrm the error still came , but the computer runs a little smoother and now starts up way faster
I will plan on repairing that harddrive, and I thank you for your time, i really really appriciate it!!!!!
thanks!!!!!!!
TutMatt3
Regular Member
 
Posts: 22
Joined: January 14th, 2007, 10:40 pm

Unread postby askey127 » October 6th, 2007, 6:43 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware